Articles about Email

DuckDuckGo is best known as a privacy-first search engine, but the company also offers other privacy tools, and for the past year it has been testing out an email forwarding servicing.

If you wanted to try this feature out previously, you will have had to join a waitlist, but today the company announces that the beta is open for everyone. I’ve been using the service since day one, and I can definitely recommend it.

Continue reading →

After a tailing off during the pandemic, phishing is back, with more attacks spotted in the second quarter of this year than for the whole of 2021.

The latest phishing and malware report from Vade also shows that malware emails decreased 48 percent month-on-month -- down from 32.9 million in March to 17 million in April -- but rebounded 31 percent May, with 22.4 million malware-weaponized emails detected. June saw even higher malware volumes (28.9 million), a 29 percent increase from the previous month.

Continue reading →

New research from Accenture shows that data stolen in ransomware and other cyberattacks is being weaponized in order to carry out business email compromise (BEC) attacks.

Underground forums have sets of credentials for sale for as little as $10 that provide access to genuine corporate email accounts, making malicious emails seem genuine.

Continue reading →

Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods.

A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.

Continue reading →

With more people working remotely, messaging and email have become even more essential tools, but the sharing of sensitive data via these routes also presents risks.

Concentric AI is using this week's Black Hat USA to launch an AI-based solution that protects sensitive data shared as text or attachments across today’s most popular business messaging platforms, including email, Slack, and Microsoft Teams.

Continue reading →

Email security continues to be a top concern of organizations, with 94 percent of all cyber attacks being delivered through email. As the most frequently used communication channel across all industries -- no wonder threat actors love exploiting it!

The conventional approach to email security is failing. Our latest research found that an average of 75 malicious messages per 100 mailboxes slip past traditional email security filters every month. Consequently, organizations put employees through countless hours of security training with hopes they spot and report these threats to security operations centers. The so-called Human Firewall.

Continue reading →

New research released today from Cyren shows that business email perimeter defenses are often incapable of preventing well-crafted email attacks.

During an average month, there are 75 malicious messages per 100 mailboxes that slip past email security filters like Microsoft 365 Defender. This means that an enterprise with 5,000 mailboxes would need to detect and respond to 3,750 confirmed malicious inbox threats each month.

Continue reading →

Business email compromise attacks are up 53 percent over the last year and are increasingly trying to look more like legitimate emails in their use of language.

A new report from Armorblox shows 74 percent of BEC attacks are using language as the main attack vector.

Continue reading →

Three out of five organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months, according to a new study.

Research from email security company Tessian and the Ponemon Institute shows 65 percent of over 600 IT security practitioners surveyed see email as the riskiest channel, followed by 62 percent for cloud file sharing and 57 percent for instant messaging.

Continue reading →

A new study commissioned by email security company Cyren from Osterman Research seeks to understand how businesses using Microsoft 365 for email are being impacted by email-borne security threats, such as phishing, business email compromise (BEC), and ransomware attacks.

It shows security team managers are most concerned that current email security solutions do not block serious inbound threats -- particularly ransomware. Fewer than half of organizations surveyed rank their currently deployed email security solutions as effective.

Continue reading →

Most of us don't think too much about the 'From' address field on our emails, it's filled in by your mail program or web service. At the recipient's end security tools can check this against the sending server to verify that the mail is legitimate.

But hold on a second, an SMTP relay server between the server and the inbox allows messages through even though the addresses don't match. This is how organizations send out mass mailings without them getting blocked.

Continue reading →

Phishing emails that mention holidays are most likely to entice employees to click, according to security awareness training company KnowBe4.

The Q1 2022 top-clicked phishing report finds successful subjects globally include: 'HR: Change in Holiday Schedule', 'St. Patrick's Day: Employee Behavior/Company Policies', and 'Starbucks: Happy Holidays! Have a drink on us'.

Continue reading →

Credential phishing continues to be the top threat facing organizations, increasing 10 percentage points since 2020, accounting for 67 percent of all phishing emails now observed.

The latest Annual State of Phishing Report from Cofense also reveals that 52 percent of all credential phishing attempts observed by the Cofense Phishing Defense Center (PDC) were branded as Microsoft.

Continue reading →

We all make mistakes from time to time, but a cybersecurity error could cost you your job according to a new report.

The study from email security company Tessian finds almost one in four respondents (21 percent) lost their job as a result of a security mistake that compromised their company’s security -- up from 12 percent in 2020.

Continue reading →

New research by Trustwave SpiderLabs has uncovered a phishing attack that is able to adapt itself to the user's email service in order to trick them into revealing their login credentials.

The attack acts like a chameleon, putting up a fake login page tailored for whatever email service the victim is using. So Gmail users for example will see a different page from Apple, Outlook or Yahoo! Mail users.

Continue reading →