CyberheistNews Vol 16 #12 [Keep An Eye Out] Why Unsecured Outlook Email Is Risky

[Keep An Eye Out] Why Unsecured Outlook Email Is Risky

Sending an unsecured email can be likened to writing sensitive information on a sticky note and leaving it on someone else's desk: anybody can intercept and share that information. Fortunately, there are ways to ensure your emails are safe from the prying eyes of hackers through encryption, meaning your message (no matter how sensitive) is seen only by the intended recipient.

An encrypted message is changed from plain text into ciphertext, which is unreadable and remains that way until it reaches its destination. That means that even the most determined hacker won't be able to gather sensitive information from the email. Once it arrives with the intended person(s), the encryption is removed, provided their identity has been confirmed.

Risks of Unsecured Email and Benefits of Encryption

Most of us are guilty of occasionally copying in the wrong person, clicking "reply all" unintentionally, or misspelling an email address. Without the security of encryption, this can lead to serious problems. If an unauthorized person sees sensitive information not intended for their eyes, a mere accident turns into a data breach.

There are significant risks associated with sending unsecured emails. These include:

• Risk of attack
• Data loss and damage caused by data breaches
• Breaking data protection regulations
• Fines and legal action
• Damage to business reputation

It's easy to become complacent about emails — something most of us have easy access to and use every day — but a simple layer of added security protects us from risk. Cybercriminals spend their lives searching for weak points they can take advantage of; the least we can do is make that more challenging for them.

That's why it's so important to use all the tools at your disposal to make sure your emails are sent securely.

How to Secure a "Smail" with Microsoft 365

For most Outlook users, emails are encrypted through S/MIME. This only works if both sender and recipient use Outlook and have their certificates installed, confirming their identities. That works well as a layer of basic protection against data loss.

Microsoft 365 also offers built-in message encryption for senders and recipients who use Outlook and have an Office 365 subscription. Here are step-by-step instructions outlining how to send an encrypted message when both parties use Microsoft 365.

To summarize:

• Use Outlook to open the email message
• Navigate to the "File" and click "Properties"
• Scroll to "Security Settings" and check the box next to "Encrypt message contents"
• Compose your email message as you usually would
• Click "Send"

However, if one party doesn't have the correct certificates or encryption tools, sending that email using plain text might seem the only option. Thankfully, Outlook add-ons allow users to encrypt every email they send, even if the recipient is outside the organization and using another email provider.

At the KnowBe4 Blog:
https://blog.knowbe4.com/how-to-send-secure-email-outlook

[Live Demo] Stop Inbound and Outbound Email Threats

With over 376 billion emails sent daily, your organization faces unprecedented risks from Business Email Compromise (BEC), misdirected sensitive communications, and sophisticated AI-driven phishing attacks. The human element, involved in the vast majority of data breaches, contributes to email-based threats that cost organizations like yours millions annually.

Discover how you can stop up to 97% more attacks and uncover ten times more potential data breaches in your Microsoft 365 environment before they happen.

Join our live demo to see how KnowBe4 empowers Cloud Email Security seamlessly integrates into Microsoft 365 to enhance its native protection while providing the tools needed to identify risky communications before they lead to breaches.

See KnowBe4's Cloud Email Security in action as we show you how to:

• Defend your organization against sophisticated inbound threats including business email compromise, supply chain attacks and ransomware
• Prevent costly outbound mistakes with real-time alerts that stop misdirected emails and unauthorized file sharing
• Enforce information barriers that keep you compliant with industry regulations
• Detect and block data exfiltration attempts before sensitive information leaves your organization
• Customize incident response workflows to match your security team's needs

Strengthen your security posture with AI-native intelligent email security that reduces human-activated risk and safeguards your organization from inbound and outbound threats.

Date/Time: Tuesday, March 31 @ 1:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/ces-demo-month3?partnerref=CHN

What Is Integrated Cloud Email Security (ICES) and Why Do You Need It

Integrated cloud email security (ICES) is a term coined by industry analyst Gartner in their 2021 Market Guide for Email Security. The guide was reissued in 2023 and stated that "by 2025, 20% of anti-phishing solutions will be delivered via API integration with the email platform, up from less than 5% at the time of publication."

Using machine learning, natural language understanding (NLU) and natural language processing (NLP), an ICES solution goes beyond blocking known threats to detect zero-day and emerging attacks, as well as detecting text-based attacks that leverage social engineering. These solutions can also educate employees in real time.

ICES is an evolution of email security solutions referred to in previous Gartner Market Guides as "cloud email security supplements" (CESS) and "integrated email security services" (IESS). Three driving forces led to the emergence of this category of email security:

• Sophisticated, evasive phishing: attacks used to consist of malware hidden in attachments and downloaded from servers linked in the phishing email. However, attacks have evolved. In particular, there has been an increase in payload-less phishing attacks that rely on social engineering and hyperlinks pointing at seemingly innocuous content designed to steal credentials. These and other advanced attacks evade detection by existing email security, such as secure email gateways (SEGs) and a new solution was needed.
• The emergence of intelligent detection: innovations in machine learning and linguistic analysis (NLP and NLU) made detection of advanced phishing attacks possible.
• The migration to Microsoft 365: the shift to cloud email platforms has led to easily deployable email security solutions that provide post-delivery inspection of emails and the remediation of threats.

Simple to Deploy, With No Rip and Replace

Integrated cloud email security (ICES) solutions are not designed to replace cloud email platform's native security, but to augment it and solve the use cases that it cannot. Therefore, they co-exist with Microsoft 365's native security.

While they also complement secure email gateways (SEGs), continued enhancements to Microsoft's offering means many customers experience a total duplication of functionality between Microsoft and their SEG and are discontinuing use of the latter.

As ICES, such as KnowBe4 Defend, augment existing infrastructure, no change is necessary to the Domain Name System mail exchanger (DNS MX) record; they can be deployed in minutes. There are two common methods of deployment, and both are implemented with just a few clicks:

• Use the Microsoft Graph API to claw back emails from the inbox post-delivery, inspect them and if a threat is found, either quarantine them or add a warning banner and return them to the inbox. If they are clean, they are returned to the inbox in their original format.
• Deploy mail flow rules into Microsoft 365 that divert emails to the ICES platform, where they are inspected and if a threat is found, are quarantined or a warning banner added before delivering to the inbox.

Both approaches use the Graph API to empower remediation of emails that are delivered and later found to be malicious. This is a function of mail-focused security orchestration, automation and response (M-SOAR).

More at the KnowBe4 Blog:
https://blog.knowbe4.com/what-is-integrated-cloud-email-security-ices-guide

[WHITEPAPER] From Legacy SEGs to Integrated Cloud Email Security (ICES)

Nearly 87% of cybersecurity leaders are currently considering or have already completed the replacement of their SEG. This shift comes as sophisticated, payload-less threats increasingly bypass traditional defenses by exploiting human trust rather than technical vulnerabilities.

This whitepaper explores the fundamental shift from external gateways to Integrated Cloud Email Security (ICES). It provides a strategic framework to help you identify when a SEG has become obsolete and how to transition to a model that leverages deep API integration for superior visibility.

Your roadmap for modernizing email protection includes:

• The critical blind spots of SEG architecture and why operating outside the cloud tenant leaves your organization blind to internal mail flow and behavioral anomalies
• The power of AI-driven behavioral detection and how ICES uses machine learning to stop Business Email Compromise (BEC) and account takeovers
• A three-phase transition strategy to assess your current performance baseline, evaluate integrated platforms and execute a migration with minimal disruption

It's time to take a good, hard look at SEGs.

Download Now:
https://info.knowbe4.com/evaluating-modern-email-security-architectures-wp-chn

So Many AI Attacks, It Made Quantum Seem Easy

By Roger Grimes

As I was writing my latest book, "How AI and Quantum Impact Cyber Threats and Defenses," I was hit by how many theoretical and real attacks there are involving AI. There are attacks committed by AI and attacks committed against AI, and I'm not sure which category is bigger.

Every attack type we have ever had (e.g., social engineering, vulnerability exploitation, authentication attacks, side channel attacks, etc.) is going to be worsened by AI-enabled attack tools and methodologies.

They will be more persuasive, faster and more successful. AI-enabled social engineering, especially adding AI-created deepfake videos, is going to significantly ramp up social engineering. AI hack bots are going to exploit more vulnerabilities, create and find more zero days and exploit a larger percentage of them (which currently sits at only 4% of total publicly announced vulnerabilities).

And that's saying a lot, because we had over 48,000 publicly announced vulnerabilities last year.

Another large category of attacks is attacks against AI technologies. While researching for the book, I became overwhelmed by all the traditional and new attacks against AI. AI will not only be attacking us, but will also be attacked by traditional methods and tools, and by AI-enabled tools.

In fact, most of the news of new attacks involving AI is about attacks against AI, not by it. Attacks against AI include:

• Prompt injections
• Data poisoning
• Context poisoning
• AI identity attacks
• Supply chain attacks
• Jailbreaking
• Abusing AI system prompts
• Model/weight manipulation
• Label poisoning
• Memory poisoning
• Improper input handling
• Improper output handling
• Excessive agency
• Unbounded consumption
• Attacks against AI browsers
• Attacks against AI-browser add-ins
• Privacy risks
• Ad-driven attacks
• API attacks
• MCP attacks
• A2A attacks
• Malicious models
• and more

There are so many attacks against AI that I had to break up AI-related attacks into two different chapters. Conversely, quantum attacks are fairly straightforward. There are far fewer of them, mostly against quantum-susceptible cryptography, but widely applicable.

More at the KnowBe4 blog:
https://blog.knowbe4.com/so-many-ai-attacks-it-made-quantum-seem-easy

Phishing Security Test: Free Anti-Phishing Tool

Did you know that 91% of successful data breaches started with a spear phishing attack? Find out what percentage of your employees are Phish-prone™ with your free Phishing Security Test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

IT pros have realized that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having an antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defense: USERS.

Why? If you don't do it yourself, the bad actors will.

Here's how it works:

• Immediately start your test for up to 100 users (no need to talk to anyone)
• Select from 20+ languages and customize the phishing test template based on your environment
• Choose the landing page your users see after they click
• Show users which red flags they missed, or a 404 page
• Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
• See how your organization compares to others in your industry

The Phish-prone Percentage is usually higher than you expect, and is great ammo to get budget. Start phishing your users now. Fill out the form, and get started immediately!

Sign Up:
https://info.knowbe4.com/phishing-security-test-em-chn

Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Executive Chairman
KnowBe4, Inc.

PS: Our KnowBe4 Community Is One of Our Greatest Strengths:
https://blog.knowbe4.com/our-knowbe4-community-is-one-of-our-greatest-strengths

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-16-12-keep-an-eye-out-why-unsecured-outlook-email-is-risky

Phishing Attacks Are Abusing URL Rewriting Services to Evade Detection

Threat actors are abusing URL rewriting services from at least 19 different security vendors in order to obfuscate their phishing links, according to researchers at LevelBlue.

URL rewriting is a legitimate service offered by security providers that replaces a URL with a vendor-generated version, which will be scanned by the security vendor when the link is clicked. However, threat actors can abuse this feature to hide phishing links.

"We have seen phishing links utilizing vendor rewriting that threat actors likely generated when operating from within compromised email accounts that had URL rewriting services enabled," the researchers write. "By utilizing a compromised account, the attacker sends a malicious URL to themselves or a secondary controlled account.

"The internal security system automatically 'rewrites' the link, wrapping it in the provider's trusted domain. If the chain is not detected by these services, the attacker exports this 'safe' link for use in broad phishing campaigns."

Notably, the attackers are now layering URL rewrites, further disguising the final destination. In one case observed by LevelBlue, the phishing link passed through six consecutive URL rewrites generated by four separate security vendors.

"[C]ampaigns using at least two URL rewriting service providers were rare in 2024, first appearing in Q2," the researchers write. "The malicious use of multi-layered URL rewriting expanded throughout 2025, which surged in the final quarter. Early 2026 already shows high activity, suggesting that these campaigns remain active and persistent.

"Threat actors began employing three or more URL rewriting services only in mid-2025 with activity increasing steadily throughout the year and peaking in January 2026. This escalation highlights a clear shift toward deeper and more complex redirect chains."

KnowBe4 empowers your workforce to make smarter security decisions every day.

LevelBlue has the story:
https://www.levelblue.com/blogs/spiderlabs-blog/weaponizing-safe-links-abuse-of-multi-layered-url-rewriting-in-phishing-attacks

Report: Attackers Can Trick AI Assistants Into Displaying Phishing Messages

Researchers at Permiso warn that threat actors can plant phishing messages within Copilot AI summaries. Notably, the researchers found that attackers can trick Copilot into including internal information to craft a more targeted message.

In a proof-of-concept attack, Permiso outlined the following attack:

• "An attacker sends a benign-looking email.
• The attacker includes hidden or low-visibility "instruction text" intended for Copilot.
• The recipient clicks Summarize (a normal productivity workflow).
• The Copilot summary includes an "Action Required" section that looks like a legitimate Microsoft security notification.
• The summary can include a clickable link presented with safe-looking anchor text."

The researchers note, "At that point, the phishing content is no longer 'just an email.' It's presented as assistance generated by an AI tool that the organization may have endorsed. This is a form of model-mediated phishing: the attacker doesn't need Copilot to execute code they only need it to speak with Copilot's voice."

Since Copilot and other AI tools have access to internal information, the attackers can trick the tools into using this information to create a targeted message.

"Phishing through AI summaries is concerning, but the bigger question is: what happens when these assistants can pull from your entire digital workspace?" the researchers write. "Microsoft 365 Copilot doesn't just read emails, it can access Teams conversations, OneDrive files, SharePoint documents and meeting notes, all depending on licensing, configuration and permissions.

"This attack can start simple: an injected prompt that just makes the summary say something alarming. But it can escalate quickly. If Copilot has access to your Teams chats, OneDrive files, or SharePoint docs, an attacker can craft prompts that pull from that context to build more convincing output or quietly exfiltrate sensitive information outside."

Permiso adds that this technique isn't unique to Copilot; a similar tactic has been documented with Google's Gemini for Workspace. Users should be aware that AI tools can be manipulated in this fashion.

Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Permiso has the story:
https://permiso.io/blog/copilot-prompt-injection-ai-email-phishing

What KnowBe4 Customers Say

"Hi Bryan, I would like to congratulate you on having really good people in your organization. People really make a huge difference in how a company is perceived. Some people that I would like to highlight are Andrew S., Darren K., Damian D., Dorian D. and Raman M.

"In regards to how our experience has been so far, it has been great. Thank you for reaching out and I hope you will have a great day ahead."

- T.L., Deputy Global Lead - Security Operations

1. INTERPOL report warns of increasingly sophisticated global financial fraud threat:
   https://www.interpol.int/en/News-and-Events/News/2026/INTERPOL-report-warns-of-increasingly-sophisticated-global-financial-fraud-threat
   
   
2. Europe sanctions Chinese and Iranian firms for cyberattacks:
   https://www.bleepingcomputer.com/news/security/europe-sanctions-chinese-and-iranian-firms-for-cyberattacks/
   
   
3. Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records:
   https://therecord.media/crypto-platform-accuses-north-korea-hack
   
   
4. CISA urges U.S. orgs to secure Microsoft Intune systems after Stryker breach:
   https://www.bleepingcomputer.com/news/security/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach/
   
   
5. Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency:
   https://therecord.media/russia-hackers-ukraine-zimbra-breach
   
   
6. Kroll warns of widening gap in global cyber resilience:
   https://securitybrief.co.uk/story/kroll-warns-of-widening-gap-in-global-cyber-resilience
   
   
7. Texas Federal Court Reinforces Single Limit for Social Engineering Loss Arising from Multiple Payments:
   https://natlawreview.com/article/texas-federal-court-reinforces-single-limit-social-engineering-loss-arising
   
   
8. State-sponsored phishing attacks expected amid war in Iran:
   https://www.welivesecurity.com/en/business-security/cyber-fallout-iran-war-what-have-radar/
   
   
9. Researchers discover a network of more than 20,000 fake shops:
   https://www.malwarebytes.com/blog/scams/2026/03/inside-a-network-of-20000-fake-shops
   
   
10. Mobile banking malware surged in 2025:
    https://zimperium.com/resources/new-zimperium-report-finds-banking-malware-expands-global-reach-targeting-1200-financial-apps
    
    

• Virtual Vaca #1 - Mesa Verde National Park: Colorado’s Prehistoric Cliff Dwellings:
  https://youtu.be/bCbryviVgwY
  
  
• Virtual Vaca #2 - Miedzyzdroje, Poland 4K Drone Video:
  https://youtu.be/rNXdmLssUMI
  
  
• Virtual Vaca #3 - Quito Ecuador in 4K - Incredible Scenes & Hidden Gems:
  https://youtu.be/yxhkinPNRM4
  
  
• [SUPER FAVE] Dune: Part Three Official Teaser Trailer:
  https://youtu.be/3_9vCamtuPY
  
  
• How Disney & Nvidia Brought Olaf to Life as a Robot:
  https://youtu.be/LESOs5GtIrg
  
  
• World's Tallest Toothpick Sculpture from the Guinness World Records:
  https://youtu.be/81B_kkCn3DQ
  
  
• Blacksmith Wingsuit Flight With Live Stats!:
  https://youtu.be/-zOnHu2o1NA
  
  
• The Bridge Collapse That Shocked a Nation:
  https://youtu.be/EEa1gV2Ud_M
  
  
• Watch Us Sculpt a Blazing Orange Pumpkin From Molten Glass:
  https://www.youtube.com/shorts/EPCrGPgbYSQ
  
  
• The talented Bello Sisters from Verona, Italy blew the judges away with their flexibility and gravity-defying stunts.
  https://www.flixxy.com/the-bello-sisters-amazing-acrobatics-agt-all-stars-2023.htm?utm_source=chn&utm_medium=email
  
  
• Jetson ONE - Coastal Flight in California Shows the Future. I want one!:
  https://youtu.be/xh71gTSfr6g?si=E5IWI82llpTE-F8S
  
  
• For Da Kids #1 - Dog Cries Until Mom Takes Her Kitesurfing:
  https://youtu.be/OUq8bUpJZ_U
  
  
• For Da Kids #2 - Tiny Rescue Bird Follows Her Mom Around Like A Dog:
  https://youtu.be/T3L8IDZmUIo
  
  
• For Da Kids #3 - Wild Marten Acts Like A Clingy Kitten Around This Lady:
  https://youtu.be/EQyRYawsnJU
  
  
• For Da Kids #4 - College Student Comes Home to Help Her Cat Lose Weight:
  https://youtu.be/MpaXOM1yoiE
  
  
• For Da Kids #5 - Wild seal keeps showing up to have weekly playdates with dog:
  https://youtu.be/0xAgFYSZnvY