email

This phishing campaign incorporates ghost spoofing, embedded text in images, a PDF file, a QR code, DocuSign imitation, and Cloudflare verification — yet it still completely misses the mark.

We’ve discovered a new Trojan that’s very selective about its victims.

Telegram bot sells subscriptions to phishing tools to hack Microsoft 365 accounts, including 2FA bypass.

A simple technology that significantly improves email protection.

Cybercriminals are using genuine Facebook infrastructure to send phishing emails threatening to block accounts.

Threat actors are targeting hotel staff with malicious and phishing e-mails.

Cybercriminals prey on corporate credentials by sending phishing links through Dropbox after priming the victim.

By hijacking domains with CNAME records and exploiting forgotten SPF records, attackers seize domains and use them for their own purposes.

Got a message from your boss or coworker asking you to “fix a problem” in an unexpected way? Beware of scammers! How to protect yourself and your company against a potential attack.

Cybercriminals prey on access to mailing tools by sending phishing emails through these same tools.

Why cybercriminals want to attack PR and marketing staff and, crucially, how to protect your company from financial and reputational harm.

Methods used by attackers to redirect victims to malicious and phishing sites from seemingly safe URLs.

Cybercriminals send the Remcos remote-access trojan under the guise of letters from a new client.

Examples of how QR codes in emails are used for phishing.

Scammers want to steal your passwords and financial data with fake websites. But where do they host them, and how to spot a fake?

Fake websites and email addresses are often used in phishing and targeted attacks. How do fake domains get created, and how to spot one?

Cybercriminals prey on corporate credentials by sending fake HR emails.

Cybercriminals can access the e-mails of folks you’re in correspondence with and then try to hijack your conversations.

Hackers are distributing the QBot trojan through business correspondence.

Microsoft plans to throttle and block email from vulnerable Exchange servers to Exchange Online.

Cybercriminals are using hijacked SharePoint servers to send dangerous notifications.