Email Security | SC Media

Email Security

How to train your team on data privacy.

Phishing campaign spoofs security awareness training notifications

That anti-phishing training email your employees just received may, ironically, actually be a phishing email, according to cyber threat analysts who recently uncovered a security awareness-themed online social engineering campaign. In a blog post on Wednesday, experts at Cofense reported on a phishing campaign that sends emails purporting to be a notification urging employees to…

U.S. universities at risk of back-to-school and Covid-19 email fraud

The top 20 universities based in the U.S. are failing to implement proper DMARC protections and policies, opening the door for fraudsters to spoof their email domains and convincingly impersonate them at a time when students are likely expecting to receive a wealth digital communications related to back-to-school instructions, researchers warn. In particular, students and…

BEC scams grow in complexity as Russian actors launch Cosmic Lynx operation

A newly reported and unusually sophisticated Business Email Compromise (BEC) operation may serve as a model for other cybercriminals looking to up their social engineering game and cash in on a lucrative illegal pastime. In a press release, blog post and detailed dossier (accessible via the blog post), researchers from Agari who discovered the operation…

Black Lives Matter phishing scam looks to spread TrickBot malware

Scammers often craft social engineering schemes around major crises and news events, as demonstrated by the wealth of coronavirus-themed phishing campaigns seen this year. Now, as massive U.S. and global protests continue following the May 25 killing of George Floyd at the hands of a Minneapolis police officer, a new phishing operation is attempting to…

Phishing campaign targets remote workers with fake voicemail notifications

Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by  Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings. In a company…

States’ lack of DMARC adoption ups risk of Covid-19 email spoofing scams

As phishing scammers actively impersonate institutions like the World Health Organization and Centers for Disease Control and Prevention in order to capitalize on Covid-19 fears, government bodies and state-run health care organizations continue to make themselves vulnerable to email spoofing by failing to employ DMARC email validation protections, a new report states. An investigation by…

Email phishing scam impersonates LogMeIn to trick remote workers

Add LogMeIn to the list of remote services and collaboration platforms whose users are being targeted by phishing scammers seeking to take advantage of businesses’ current work-from-home policies under COVID-19. In a company blog post, Abnormal Security researchers reported witnessing an influx of campaigns targeting LogMeIn — provider of cloud-based remote connectivity services for collaboration,…

Aggah malspam campaign updated with new payloads

An updated Aggah malspam campaign is distributing malicious Microsoft Office documents designed to trigger a multi-stage infection in order to a target a user’s endpoint. The campaign is depositing Agent Tesla, njRAT and Nanocore RAT in a attack that is being run out of several Pastebin accounts, reported Cisco Talos. As with previous Aggah attacks,…

COVID-19’s impact on package deliveries creates golden opportunity for scammers

Cybercriminals are posing as delivery companies and pretending to be affected by the COVID-19 pandemic as a means to trick potential victims into opening malicious emails attachments or revealing credentials on phishing websites. Spam and phishing schemes that use postal- and shipping-themed lures are nothing new, but the coronavirus outbreak allows attackers to put a…

Next post in Coronavirus