Security News

Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Cybercriminals are hijacking legitimate email accounts from more than a dozen universities - including Purdue University, University of Oxford in the U.K. and Stanford University - and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware. The highest number of phishing emails detected came from compromised Purdue University accounts, stolen in campaigns from Jan. to Sept. Behind Purdue University was Oxford, Hunter College and Worcester Polytechnic Institute.

The Business Email Compromise is a particular type of phishing attack in which cybercriminals impersonate a trusted contact or other party, either internal or external. During the third quarter of 2020, the median number of BEC attacks received per company each week rose by 15% from the second quarter, according to the report.

Today multiple reports have emerged from Home Depot customers in Canada stating that the company had sent them hundreds of emails containing order information of strangers. The emails obtained by BleepingComputer reveal information such as the customer's name, order number along with QR code, pick-up store address-or in some cases the customer's home address, items in the order, and payment receipt containing the last 4 digits of the payment card number.

As the number one threat vector for most organizations, email continues to be widely used by cybercriminals to penetrate organizations in support of a wide variety of cyberattacks. Unlike other attack vectors, email enables cybercriminals to directly leverage humans in an effort to bypass security controls and facilitate attacks.

Amazon has fired an employee who shared customers' names and email addresses with a third party. Amazon did not comment on an inquiry from Threatpost asking how many customers were impacted, and what the role of the Amazon employee was.

An election security report released by Valimail exposed some significant issues with email security which could have the potential to disrupt the 2020 elections. Just 7% of the largest counties' domains are protected, an increase of just 2 percentage points from 2019.Only one of the eight election systems manufacturers certified by the US government is protected from email spoofing.

Microsoft says that Office 365 customers can use unlimited disposable recipient email addresses after the Plus Addressing feature rolled out to all Exchange Online users. Plus addressing allows users to create an indefinite number of custom and unique email addresses by adding suffix text strings to their standard address using a '+' delimiter.

In this article, I will focus on email impersonation attacks, outline why they are dangerous, and provide some tips to help individuals and organizations reduce their risk exposure to impersonation attacks. We can all follow some security hygiene best practices to reduce the risk of email impersonation attacks.

Federal officials claim that Iranian threat actors are behind two separate email campaigns that assailed Democratic voters this week with threats to "Vote for Trump or else." The campaigns claimed to be from violent extremist group Proud Boys. Two specific email campaigns - one on Tuesday Oct. 20 and one on Wednesday, Oct. 21 - threatened Democratic voters in Alaska, Arizona and Florida that attackers accessed "All of your information." They warned that there would be dire repercussions if voters didn't cast their ballot for President Trump in the upcoming election, according to a Wednesday Proofpoint report.

Menacing emails to Democratic voters, telling them to vote for Donald Trump in the upcoming US elections or else, were sent by Iran, US intelligence claimed on Wednesday night. At a press conference tonight, Uncle Sam's Director of National Intelligence John Ratcliffe said the messages were actually sent by Iranian agents, who had obtained US voter records, including contact details, seemingly to intimidate Americans.