Problem solve

Email and Messaging Threats spam phishing instant messaging

• Coronavirus phishing scams increase amid pandemic's spread

  Organizations must account for a sharp uptick of coronavirus phishing scams in their pandemic and business continuity plans. Learn about the trend here, with steps for mitigation. Continue Reading

• Advanced cybersecurity fraud and how to fight it

  Cybersecurity fraud's roots run deep, with fraudsters forever after the same thing: tricking others out of their valuable assets. Learn how to keep defenses high. Continue Reading

• How an island-hopping cyberattack works and how to fight back

  Being part of island-hopping is no day at the beach when it comes to cyberattacks. Learn how to avoid being either a victim or an attacker's unwitting accomplice. Continue Reading

• Stop business email compromise with three key approaches

  Why is BEC such a popular attack? Because it works, unfortunately, tempting hackers with huge potential payouts. Learn how to keep them from lining their pockets with your assets. Continue Reading

• How a security researcher responds to an email phishing attempt

  When security expert Steven Murdoch received an email phishing attempt, the researcher in him decided to investigate. Find out what he learned about criminal phishing tactics. Continue Reading

• Beat common types of cyberfraud with security awareness

  Hackers are taking deception to a new level, but security awareness programs are instrumental in helping employees detect various types of cyberfraud.Continue Reading

• New evasive spear phishing attacks bypass email security measures

  Researchers identified a new email security threat: evasive spear phishing attacks, which take months of investigation and social engineering to coordinate.Continue Reading

• 6 types of insider threats and how to prevent them

  Compromised, negligent and malicious employees put enterprises at risk. Here are six problems they pose and the insider threat prevention strategies to protect your enterprise.Continue Reading

• Tackling IT security awareness training with a county CISO

  A Michigan county CISO says government workers are under siege by cybercriminals. In this case study, he shares how his IT security awareness training strategy has evolved.Continue Reading

• Office 365 security challenges and how to solve them

  To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription.Continue Reading

• Where does IMAP security fall short, and how can it be fixed?

  Legacy email protocols like IMAP are prime targets for hackers. Fix IMAP security with better configuration, more encryption and multifactor authentication mandates.Continue Reading

• What are the most important email security protocols?

  Internet email was designed independent of security considerations, but these are the top email security protocols that add mechanisms to keep messaging safe from threats.Continue Reading

• 10 ways to prevent computer security threats from insiders

  Whether via the spread of malware, spyware or viruses, insiders can do as much damage as outside attackers. Here's how to prevent computer security threats from insiders.Continue Reading

• Implementing the top 6 email security best practices for employees

  The list of email security best practices for employees can get long. To include the necessary options, check out the six essentials. Where does your organization stand?Continue Reading

• The top 3 email security threats and how to defuse them

  Understanding the nature of the top 3 email security threats -- malware, phishing and spoofed domains -- can help reduce their impact.Continue Reading

• What are the top enterprise email security best practices?

  Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the dangers of phishing.Continue Reading

• Find out whether secure email really protects user data in transit

  Outside of user perceptions, how safe is secure email in terms of protecting users' data in transit? Our expert explains how much the SSL and TLS protocols can protect email.Continue Reading

• Nine email security features to help prevent phishing attacks

  Check out nine email security features that can help protect you from phishing attacks. First, make sure they're enabled on your email system configuration, and if not, start your wish list.Continue Reading

• How were attackers able to bypass 2FA in a Reddit breach?

  Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim.Continue Reading

• How can U2F authentication end phishing attacks?

  By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb.Continue Reading

• How are tech support scams using phishing emails?

  Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis.Continue Reading

• Botnet attacks are evolving; your defenses must too

  Botnets are evolving and will continue to plague organizations. There is no one tool that will be sufficient, so it’s time to layer your anti-botnet defenses.Continue Reading

• Get the best botnet protection with the right array of tools

  Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can.Continue Reading

• PGP keys: Can accidental exposures be mitigated?

  The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys.Continue Reading

• Libpurple flaw: How does it affect connected IM clients?

  The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works.Continue Reading

• How did flaws in WhatsApp and Telegram enable account takeovers?

  Flaws in WhatsApp and Telegram, popular messaging services, enable attackers to break encryption and take over accounts. Expert Michael Cobb explains how the attacks work.Continue Reading

• How can users protect themselves from the DocuSign phishing email?

  A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack.Continue Reading

• How can users identify phishing techniques and fraudulent websites?

  A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar phishing attacks.Continue Reading

• Embedded malware: How OLE objects can harbor threats

  Nation-states have been carrying out attacks using RTF files with embedded malware. Expert Nick Lewis explains how OLE technology is used and how to protect your enterprise.Continue Reading

• The Apple Notify flaw: How does it allow malicious script injection?

  Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work.Continue Reading

• How can customer service staff spot social engineering email attacks?

  Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks.Continue Reading

• Why did the PHPMailer library vulnerability have to be patched twice?

  After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works.Continue Reading

• How does Nemucod malware get spread through Facebook Messenger?

  The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack.Continue Reading

• How serious is a malicious DLL file vulnerability for enterprises?

  A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability and its classification.Continue Reading

• How does the Locky ransomware file type affect enterprise protection?

  Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift.Continue Reading

• What's the best corporate email security policy for erroneous emails?

  If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise.Continue Reading

• How does the iSpy keylogger steal passwords and software license keys?

  A recent version of the iSpy keylogger has the ability to steal passwords and record Skype chats. Expert Nick Lewis explains how it works and how to protect your systems.Continue Reading

• How can obfuscated macro malware be located and removed?

  A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware.Continue Reading

• How did a Signal app bug let attackers alter encrypted attachments?

  The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw.Continue Reading

• SWIFT network communications: How can bank security be improved?

  The SWIFT network has increasingly been abused by cybercriminals to carry out bank fraud and theft. Expert Michael Cobb explains possible ways to boost security.Continue Reading

• What should happen after an employee clicks on a malicious link?

  The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack.Continue Reading

• Is destroying a decryption key a strong enough security practice?

  Destroying a decryption key isn't the same as destroying the data, but which method is more secure? Expert Mike Chapple explains the best way to combat a future encryption flaw.Continue Reading

• How can APT groups be stopped from exploiting a Microsoft Office flaw?

  APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks work and how to prevent them.Continue Reading

• How are weak passwords banned with Microsoft's Smart Password Lockout?

  Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and if it will be beneficial.Continue Reading

• What new Asacub Trojan features should enterprises watch out for?

  The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for.Continue Reading

• How does the Dridex Trojan conduct redirection attacks?

  The new version of the Dridex Trojan share Dyre malware's redirection attack capabilities. Expert Nick Lewis explains how enterprises can prevent these incidents.Continue Reading

• Personal email servers: What are the security risks?

  Hillary Clinton has taken much criticism over the use of a personal email server. Expert Michael Cobb explains the risks of shadow IT email and what enterprises can do about them.Continue Reading

• How can a DMARC policy improve email security?

  Major email providers are adopting DMARC policies to reduce spam. Expert Michael Cobb explains how DMARC works and why it's is a good thing for email security.Continue Reading

• Detecting and Combating Malicious Email

  In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims.Continue Reading

• Cyber Crime and Cyber Terrorism Investigator's Handbook

  In this excerpt of Cyber Crime and Cyber Terrorism Investigator's Handbook, authors Babak Akhgar, Andrew Staniforth and Francesca Bosco outline the classification, types and categories of cybercrime.Continue Reading

• How can enterprises prevent man-in-the-email attacks?

  A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training and little technology.Continue Reading

• How can we secure enterprise email at home and abroad?

  Emails often contain sensitive information, yet the proper measures are not always taken to secure them. Learn how to keep corporate email safe both at home and in foreign countries.Continue Reading

• How can phishing attacks that use proxy programs be stopped?

  Phishing attacks are adopting new functionality to avoid detection, including the use of proxy programs to simplify the attack process. Learn how to defend against this type of risk.Continue Reading

• Is global email an enterprise email security risk?

  Ubiquitous global email is right around the corner. But what effect will it have on enterprises? Expert Michael Cobb explains.Continue Reading

• How can malware using bulletproof hosting sites be stopped?

  Expert Nick Lewis explains what bulletproof hosting is and how enterprises can best defend against malware that uses it as part of its attack scheme.Continue Reading

• Are there new spam rules to mitigate spam techniques?

  Expert Nick Lewis explores the latest spam defense methods and products that will help enterprises defend against new and emerging spam techniques.Continue Reading

• Should enterprises enforce harsher penalties for phishing victims?

  The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph Granneman discusses why this approach may have merit.Continue Reading

• How does snowshoe spam evade spam blockers?

  Spam can use a process called 'snowshoe' to evade spam filters. Enterprise threats expert Nick Lewis explains how to block snowshoe spam.Continue Reading

• Defend against APTs with big data security analytics

  Without a trace: Cybersecurity incident response teams must follow the thread of security events through volumes of log data from increasingly diverse sources.Continue Reading

• The business case for email encryption software

  Email encryption is a valuable security tool for enterprises, but where and how should it be deployed? Expert Karen Scarfone outlines specific use cases for email encryption software.Continue Reading

• Targeted Cyber Attacks

  In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets.Continue Reading

• How can vishing attacks be prevented?

  Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them.Continue Reading

• Mobile email security: Mitigating JavaScript risks, data loss

  Mitigating JavaScript risks is essential to ensuring mobile email security. Discover how to keep your enterprise safe.Continue Reading

• Apple iMessage security: Is iMessage encryption strong enough?

  Is Apple iMessage encryption strong enough to mitigate reverse-engineering attacks? Learn more about one of the top iMessage security risks.Continue Reading

• Email address security: Can email addresses thwart phishing schemes?

  Email addresses are prime targets of phishing schemes. Uncover how to mitigate these risks and learn tips for ensuring email address security.Continue Reading

• Return to sender: Improving security with DMARC email authentication

  Learn how domain-based messaging authentication, reporting and conformance, or DMARC, can enhance your email security.Continue Reading

• BlackBerry backdoor: Do BlackBerry credential logs pose a threat?

  BlackBerry's email system logs user credentials and sends them in cleartext to BlackBerry servers. Is it a vendor backdoor? Michael Cobb discusses.Continue Reading

• PDF malware: How to spot, prevent emerging PDF attacks

  Enterprise threats expert Nick Lewis explores emerging techniques being employed in PDF-based malware attacks and tells how to defend against them.Continue Reading

• To nullify targeted attacks, limit out-of-office message security risk

  Expert Michael Cobb details how to reduce out-of-office message security risk --and thus targeted attacks -- by limiting personal info given.Continue Reading

• Can DomainKeys Identified Mail still be used for email authentication?

  Expert Nick Lewis determines whether the DomainKeys Identified Mail protocol can still be safely relied upon for email authentication.Continue Reading

• Improving enterprise email security: Systems and tips

  Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.Continue Reading

• Mitigations for mobile phishing problems on the iOS platform

  With potential phishing problems surfacing for iOS users, expert Nick Lewis provides advice for enterprises facing the mobile phishing menace.Continue Reading

• Social engineering penetration testing: Four effective techniques

  Social engineering penetration testing is now a must for enterprises. Learn about the four methods your pen tests should use.Continue Reading

• Using social engineering testing to foster anti-social engineering training

  Worried your users could easily be pwned? Learn about improving social engineering testing to foster anti-social engineering training.Continue Reading

• Webmail forensics: Investigating issues with email forwarding security

  Expert Mike Cobb discusses webmail forensics possibilities for dealing with the aftermath of an issue involving an email forwarding security breach.Continue Reading

• Curb the spam virus threat via information security awareness training

  Information security awareness training doesn't always protect users from the ongoing spam virus threat. Nick Lewis offers additional measures that may help.Continue Reading

• Exchange Server administration policy: Managing privileged user access

  Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy.Continue Reading

• The fight against phishing: Utilizing SPF and DKIM authentication technology

  The fight against phishing has been waging for years. Expert Michael Cobb explains how SPF and DKIM authentication technologies could turn the tide.Continue Reading

• Spear phishing examples: How to stop phishing from compromising users

  Spear phishing targets the weakest link in most security programs: users. These spear phishing examples can help your enterprise thwart attacks.Continue Reading

• IPv6 malware: With the transition, will IPv6 spam increase?

  The transition from IPv4 to IPv6 could have some unintended negative consequences for security.Continue Reading

• Hop-by-hop encryption: A safe enterprise email encryption option?

  Learn how hop-by-hop encryption gives enterprises the opportunity to send encrypted emails to large amounts of employees without a digital signature for each email from expert Michael Cobb.Continue Reading

• Learn how to utilize a free spam-filtering service for your SMB

  Learn how a Web-based free spam-filtering service can secure email and prevent spam from attacking your enterprise.Continue Reading

• Google 'Gchat' security and Internet application security best practices

  Users in the enterprise may unknowingly be exposed to 'Gchat' security risks. Expert Michael Cobb discusses Internet application security best practices that can help protect enterprise users.Continue Reading

• The state of enterprise spam filters: Can more be done to control spam?

  Does your enterprise rely solely on its email filter to protect against spam? Are you aware of how spam filters work? Expert Michael Cobb discusses how today's spam works, and what can help control spam in an enterprise setting.Continue Reading

• Can I trace email origin locations to thwart email attachment viruses?

  Can tracing an email back to its origin help to prevent the threat of future viruses via email? Learn more in this expert response.Continue Reading

• How to keep messages secure with an email digital certificate

  Using an email digital certificate can help protect important information from being read by anyone except the intended recipient.Continue Reading

• Is messaging in symmetric encryption better than PGP email security?

  Is symmetric encryption or PGP the more reliably secure way to send email? Learn more in this expert response from Randall Gamby.Continue Reading

• How secure is an email with a .pdf attachment?

  Sending sensitive information in an email or as an attachment is unsafe, and depending on your organization's security policies, could land you in a lot of trouble. Michael Cobb explains why.Continue Reading

• FERPA regulation guidelines to email student personal data unencrypted

  In order to protect student personal data, FERPA was enacted in 1974. But does protecting that data allow for FERPA educational records to be sent unencrypted via email? Find out in this expert response.Continue Reading

• How to secure a .pdf file

  In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents.Continue Reading

• How to prevent phishing attacks with social engineering tests

  Is your enterprise capable of withstanding today's phishing attacks? Sherri Davidoff reviews how you can test your employees.Continue Reading

• How to confirm the receipt of an email with security protocols

  Many websites try to ensure secure registrations by sending email confirmations. But how is it possible to confirm receipt of that email by the correct recipient? Identity and access management expert Randall Gamby weighs in.Continue Reading

• Can an IP spoofing tool be used to spam SPF servers?

  Michael Cobb explains what the Sender Policy Framework can and cannot protect against, including IP spoofing attacks.Continue Reading

• With McColo shut down, has spam decreased?

  Expert Michael Cobb explains how the shutdown of the San Jose-based Web hosting service provider actually impacted spam levels.Continue Reading

• How to prevent brute force webmail attacks

  Expert Sherri Davidoff explains why brute-force attacks on webmail accounts are such a popular hacking technique.Continue Reading

• What does 'invoked by uid 78' mean?

  Are you seeing a 'uid 78' in your emails? In this expert response, Michael Cobb explains what the message means.Continue Reading

• Are message stubs a secure part of email retention policies?

  Because deleting older emails is not an option for many companies, email "stubs" have been an alternative for organizations looking to archive their messages. Michael Cobb reviews email stubbing and its possible security limitations.Continue Reading

• How can 419 scam emails and backscatter spam be stopped?

  A 419 scam is just one example of backscatter spam. John Strand explains which long-term solutions can help combat these particular kinds of unwanted messages.Continue Reading

• What are the security risks of opening port 110 and port 25?

  If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions.Continue Reading

• Do European laws prevent a U.S. company from blocking spam?

  Michael Cobb explores how the Internet -- and the ability to send messages quickly and easily to other countries --has complicated matters of jurisdiction.Continue Reading