In my previous blog post, I discussed the two phases of email filtering in the open quarantine process that can help prevent social engineering-based email attacks. The first phase deals with how to identify high-risk situations. However, due to the complex nature of cybersecurity, these situations don’t necessarily correspond to a certainty of attacks. As […]
In my previous blog post, I introduced the concept of open quarantine. This week, I’d like to explore the two phases of email filtering that make up the open quarantine process. Phase 1 The notion of open quarantine depends on being able to perform a tripartite classification of messages into good, bad and undetermined, where […]
In my previous blog post, I provided examples of the growing sophistication – and subsequent success – of several high-visibility email attacks that used social engineering to evade traditional email security filters. This week, I’d like to introduce a new filtering paradigm: open quarantine. Open quarantine balances the needs of security and usability using a […]
In my previous blog post, I provided examples of the growing sophistication – and subsequent success – of several high-visibility email attacks. This week, I’d like to look at the different types of emails that are enabling these attacks. Deceptive emails are used by cyberattackers to carry out three different types of attacks: To coerce […]
Just ten years ago, Internet security abuses were almost synonymous with small-time crime, e.g., poorly spelled email messages used in attempts to steal banking credentials. The threat is very different these days. Starting in 2007, nation states started using cyberattacks to accomplish political goals. In the first high-profile case, prompted by political tensions between Estonia […]
One of the things that often stumps even the most security conscious companies is knowing all the third-party email service providers they are working with. It is extremely difficult, if not impossible for these organizations to protect their customers from phishing attacks if they don’t even know who is sending legitimate email on their behalf.