Malicious email campaign uses fake DocuSign messages to exfiltrate login credentials

SiliconAngle reports that more than 10,000 users across various organizations have been targeted by a new phishing email campaign using fake DocuSign messages to facilitate login credential theft. A new report from researchers at Armorblox Inc. today warns of a recent malicious email campaign that attempted to trick users into believing the emails were from … More Malicious email campaign uses fake DocuSign messages to exfiltrate login credentials

How a spoofed email passed the SPF check and landed in my inbox

The Sender Policy Framework can’t help prevent spam and phishing if you allow billions of IP addresses to send as your domain. Twenty years ago, Paul Vixie published a Request for Comments on Repudiating MAIL FROM that helped spur the internet community to develop a new way of fighting spam with the Sender Policy Framework (SPF). The issue then, as now, … More How a spoofed email passed the SPF check and landed in my inbox

The trouble with BEC: How to stop the costliest internet scam

Business email compromise fraud generated more losses for victims than any other type of cybercrime in 2021. It’s long past time that organizations got a handle on these scams. The old adage of people being the weakest link in security is especially true when it comes to email threats. Here, cybercriminals can arguable generate their … More The trouble with BEC: How to stop the costliest internet scam

Another email scam as Gaeilge is doing the rounds

An email in Irish, coming from a South Korean email address, claims the sender has a video of the receiver viewing pornography and will make it public unless paid €1200 in bitcoin. These sort of “sextortion” letters are nothing new, we’ve warned about several like this and this before, but we’re always excited to see … More Another email scam as Gaeilge is doing the rounds