email

Scammers are exploiting Google services to send fake law enforcement inquiry notifications, making them look like they originate from accounts.google.com.

Archives are being used in targeted phishing and other attacks on organizations. What tools, settings, and policies can mitigate the threat?

Scammers are exploiting GetShared to bypass email security.

We’ve added technology that checks QR codes in emails for phishing links.

A vulnerability in Google OAuth allows attackers to access accounts of defunct organizations through abandoned domains.

How to avoid giving away your password to scammers when logging in to third-party sites or viewing “encrypted” or “confidential” documents.

The patch that fixes CVE-2024-49040 in Microsoft Exchange is temporarily unavailable. We’ve implemented heuristics that detect attempts to exploit it.

Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.

This phishing campaign incorporates ghost spoofing, embedded text in images, a PDF file, a QR code, DocuSign imitation, and Cloudflare verification — yet it still completely misses the mark.

We’ve discovered a new Trojan that’s very selective about its victims.

Telegram bot sells subscriptions to phishing tools to hack Microsoft 365 accounts, including 2FA bypass.

A simple technology that significantly improves email protection.

Cybercriminals are using genuine Facebook infrastructure to send phishing emails threatening to block accounts.

Threat actors are targeting hotel staff with malicious and phishing e-mails.

Cybercriminals prey on corporate credentials by sending phishing links through Dropbox after priming the victim.

By hijacking domains with CNAME records and exploiting forgotten SPF records, attackers seize domains and use them for their own purposes.

Got a message from your boss or coworker asking you to “fix a problem” in an unexpected way? Beware of scammers! How to protect yourself and your company against a potential attack.

Cybercriminals prey on access to mailing tools by sending phishing emails through these same tools.

Why cybercriminals want to attack PR and marketing staff and, crucially, how to protect your company from financial and reputational harm.

Methods used by attackers to redirect victims to malicious and phishing sites from seemingly safe URLs.

Cybercriminals send the Remcos remote-access trojan under the guise of letters from a new client.