Security News

Roughly five hours after an internal email went out Friday to Amazon employees telling them to delete the popular video app TikTok from their phones, the online retailing giant appeared to backtrack, calling the ban a mistake. U.S. Secretary of State Mike Pompeo said this week that the government was "Certainly looking" at banning the app, setting off confused and irritated posts as well as jokes by TikTok users.

Amazon today said an internal email banning its staff from using TikTok on smartphones connected to their corporate inboxes was sent in "Error." The admission - or climb down, depending on how skeptical you are - came after the memo was obtained and leaked by journalists. So what Amazon's trying to say now is that it was wrong to ban TikTok from mobile devices: its policy is that it's OK to use the software on phones used for work email.

Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Rather than use free accounts, Cosmic Lynx will register strategic domain names for each BEC campaign to create more convincing email accounts.

The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.

Users who don't understand how to encrypt their emails won't do it. There's another danger for companies whose users do try to grapple with the internal email encryption system: rising support costs.

The proof is in the results: Phishing attacks of just one type - the business email compromise - have caused at least $26 billion in losses in the past five years alone, according to the FBI. The Heart of the Problem. Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.

Most businesses tell us that they think email encryption is a priority that's part of their digital transformation and cloud migration. Deploying encryption isn't just about flicking an on switch for some technology and you're done.

The link took them to a "Surprisingly believable" phishing page with logos and icons that matched their service provider, and instructed them to enter their WordPress account username and password to start the update. "The scam then shows you some fake but believable progress messages to make you think that a genuine 'site upgrade' has kicked off, including pretending to perform some sort of digital 'file signing' at the end," Sophos's security proselytiser Paul Ducklin explained.

A desire to remain compliant with the European Union's General Data Protection Regulation and other privacy laws has made HR leaders wary of any new technology that digs too deeply into employee emails. At the same time, new technologies are applying artificial intelligence and machine learning to solve HR problems like analyzing employee data to help with hiring, completing performance reviews or tracking employee engagement.

With email now the number one destination to hoodwink overworked and bleary-eyed users with a confidence trick, there are many, many reasons to keep email secure. The historical problem with a technique like encryption in the past has been, if carried out in a heavy-handed fashion, it can be an all-or-nothing kind of deal.