Category Archives: email-phishing

Here’s all the security features in the new Gmail

Posted on by

Google began a global phased rollout of the new Gmail on Wednesday, which comes with a host of added security features including a confidential mode, expiration dates on messages, and two factor authentication. The update will not be available to all 1.4 billion users immediately. Some users can opt-in to the updated inbox via the settings menu, which will roll out Wednesday. The new confidential mode lets you disable the option to forward, copy, download, or print messages. This makes it harder for others to share sensitive information, like banking details or tax returns.  There will also be an option to enable two-factor authentication (2FA) for individual messages, meaning recipients of sensitive emails can be asked to verify their identity with a passcode send to their phones via SMS, before being able to read the email. Prior to the update, 2FA was available when accessing a Gmail account, but not […]

The post Here’s all the security features in the new Gmail appeared first on Cyberscoop.

Continue reading Here’s all the security features in the new Gmail

Report: DMARC email security can be too hard for some large companies

Posted on by

Adoption of the email security standard known as DMARC — the best way to stop fraudulent email like phishing messages — remains low, even among large banks and other major corporations, according to new figures. And that’s because many companies don’t know about it, and it can be very complex to implement in big enterprises. DMARC, or Domain-based Message Authentication, Reporting and Conformance, is the industry standard measure to prevent email spoofing — when hackers make their messages appear as if they come from trusted correspondents. The aim of these so-called phishing messages is to entice the recipient to click malicious links or download infected attachments. Phishing is the number one method used by hackers to gain a foothold on a company network, experts say, and a major cybercrime vector — and DMARC, when used correctly, stops it dead. But a succession of recent reports have shown that DMARC adoption rates continue to […]

The post Report: DMARC email security can be too hard for some large companies appeared first on Cyberscoop.

Continue reading Report: DMARC email security can be too hard for some large companies

Russians, other foreigners, spoofing unprotected .gov email addresses, report says

Posted on by

Thousands of web domains belonging to hundreds of federal departments and agencies are being spoofed by email hackers, including many from Russia and other adversary nations, according to new figures reported this week. The cyberspies and online fraudsters are trying to trick message recipients into clicking on malicious links or downloading malware designed to steal passwords and other personal information, according to an analysis by cybersecurity outfit Proofpoint, which specializes in providing online security for large organizations. The company looked at nearly 70 million emails sent during October from 5,000 unique .gov parent domains protected by Proofpoint, the company’s VP of Email Fraud strategy Robert Holmes told CyberScoop. More than 3,000 of those domains had been spoofed by hackers sending phishing emails that purported to come from a trusted communicant. “We saw over 8.5 million fraudulent messages,” Holmes wrote in a blog post Monday, “Almost 10 percent of which were not even sent from a US-based [internet or IP] address.” The […]

The post Russians, other foreigners, spoofing unprotected .gov email addresses, report says appeared first on Cyberscoop.

Continue reading Russians, other foreigners, spoofing unprotected .gov email addresses, report says

Why DHS is telling all feds to implement DMARC email security

Posted on by

An email security program that the Department of Homeland Security has made mandatory for U.S. agencies will stop hackers, online scammers and spies from impersonating federal email addresses — and boy, is it ever needed. It comes as new figures suggest that more than 1 in 4 emails from .gov addresses might be malicious criminal spam. Domain-based Message Authentication, Reporting and Conformance (DMARC) is the industry standard measure to prevent the spoofing of emails — when hackers make their messages appear as if they come from trusted correspondents, explained DHS Assistant Secretary for Cybersecurity and Communications Jeanette Manfra. “It’s a reasonable action that agencies can take; it’s in line with industry best practices; and it has broad, scalable impact across the whole [online] ecosystem,” Manfra told CyberScoop in an interview, outlining her rationale. “It was one of the first things we started work on” after she was appointed acting assistant secretary earlier this year. Agari, a company […]

The post Why DHS is telling all feds to implement DMARC email security appeared first on Cyberscoop.

Continue reading Why DHS is telling all feds to implement DMARC email security

DHS will scan agencies for DMARC, other hygiene measures

Posted on by

The Department of Homeland Security is now collecting data about federal agencies’ use of an industry-standard cybersecurity measure that blocks forged emails. The collection is seen as a first step to encouraging wider adoption within the U.S. government, according to official correspondence. In a letter to Sen. Ron Wyden, D-Ore., DHS official Christopher Krebs says the department, “is actively assessing the state of email security and authentication technologies … across the federal government,” to include Domain-based Message Authentication, Reporting and Conformance (DMARC). DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a major form of both crime and espionage, in which an email appearing to a come from a trusted third party directs readers to a website where login and password credentials can be stolen. Krebs says DHS’s 24-hour cyber watch center, […]

The post DHS will scan agencies for DMARC, other hygiene measures appeared first on Cyberscoop.

Continue reading DHS will scan agencies for DMARC, other hygiene measures

DMARC use continues to climb inside federal government

Posted on by

The number of federal government departments and agencies deploying the highest level anti-spoofing and anti-phishing email security has nearly doubled since the end of May, new figures show. A total of 135 federal email domains had some form of the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol deployed Aug. 1, according to the non-profit Global Cyber Alliance. That’s only six more than the 129 who had some deployment May 26 — but of those 135, 60 had the protocol set to p=reject, the highest level of deployment. That compares to just 32 who had the protocol fully deployed in May. DMARC helps prevent phishing and other email spoofing attacks, when a message is made to look as if it comes from a company or government agency. The IRS, for instance, is a frequent target of phishers, who prefer to impersonate banks or other email senders who might have a financial relationship with potential victims. At […]

The post DMARC use continues to climb inside federal government appeared first on Cyberscoop.

Continue reading DMARC use continues to climb inside federal government

Blackmoon Banking Trojan Using New Infection Technique

Posted on by

Security researchers say the Blackmoon banking Trojan targeting exclusively South Korean financial institutions has developed a new malware infection technique. Continue reading Blackmoon Banking Trojan Using New Infection Technique