Articles about Email

A new report from managed security platform Huntress shows that 64 percent of identity-focused incidents at SMBs in the third quarter of 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC).

Another 24 percent of identity-focused incidents involved logons from unusual or suspicious locations. Now favored as an intrusion vector, identity-based attacks are on the rise with threat actors targeting cloud services to steal identifying information or break into business emails.

Continue reading →

In this new era of generative artificial intelligence, one of the biggest security risks involves business email compromise attacks. Countless malicious phishing emails are already being cloned, refined, and delivered by smart AI bots around the world.

A business email compromise (BEC) is a sophisticated cybercrime that uses emails to trick the receiver into giving up funds, credentials, or proprietary information through social engineering and computer intrusion techniques. Many BEC attacks combine multi-channel elements to make the frauds seem more convincing, such as incorporating fake text messages, web links, or call center numbers into the mix with email payloads. For example, the attackers might spoof a legitimate business phone number to confirm fraudulent banking details with a victim.

Continue reading →

In the third quarter of this year, phishing attacks soared by 173 percent compared with the previous three months, and malware was up 110 percent over the same period.

Email security company Vade has released its quarterly Phishing and Malware Report which shows Q3 2023's malware volumes almost set a record for the highest total of any quarter, trailing only Q4 2016's mark of 126.8 million.

Continue reading →

Google has decided to bring emoji reactions to Gmail, giving users the chance to respond to email with little more than a tap. Can't be bothered to type a proper reply? Just send a smile instead. It's an idea that has worked well on social platforms, so Google appears to believe it's something that will work with email too.

For anyone happy to send a quick and impersonal response in this way, the arrival of emoji reactions is great news. But for anyone who is not a Gmail user it is likely to be a serious source of irritation.

Continue reading →

Almost every organization freely admits that people are the biggest risk to their security and are most vulnerable when using email. While the 'outbound' risk of an employee accidentally or intentionally leaking data is very clearly categorized as an insider risk, even a phishing attack that originates from outside the organization requires an insider to, essentially, open the door.

And it’s a valuable vulnerability for threat actors to be aware of; the FBI reported that Business Email Compromise (BEC) scams accounted for $50 billion in losses between June 2016 to December 2022.

Continue reading →

New research shows that if an attacker has compromised an email account they can use inbox rules to hide in plain sight while they quietly move information out of your network via your inbox and hide security warnings.

The report from Barracuda reveals techniques including setting a rule to forward to an external address all emails containing sensitive and potentially lucrative key words such as 'payment' or 'confidential' to steal information or money.

Continue reading →

Emails from supposedly wronged and robbed Nigerian nobility asking for help in exchange for a payout of millions were one of the very earliest email scams.

For a while 'Nigerian prince' emails, also known as '419 scams' in reference to part of the Nigerian Criminal Code relating to fraud, were a regular feature in most people's inboxes.

Continue reading →

As students at schools and colleges in the UK begin to return after the summer break, new research shows that 96 percent of the top 50 state secondary schools, 92 percent of the top 50 sixth-form colleges and 80 percent of the top 50 universities in the UK are lagging behind on basic cybersecurity measures, leaving students, staff and partners at risk of email-based impersonation attacks.

The research from cybersecurity company Proofpoint is based on an analysis of DMARC adoption and reveals that 70 percent of UK schools are currently taking no steps to protect themselves from domain impersonation by having no published DMARC record.

Continue reading →

Ever keen to jump aboard a passing bandwagon, scammers are looking to make a quick buck by exploiting eager vacationers trying to save money when booking travel deals.

But new research from Bitdefender Antispam Lab finds that only 38 percent of analyzed travel-themed spam emails received during a three-month analysis were marketing lures, with the remaining 62 percent marked as scams.

Continue reading →

With few people having just one email address nowadays, the problem of searching for email across two or more accounts is one that affects many users. Just last month, Microsoft announced an upcoming feature for its Outlook email client -- the ability to search across multiple email accounts simultaneously.

Now the company has had a change of heart, updating its plans to indicate that the handy option is now "postponed indefinitely".

Continue reading →

In our modern hyperconnected world, we are constantly sending emails, instant messages, SMS messages, chats on social media, and much more to send information professional and personal. As each aspect of our lives continues to become digitized -- and as cybercrime gets ready to reach more than $10 trillion by 2025 -- it's becoming more important than ever to use encrypted messaging and secure communication tools to preserve our privacy.

Guarding your digital realm is thankfully more than viable with encrypted messaging and secure communication, in particular technologies such as end-to-end encryption, decentralized messaging platforms, and advanced privacy-enhancing features. To that end, let's talk about how these pioneering tools are playing a crucial role in protecting individuals, businesses, and journalists from cybercrimes.

Continue reading →

It’s finally here. Mozilla has unveiled Thunderbird 115.0, a major new release of its open-source, cross-platform email client. The first major release since Thunderbird 102 debuted in late June 2022, Thunderbird 115 is dominated by one major new feature: A brand new user interface named Supernova.

The new Supernova user interface sees Thunderbird move away from its traditional two-pane layout with the option of a three-paned 'Vertical' layout, with the contents of the currently selected email displayed in a separate right-hand pane rather than below the message list.

Continue reading →

Email attacks in the US grew by five times between June 2022 and May 2023. However, Europe saw total attacks increase seven-fold during the same period -- to an average of 2,842 attacks per 1,000 mailboxes in May.

Data released today by Abnormal Security shows that where business email compromise (BEC) attacks are concerned, the disparity is even greater.

Continue reading →

Many organizations around the world are opting to pay ransoms to cybercriminals in order to buy back ownership of their data. But this can leave them open to further risk of attack.

Gerasim Hovhannisyan, CEO and co-founder of EasyDMARC, believes it's wrong to pay up and that it's better to establish good defenses. We spoke to him to find out why.

Continue reading →

A new report shows a 121 percent increase in cybercriminals using legitimate websites to obfuscate malicious payloads.

The report from Egress, based on data from its Egress Defend cloud email security solution, shows YouTube, Amazon AWS, Google Docs, Firebase Storage, and DocuSign to be the top 10 most frequently used sites.

Continue reading →