92% of Organizations Have Experienced a Security Incident as a Result of an Email-Borne Threat

New data shows that not only are email-borne threats increasing, but that current integrated cloud email security solutions do little to detect and stop advanced email-based threats.
Continue Reading

The Top 8 Most Common Types of DNS Records

This article is a good technical overview of DNS that can help you prevent spoofing. This is a cross-post from the EasyDMARC blog, a new KnowBe4 Ventures portfolio company. 
Continue Reading

Expect More Travel-Themed Phishing Scams as 80% of Americans Plan to Travel

The lure of last-minute deals to get away after staying home for the last 2 years is so strong, scammers are using it to their advantage with scams intent on stealing online credentials.
Continue Reading

Email-Based Threats Double as Malware, Credential Phishing, and BEC Detections Increase

Newly released data from TrendMicro about high-risk email threats in 2021 shows where cybercriminals are placing their focus and where yours should be as well.
Continue Reading

80% of Organizations Await “Inevitable” Negative Consequences From Email-Born Cyberattacks

With nearly every organization experiencing some form of phishing attack, new data suggests these attacks are improving in sophistication, effectiveness, and impact.
Continue Reading

89% of Organizations Experienced One or More Successful Email Breach Types During the Last 12 Months

With the number of email breaches per year almost doubling in the last three years, organizations still don’t see email security solutions as being an effective means of stopping attacks.
Continue Reading

UK ICO Sees a Massive Increase in Targeted Email Attacks

New data obtained from the UK’s Information Commissioner’s Office by think tank Parliament Street shows an unprecedented rise in attacks against the UK’s information rights organization.
Continue Reading

20 Year-Old “Right-to-Left Override” Functionality Used in Attacks to Trick Microsoft 365 Users Out of Credentials

Used to disguise malicious file extensions, this legacy functionality is being repurposed in attacks to obfuscate attachment types and steal credentials in an impressive way.
Continue Reading

[On-Demand Webinar] Incredible Email Hacks You'd Never Expect and How You Can Stop Them

If you think the only way your network and devices can be compromised via email is phishing, think again!
Continue Reading

Cryptocurrencies and Email Extortion Trends

Researchers at GreatHorn have found that 98.7% of extortion emails ask for payment in Bitcoin. Most of these emails aren’t targeted, but enough people will likely fall for them that the ...
Continue Reading

[BREAKING] NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

NSA and its US and British partners (the UK's NCSC and the US FBI and CISA) late this morning released an advisory detailing a Russian campaign ("almost certainly ongoing") to brute-force ...
Continue Reading

Low-Grade Ways of Bypassing Email Scanners

Cybercriminals are replacing common words in phishing scams with synonyms in order to bypass security filters, according to researchers at Avanan. For example, one phishing lure contained ...
Continue Reading

Email-Based Threats Increase 64% as Attacks Grow in Sophistication and Volume

New data from Mimecast shows how email-based threats are not only the greatest perceived concern, but are proving to be the reason for increased experienced attacks.
Continue Reading

Email Scammers Impersonate U.S. Government Agencies Offering Pandemic Financial Assistance

Taking advantage of people in their time of need, these bottom feeders of the cybercriminal world promise assistance and, instead, collect personal details to make a buck.
Continue Reading

What You Need to Know About DMARC

It's true - not enough organizations utilize DMARC, SPF, and DKIM, global anti-domain-spoofing standards, which could significantly cut down on phishing attacks. But before you implement ...
Continue Reading

The Risk of the “To” Line

Micropayments company Coil accidentally exposed at least a thousand of its customers’ email addresses by including their addresses in the “To” field of an email, BleepingComputer reports. ...
Continue Reading

Threat Actors Take Advantage of Exchange Online and Outlook on the Web with New Levels of Sophistication

New insight from Accenture Security highlights specific ways attackers are changing their tactics to make Microsoft’s email platform a tool rather than an obstacle for phishing attacks.
Continue Reading

Another Office 365 OAuth Attack Targets Coinbase Users to Gain Compromised Email Access

The latest attack attempts to trick Office 365 users that use Coinbase into giving access to their mailbox via a Consent app rather than trying to steal their credentials.
Continue Reading

The Secret to This Email Phishing Campaign is Volume

FireEye says a newly characterized cybercriminal gang, FIN11, has been launching widespread email phishing campaigns for the past four years. The group isn’t particularly sophisticated, ...
Continue Reading

Two-Month Email Compromise and Impersonation Attack Results in a $15M Take

Read how one unnamed company fell victim to a scam that’s been repeated many times over the last few years, but never with such a massive payoff at the end.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews