Common email Security Threats

A large number of organizations are already transitioning to cloud-based solutions and according to recent research, “by 2021, Gartner expects 70% of public and private companies to be using cloud email services.”⁶ As services evolve so do attackers’ methods and the transition from on-premise to cloud solutions has seen a parallel transition by attackers with access to a user’s email account often granting access to a wide range of available services. This means that attackers may only need to steal one set of credentials to have a potent effect, which is clear from the marked increase in the number of attacks against cloud-based email services such as Microsoft Office 365.¹ A multilayer approach is crucial in strengthening an organization’s security features and to keep an organization safe from email attacks.

Read moreRead more
Read previous Security BulletinsRead previous Security Bulletins

F-Secure ID Protection

One of the most challenging aspects of the modern, digital life is keeping on top of the latest trends in technology and the cyber threats that take advantage of them. Cyber security is ever evolving with the looming potential for exposure of personal data and passwords in data breaches a major concern. Identity theft is the main consequence of a breach and can also be linked to both personal and business devices getting hacked and even hit by ransomware. Resolving identity theft is never easy and once information gets exposed it can stay out there for years. This is where F-Secure’s ID Protection is of great value.

Read moreRead more

Importance of Incidence Response

Incident response has traditionally been a post-mortem investigation that begins after the attack has been completed and the business has suffered from the impact. According to a recent Verizon Data Breach Investigations Report, 58% of attacks go undiscovered for several months or more and it takes an average of 46 days to resolve an attack.

Read moreRead more

Spotted in the Wild

Email Spoofing:
Several spoofed email domains have been targeted by phishing campaigns to trick users into accessing and logging into external websites in order to steal their credentials. The emails were received from an unrecognised sender and pretend to be the internal postmaster for the domains.

OneDrive Clone (Forgery):
This is another example of a phishing website cleverly disguised as a Onedrive login page. When comparing the original login page with the fake, the differences are as clear as day. This link was circulated via email claiming to be a shared document/invoice.

419 Scams:
Advanced-fee scams, or as they are better known, 419 scams, are nothing new. These scams involve advising someone that they’ve won or inherited a large sum of money and that they’d either need to make a small payment to receive the bulk of the funds or provide their banking details for a transfer.
One needs to consider all these emails as fake. They are 100% scams and will never pay out the sum promised. The intention is to get funds from the victim and in some cases, continue extorting them for more funds in the future.

Read moreRead more
logo