Almost as soon as email became widely used, crooks and scammers began using it as a means to defraud people. In today’s world, malicious fake emails continue to be a huge problem for individuals and businesses. Businesses make lucrative targets Losses due to BEC scams are escalating, and criminals are targeting organizations with emails that,…

Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari. Microsoft was impersonated in 36 percent of all (brand) display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks. Amazon and Microsoft run…

The Valimail Q2 2018 Email Fraud Landscape shows that fake email continues to be a serious problem, with an estimated 6.4 billion fake emails sent every day. That total includes only exact-domain sender spoofing, in which senders put a fake email address in the From: field of their messages. This is one of the most…

A survey of 295 professionals — mostly but not entirely IT professionals — has found that 85% of respondents see email threats bypass email security controls and make it into the inbox; 40% see weekly threats; and 20% have to take significant remediation action on a weekly basis. Email security firm GreatHorn wanted to examine…

A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected programs includes Enigmail and GPGTools. About the vulnerability (CVE-2018-12020) CVE-2018-12020, dubbed “SigSpoof” by Marcus Brinkmann, the researcher which found it, arises from “weak design choices.” “The signature verification routine…

88.8 percent of the root domains operated by top colleges and universities in the United States are putting their students, staff and other recipients at risk for phishing attacks that spoof the institution’s domain, according to 250ok. Phishing and spoofing attacks against consumers are likely when companies do not have a published Sender Policy Framework…

Nigerian scammers are targeting Fortune 500 companies, and have already stolen millions of dollars from some of them, IBM Security researchers have found. Their strategy is well known: they take over or impersonate a trusted user’s email account to target companies that conduct international wire transfers, and trick accounts payable personnel into wiring money into…

A man who accessed over 1,000 email accounts maintained by a New York City-area university to download in appropriate photos and videos was sentenced to 6 months in prison this week. The man, Jonathan Powell, 30, of Phoenix, Arizona, pled guilty to the charges on August 9, 2017, in Manhattan federal court before United States…

The employees of insurance companies and non-profit organizations are most likely to fall for phishing attacks, according to a study conducted by security awareness training firm KnowBe4. KnowBe4’s study is based on data collected from six million users across 11,000 organizations. The company has tested users at three stages: before any awareness training, after 90…