Email and messaging threats
Phishing attacks and email spam are constant threats for enterprises. This resource center offers the latest news, tips and expert advice on phishing, spam and other messaging threats as well as best practices for email protection.
Top Stories
-
Tip
30 Jan 2024
16 common types of cyberattacks and how to prevent them
To stop cybercrime, companies must understand how they're being attacked. Here are the most damaging types of cyberattacks and what to do to prevent them. Continue Reading
-
Feature
23 Oct 2023
Top 10 tips for employees to prevent phishing attacks
Share this list of phishing techniques, detection and prevention tips, and best practices to help employees avoid falling victim to phishing schemes. Continue Reading
-
Feature
18 Jul 2019
5 best practices to choose the right email security software
Examine the five best practices and most important criteria for evaluating email security software products and deploying them in your enterprise. Continue Reading
-
News
17 Jul 2019
E-commerce platforms used for domain spoofing against Best Buy
Despite efforts to flag spoofed domains imitating Best Buy, the sites are still active on e-commerce platforms like Shopify and GearLaunch, which have not taken them down. Continue Reading
-
Tip
08 Jul 2019
Office 365 security challenges and how to solve them
To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription. Continue Reading
-
News
02 Jul 2019
Phishing-as-a-service threats abusing cloud services
According to new research, phishing kit providers are increasingly using popular cloud services to host their malicious links in an effort to conceal them from detection. Continue Reading
-
Tip
28 Jun 2019
How to beef up Office 365 email security features
Companies looking to fortify their Office 365 email security can assess options from a variety of third-party vendors. Find out which features are the most important. Continue Reading
-
Tip
27 Jun 2019
Where does IMAP security fall short, and how can it be fixed?
Legacy email protocols like IMAP are prime targets for hackers. Fix IMAP security with better configuration, more encryption and multifactor authentication mandates. Continue Reading
-
Answer
10 Jun 2019
What is MTA-STS and how will it improve email security?
Discover how the MTA-STS specification will improve email security by encrypting messages and enabling secure, authenticated email transfers between SMTP servers. Continue Reading
-
Feature
23 May 2019
10 ways to prevent computer security threats from insiders
Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders. Continue Reading
-
News
22 May 2019
Improved HR security may be why W-2 scams are down
HR's focus on better securing employee data may be working. In its annual data breach investigations report, Verizon found a dramatic decrease in the number of W-2 scam reports. Continue Reading
-
Tip
20 May 2019
Explore Office 365 phishing protection updates
Administrators who move to Exchange Online or the entire Office 365 platform will have a veritable arsenal of antiphishing tools, but their use requires attention to detail. Continue Reading
-
News
08 May 2019
2019 Verizon DBIR highlights cyberespionage, nation-state attacks
The 2019 Verizon Data Breach Investigations Report showed significant increases in cyberespionage and nation-state activity. It also painted a gloomy picture for email threats. Continue Reading
-
Opinion
01 May 2019
Putting cybersecurity for healthcare on solid footing
CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
-
Feature
01 May 2019
Huawei ban highlights 5G security issues CISOs must tackle
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
-
Guide
29 Apr 2019
How to manage email security risks and threats
When faced with email security risks -- and who isn't? -- do you have the right tools, features, training and best practices in place to face down phishing attacks and manage other threats proactively? Start with this guide. Continue Reading
-
News
26 Apr 2019
FBI report says BEC attacks are increasing, evolving
According to the FBI's 2018 Internet Crime Report, business email compromise attacks are on the rise. Security experts highlight how BEC scams are evolving. Continue Reading
-
Tip
25 Apr 2019
The top 3 email security threats and how to defuse them
Understanding the nature of the top 3 email security threats -- malware, phishing and spoofed domains -- can help reduce their impact. Continue Reading
-
Answer
26 Mar 2019
Can PDF digital signatures be trusted?
Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures. Continue Reading
-
Tip
20 Mar 2019
Find out whether secure email really protects user data in transit
Outside of user perceptions, how safe is secure email in terms of protecting users' data in transit? Our expert explains how much the SSL and TLS protocols can protect email. Continue Reading
-
Tip
14 Mar 2019
Nine email security features to help prevent phishing attacks
Check out nine email security features that can help protect you from phishing attacks. First, make sure they're enabled on your email system configuration, and if not, start your wish list. Continue Reading
-
Tip
01 Mar 2019
Top 5 email security issues to address in 2019
The top five email security issues come from a variety of places, from email phishing to account takeovers. Our security expert recommends being vigilant and poised to take action. Continue Reading
-
Quiz
20 Dec 2018
Test your phishing security knowledge with this quiz
Email phishing can cause major security breaches if users aren't careful. IT must train users on email security best practices to defend against these attacks. Continue Reading
-
News
06 Dec 2018
NRCC email breach confirmed eight months later
A security company was brought in to investigate a National Republican Congressional Committee breach from April, but little is known about the NRCC email theft. Continue Reading
-
Feature
05 Dec 2018
Testing email security products: Results and analysis
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies. Continue Reading
-
Feature
30 Nov 2018
Testing email security products: Challenges and methodologies
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies. Continue Reading
-
Answer
21 Nov 2018
How were attackers able to bypass 2FA in a Reddit breach?
Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim. Continue Reading
-
Answer
08 Nov 2018
What is behind the growing trend of BEC attacks?
BEC attacks cost over $676 million in 2017, according to the FBI's Internet Crime Report. Learn how to recognize possible BEC attacks from expert Michael Cobb. Continue Reading
-
Answer
05 Nov 2018
How can U2F authentication end phishing attacks?
By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb. Continue Reading
-
Answer
22 Oct 2018
What are DMARC records and can they improve email security?
Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson. Continue Reading
-
Feature
15 Oct 2018
Create an email phishing test to minimize attack vectors
With email phishing testing, IT can improve its end-user security. Phishing attacks prey on user ignorance, so IT can use a test to teach users how to avoid this attack vector. Continue Reading
-
Tip
25 Sep 2018
How to create an internal phishing campaign from scratch
When IT begins an email phishing campaign, it must determine what server the emails will come from, consider phishing tool options and more. Continue Reading
-
Tip
06 Sep 2018
How the STARTTLS Everywhere initiative will affect surveillance
The EFF's STARTTLS Everywhere initiative encrypts email during delivery and aims to prevent mass email surveillance. Expert Michael Cobb explains how STARTTLS works. Continue Reading
-
Photo Story
04 Sep 2018
4 enterprise email clients to consider instead of Outlook
Organizations looking to cut costs or make a change for their business email client have numerous options to replace Microsoft Outlook, but not all of them are viable. Continue Reading
-
Tip
16 Aug 2018
How to mitigate the Efail flaws in OpenPGP and S/MIME
Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb. Continue Reading
-
News
31 Jul 2018
U.S. government making progress on DMARC implementation
The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away, and only half of the domains have the correct policy in place. Continue Reading
-
News
27 Jul 2018
LifeLock vulnerability exposed user email addresses to public
News roundup: A LifeLock vulnerability exposed the email addresses of millions of customers. Plus, Amazon's Rekognition misidentified 28 members of Congress as criminals, and more. Continue Reading
-
Tip
06 Jul 2018
Authenticating email in Exchange for brand protection
With help from the combined use of the SPF, DKIM and DMARC technologies, Exchange administrators can curb email spoofing to protect users and the company brand. Continue Reading
-
News
28 Jun 2018
EFF's STARTTLS Everywhere aims to protect email in transit
The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing. Continue Reading
-
News
15 Jun 2018
EU institutes Kaspersky ban, calls software 'malicious'
News roundup: Following a vote by the European Parliament to implement a Kaspersky ban in the EU, Kaspersky announced it would halt ties with the No More Ransom project and Europol. Continue Reading
-
News
15 Jun 2018
FBI fights business email compromise with global crackdown
U.S. federal agencies worked with international law enforcement in Operation Wire Wire to find and prosecute alleged cybercriminals conducting business-email-compromise scams. Continue Reading
-
Tip
14 Jun 2018
How to use the OODA loop to improve network security
The OODA loop can be used to establish cyber deception against hackers to improve network security. Learn the OODA steps and how they can be applied to security with Kevin Fiscus. Continue Reading
-
Feature
01 Jun 2018
Business email compromise moves closer to advanced threats
The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks. Continue Reading
- 29 May 2018
-
Podcast
24 May 2018
Risk & Repeat: Breaking down the Efail flaws
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws. Continue Reading
-
Tip
21 May 2018
Create an effective email phishing test in 7 steps
The best way for IT to improve email phishing security is through comprehensive testing, which helps identify which users are susceptible and what type of fake email is most effective. Continue Reading
-
News
18 May 2018
Telegrab malware threatens Telegram desktop users
News roundup: Telegrab malware enables hackers to grab encryption keys and browser credentials from Telegram sessions. Plus, DHS released its new cybersecurity strategy, and more. Continue Reading
-
Podcast
17 May 2018
Risk & Repeat: Business email compromise on the rise
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise in business email compromise activity based on new data from the FBI's 2017 Internet Crime Report. Continue Reading
-
News
16 May 2018
Efail disclosure troubles highlight branded vulnerability issues
The Efail disclosure process was one day away from completion, but attempts to generate hype for the vulnerabilities led to details leaking earlier than researchers intended. Continue Reading
-
News
14 May 2018
Efail flaws highlight risky implementations of PGP and S/MIME
The messy disclosure of the Efail flaws raised questions about the security of email encryption, while experts said S/MIME may be more at risk than some PGP implementations. Continue Reading
-
News
14 May 2018
FBI: Business email compromise tops $676 million in losses
Verizon's Data Breach Investigations Report indicates an increase in ransomware while the FBI's Internet Crime Report shows a downward trend, with business email compromise on the rise. Continue Reading
-
News
30 Apr 2018
Phishing threats still dwarf vulnerabilities, zero-days
Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and enterprises are still on the defensive. Continue Reading
-
News
26 Apr 2018
SecureWorks warns of business email compromise campaign
SecureWorks researchers uncovered an extensive business email compromise campaign targeting the maritime shipping industry, which may have cost organizations millions of dollars. Continue Reading
-
Answer
28 Mar 2018
Zyklon malware: What Microsoft Office flaws does it exploit?
Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet data with expert Judith Myerson. Continue Reading
-
Feature
08 Mar 2018
How ransomware variants are neutralizing data backups
The latest iterations of ransomware aim to undercut backups as an effective method for recovering from attacks. Learn how to overcome this vulnerability. Continue Reading
-
News
23 Feb 2018
Hackers used SWIFT-based attacks to steal millions from banks
News roundup: Hackers once again used SWIFT-based attacks to steal millions from Russian and Indian banks. Plus, hackers used an L.A. Times website for cryptojacking, and more. Continue Reading
-
Answer
21 Feb 2018
How are tech support scams using phishing emails?
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis. Continue Reading
-
News
14 Feb 2018
Zero-day Telegram vulnerability exploited for cryptomining
Kaspersky Lab disclosed a zero-day vulnerability in Telegram that the security vendor says was abused by Russian cybercriminals in a cryptomining malware campaign. Continue Reading
-
Feature
21 Dec 2017
Get the best botnet protection with the right array of tools
Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading
-
Tip
12 Dec 2017
Use SpoofGuard to defend against malicious activity in VMware NSX
SpoofGuard monitors network traffic to identify malicious activity and prevent phishing attacks. Before you enable SpoofGuard in NSX, there are a few things you should know. Continue Reading
-
Answer
04 Dec 2017
PGP keys: Can accidental exposures be mitigated?
The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys. Continue Reading
-
Feature
27 Nov 2017
Security for applications: What tools and principles work?
Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job. Continue Reading
-
Tip
09 Nov 2017
Email security issues: How to root out and solve them
Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more. Continue Reading
-
Feature
31 Oct 2017
The Basics of Cyber Safety
In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security. Continue Reading
-
News
31 Aug 2017
Spambot email leak compromises 711M records
An email leak containing 711 million records was found in a breach of a spambot list stored in the Netherlands and included both addresses and passwords used to access email accounts. Continue Reading
-
Answer
25 Aug 2017
How is cross-platform malware carried in Word docs?
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks work and how to defend against them. Continue Reading
-
Guide
21 Aug 2017
How to attack DDoS threats with a solid defense plan
An anti-DDoS program requires solid understanding of the threat and a clearly thought-out strategy. This guide will help you define and implement a solid DDoS defense plan. Continue Reading
-
Answer
10 Aug 2017
Libpurple flaw: How does it affect connected IM clients?
The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works. Continue Reading
-
Answer
07 Aug 2017
How did flaws in WhatsApp and Telegram enable account takeovers?
Flaws in WhatsApp and Telegram, popular messaging services, enable attackers to break encryption and take over accounts. Expert Michael Cobb explains how the attacks work. Continue Reading
-
Answer
28 Jul 2017
Poison Ivy RAT: What new delivery techniques are attackers using?
A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that enterprises should look out for. Continue Reading
-
News
27 Jul 2017
Phishing research shows troubling trends for enterprise users
Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats. Continue Reading
-
Answer
20 Jul 2017
How can users protect themselves from the DocuSign phishing email?
A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack. Continue Reading
-
Tip
08 Jun 2017
Embedded malware: How OLE objects can harbor threats
Nation-states have been carrying out attacks using RTF files with embedded malware. Expert Nick Lewis explains how OLE technology is used and how to protect your enterprise. Continue Reading
-
Answer
08 Jun 2017
The Apple Notify flaw: How does it allow malicious script injection?
Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work. Continue Reading
-
Answer
26 May 2017
How can customer service staff spot social engineering email attacks?
Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks. Continue Reading
-
News
05 May 2017
SS7 vulnerability allows attackers to drain bank accounts
News roundup: Attackers exploit SS7 vulnerability and drain bank accounts. Plus, Trump signs government IT executive order, an Intel AMT flaw threatens millions and more. Continue Reading
-
Answer
04 May 2017
Why did the PHPMailer library vulnerability have to be patched twice?
After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works. Continue Reading
-
News
04 May 2017
Google Docs phishing attack grants attacker full Gmail access
A Google Docs phishing attack abused OAuth to give malicious actors full access to a victim's Gmail account and contacts, but Google claims to have blocked the attacks. Continue Reading
-
Answer
19 Apr 2017
How does Nemucod malware get spread through Facebook Messenger?
The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack. Continue Reading
-
Answer
06 Apr 2017
How serious is a malicious DLL file vulnerability for enterprises?
A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability and its classification. Continue Reading
-
Answer
24 Mar 2017
How does the Locky ransomware file type affect enterprise protection?
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift. Continue Reading
-
News
23 Mar 2017
DV certificates abused, but policing may not be possible
Research shows DV certificates can be a prime target for phishing and malware operators, but experts are unsure how certificate authorities should deal with the issue. Continue Reading
-
Answer
03 Mar 2017
What's the best corporate email security policy for erroneous emails?
If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise. Continue Reading
-
Answer
22 Feb 2017
How can obfuscated macro malware be located and removed?
A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware. Continue Reading
-
Answer
07 Feb 2017
How did a Signal app bug let attackers alter encrypted attachments?
The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw. Continue Reading
-
News
17 Jan 2017
Gmail phishing campaign uses real-time techniques to bypass 2FA
Researchers saw a Gmail phishing campaign in the wild using clever tricks to access accounts including a difficult 2FA bypass only possible in real time. Continue Reading
-
Definition
06 Dec 2016
email security gateway
An email security gateway is a product or service that is designed to prevent the transmission of emails that break company policy, send malware or transfer information with malicious intent. Continue Reading
-
Answer
05 Dec 2016
What should happen after an employee clicks on a malicious link?
The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack. Continue Reading
-
Answer
21 Jun 2016
What new Asacub Trojan features should enterprises watch out for?
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for. Continue Reading
-
Feature
18 Mar 2016
Detecting and Combating Malicious Email
In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims. Continue Reading
-
Feature
30 Dec 2015
Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview
Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats. Continue Reading
-
Feature
30 Dec 2015
Proofpoint Enterprise Protection: Product overview
Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats. Continue Reading
-
Feature
21 Dec 2015
McAfee Email Protection, Security for Email Servers: Product overview
Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages. Continue Reading
-
Feature
21 Dec 2015
Clearswift SECURE Email Gateway: Product overview
Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails. Continue Reading
-
Feature
21 Dec 2015
Fortinet FortiMail: Product overview
Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization. Continue Reading
-
Feature
14 Dec 2015
Cisco Email Security Appliance: Product overview
Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats. Continue Reading
-
Definition
28 Jan 2015
social engineering penetration testing
Social engineering pen testing is designed to test employees' adherence to the security policies and practices defined by management. The purpose is to ascertain the company's vulnerability to social engineering exploits. Continue Reading
-
Feature
16 Dec 2014
Targeted Cyber Attacks
In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets. Continue Reading
-
Answer
19 Nov 2014
How can vishing attacks be prevented?
Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them. Continue Reading
-
News
10 Sep 2010
'Here you have' email worm spreads
NASA, Wells Fargo, Comcast and Disney were hit by the old-school email worm, which spreads by harvesting victims' contact data. Continue Reading
-
News
06 May 2010
Symantec warns of Apple phishing scam
Symantec is warning of a new phishing campaign targeting Apple users in an attempt to trick them into giving up their Apple gift card data. Continue Reading
-
News
19 Mar 2010
Sophos researchers warn of new Amazon phishing scam
Phony email message claims Sony laptop is on the way. Continue Reading