Preview the latest global phishing benchmarking results and expert security awareness recommendations from Fortra's Terranova Security 2023 Gone Phishing Tournament.
Counterfeit activity increases every year during the pre-holiday shopping blitz -- most notably Black Friday, Cyber Monday, Christmas and Hanukkah. Arm yourself with defenses now to combat ever-evolving counterfeiting methods during peak retail shopping season.
When it comes to email authentication standards, should you use DKIM, SPF, or both? We’re going to cover these terms, when you should use them, what they do—and how best to protect your email domains.
Is it Either/Or—or Both?
Should the battle really be SPF vs. DKIM? While not mandatory, it’s highly recommended to use both SPF and DKIM to protect your email domains from spoofing attacks and...
The Email Authentication Challenge
Email is the #1 way attackers target an organization’s customers and email ecosystem. DMARC authentication, specifically with an enforcement policy of Reject, is the single most effective way to close this vulnerability inherent to email. While the premise of authentication is straightforward, organizations can encounter roadblocks and challenges along the way...
Business email compromise (BEC) has continued to grow into a billion-dollar industry as cybercriminals turn to it as their preferred scam. But with the West African gang we’ve named Scattered Canary, we have deeper insight into how BEC is connected to the rest of cybercrime, and why it has grown in recent years.
Download the threat dossier to learn:
How Scattered Canary grew from a one-man...
Why Integrated Email Threat Data Matters
Email is a primary vector for attacks on your business today—and email threats are evolving faster than ever. But actionable data about email attacks is often inaccessible to time-strapped security operations and incident response teams. That disconnect leaves your business vulnerable and unable to mitigate hidden email threats.
Improve Visibility with...
As the world becomes more and more dependent on online resources to complete daily tasks, such as work meetings, grocery shopping, and even exercising, the risk of cyber attacks, data breaches, and information stealing increases. If you’re not already protecting your personal information online, now is the perfect time to start, as Data Privacy Weeks kicks off today.Led by the National Cyber...
Phishing emails can steal sensitive data and cost companies' their reputation. However, protecting a company from these scammers doesn't need to be difficult.
What Is Email Phishing?
Phishing is when an attacker mimics a trusted person or brand in an attempt to steal sensitive information, or gain a foothold inside a company network. While phishing emails are by far the most popular, these...
Amid a troubling rise in zero-day phishing attacks, recent research suggests that some companies may be making an ill-advised shift away from blocking advanced email threats to responding to them post-delivery. If true, the capitulation couldn't come at a worse time. Since January, cybercriminals taking advantage of the COVID-19 outbreak have been targeting businesses and individuals with an...
This post originally appeared on the Armadillo Blog and has been lightly edited for clarity.
Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables.
As a service provider...
Mergers and acquisitions can build your company's value overnight, but business email compromise (BEC) and data breaches can tear it down just as quickly. Too often, M&A announcements are followed by waves of BEC attacks against the companies involved, or by news that the target company was the victim of a data breach. To get the most value from a merger or acquisition, you need to know how to...
Are you sending Google Calendar invites and not getting replies, or maybe your invitees tell you they tried to reply and it was blocked? Or maybe you are trying reply to Google Calendar invites and being blocked saying the mail is not accepted due to your domain's DMARC policy?This is an issue I have been seeing, so I did some digging and I have figured out what is going on. Before I get to the...
In the last five years, we’ve all become far too familiar with it – hackers spoofing a company’s domain and therefore tarnishing the brand, bad actors attempting to infect our computers with malware, and criminals sending millions of spam messages.
As if this isn’t enough, now there is a whole group of people working to outsmart companies AND their customers by using cousin domains to fool...
This is the start of a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment.What does "PermError SPF Permanent Error: Too many DNS lookups" mean?There are several safeguards put in place with SPF. One of these is a limitation of DNS lookups to help ensure that you do not have timeout issues. SPF will evaluate only 10 DNS mechanism lookups in an SPF...
The Benefits of Monitor Mode
When a technology exists that can tell you if and when your domains are being spoofed (and by who), why would you not use it?!
What is DMARC?
DMARC was created to address some fundamental problems with existing email authentication technologies (SPF and DKIM). It provides feedback about your email authentication implementation and gives ISPs (Google, Yahoo!,...