A summary of common threats faced by cloud email systems beyond malware and data breaches, this blog provides actionable tips and best practices for businesses to protect their email systems.

Modern enterprises need to be able to identify the tactics being used by cybercriminals in email attacks, especially those leveraging advanced technologies like AI. Find out what's at stake and how today's email security solutions can help mitigate these evolving attacks.

According to a recent Cloud Security Alliance report, 98% of organizations worldwide use cloud services, including SaaS applications, complete cloud-native networks, and email services. It’s an overdue modernization that eliminates physical infrastructure to drive cost savings and integrate services for improved productivityChasing this move, cybercriminals intent on account takeover are evolving...

In early 2023, Microsoft launched Defender for Identity which aims to offer visibility by helping to identify threats and provide actionable reports on attacks. But M365 security is not completely adequate for the modern enterprise and must be augmented by other data security solutions.

Microsoft 365 has certainly become a mainstay. In order to stay safe and secure, Fortra's Clearswift Secure Email Gateway provides an additional needed layer to Microsoft 365.

Insider threats may not get as much attention as the outsider threats. Outsider threats are overwhelmingly malicious in intent. Organizations must protect their data with a strong barrier, because the “bad guys” are on the outside. However, inside the walls of an organization can be a disgruntled employee wanting to cause harm or an employee incentivized from outside the organization. Then of...

In 2021, Gartner includes DMARC, or known by its full name as Domain-based Message Authentication, Reporting & Conformance, in its list of top 10 security projects. With very few exceptions, the best way for organizations to prevent getting impersonated in email attacks is to integrate DMARC into their Office 365-based email ecosystems.To understand why, let’s consider the benefits of deploying...

Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized financial...

Communication through photos and short videos have now become commonplace with applications like Instagram and TikTok. While this popular use of imagery feels safe, many may not realize that photos can also be used to inconspicuously share data or carry out a ransomware cyberattack. Explore the threats of steganography and why ignoring it can be a significant email security mistake.

Whether you are a subscriber to the Inbox Zero mode of email management or prefer to let your unread emails rack up to hundreds or even thousands, there can be little doubt about the sheer volume of email communication.

Why would a cybercriminal spend time developing malware when he can simply trick unsuspecting users into handing over their passwords? Why would a threat actor spend her money and resources on ransomware, when she can get that same information through a compromised account? It’s a good question, and exactly what the Fortra Cyber Intelligence Team, Fortra's group of threat hunters, wanted to...

Generally defined, cyber threat intelligence is information used to better understand possible digital threats that might target your organization. This data will help identify threats in order to prevent security breaches in the future.Why Cyber Threat Intelligence is ImportantHaving a system in place that can produce threat intelligence is critical to staying ahead of digital threats, as well as...

The Covid-19 pandemic has undoubtedly changed working patterns for good. What are the implications for public sector organizations and what can they do to improve their cybersecurity posture?

Office 365 phishing emails come in common patterns. I'll list them here and also cover Office 365 anti-phishing features for prevention, detection, and response.Today, the typical Office 365 phishing emails direct users to fake Office 365 Sign-in pages. The victim submits their credentials, effectively handing over their password. Fraudsters use that login to access the victim’s address book, then...

Over the last five years, Business Email Compromise (BEC) has evolved into the predominant cyber threat businesses face today. Since 2016, businesses have lost at least $26 billion as a result of BEC scams and, based on the most recent FBI IC3 report, losses from BEC attacks grew another 37 percent in 2019—accounting for 40 percent of all cybercrime losses over the course of the year. The...

For a growing number of email marketers, it may be "BIMI or bust." As of June 30, nearly 5,300 companies have adopted Brand Indicators for Message Identification (BIMI), a new email standard for showcasing a brand's logo next to its email messages in recipient inboxes, with built-in protections against phishing-based brand spoofing.The tally reflects a 3.8X increase in the number of brands...

If you haven't deployed Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) to protect your brand from being impersonated in phishing scams, there are pressing reasons to jump on it now. Without a doubt, these are extraordinary times for individuals and organizations alike as we've been forced to change the way we work, shop, play, and live seemingly overnight, and for far...

Amid a troubling rise in zero-day phishing attacks, recent research suggests that some companies may be making an ill-advised shift away from blocking advanced email threats to responding to them post-delivery. If true, the capitulation couldn't come at a worse time. Since January, cybercriminals taking advantage of the COVID-19 outbreak have been targeting businesses and individuals with an...

Editor's Note: This post originally appeared on the Microsoft Security blog and has been republished here. You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance (DMARC), your organization is open to the phishing attacks that...