Email security news & analysis | SC Media

Email Security News and Analysis

How to train your team on data privacy.

Phishing campaign spoofs security awareness training notifications

That anti-phishing training email your employees just received may, ironically, actually be a phishing email, according to cyber threat analysts who recently uncovered a security awareness-themed online social engineering campaign. In a blog post on Wednesday, experts at Cofense reported on a phishing campaign that sends emails purporting to be a notification urging employees to…

Expect rapid growth in BEC scams to continue, despite global crackdown

The Justice Department’s extradition of Deborah Mensah from Ghana for her alleged participation in a multimillion-dollar business email compromise (BEC) scheme marks the latest move in a flurry of global activity to stop increasingly prevalent email scams. Since 2018, the department has participated in two massive international operations netting nearly 370 arrests, and the FBI…

DMARC embraced by government, private industry lags

Even though the adoption of DMARC has grown over the past year, only 21 percent) of Fortune 500 companies are protected from being spoofed with only 13.9 percent of all domains enforcing the standard. Industry sectors lag substantially behind U.S. government entities where three-fourths of U.S. federal domains are safeguarded by DMARC enforcement, according to…

U.S. universities at risk of back-to-school and Covid-19 email fraud

The top 20 universities based in the U.S. are failing to implement proper DMARC protections and policies, opening the door for fraudsters to spoof their email domains and convincingly impersonate them at a time when students are likely expecting to receive a wealth digital communications related to back-to-school instructions, researchers warn. In particular, students and…

BEC scams grow in complexity as Russian actors launch Cosmic Lynx operation

A newly reported and unusually sophisticated Business Email Compromise (BEC) operation may serve as a model for other cybercriminals looking to up their social engineering game and cash in on a lucrative illegal pastime. In a press release, blog post and detailed dossier (accessible via the blog post), researchers from Agari who discovered the operation…

M3AAWG issues email authentication advice for security pros

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) has put out a joint call-to-action with Google and Verizon for the security industry to take more proactive measures to authenticate and secure their sending domains and email addresses by deploying email authentication at scale. Preventing rampant phishing during the COVID-19 period should be a top…

Black Lives Matter phishing scam looks to spread TrickBot malware

Scammers often craft social engineering schemes around major crises and news events, as demonstrated by the wealth of coronavirus-themed phishing campaigns seen this year. Now, as massive U.S. and global protests continue following the May 25 killing of George Floyd at the hands of a Minneapolis police officer, a new phishing operation is attempting to…

Phishing campaign targets remote workers with fake voicemail notifications

Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by  Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings. In a company…

Next post in Coronavirus