Weekly Email Security News Recap #4 [November 2022]
This past week was extraordinary in terms of email security breach news; countless reports flooded in of cybercrime from around the world.
Following the Medibank and Optus hacking scandal in recent months, many business owners increased their cyber protection. It’s incredibly stressful for hacked business CEOs; they have responsibilities towards their customers and employees.
A cyberattack or data breach can have a significantly negative impact on the company’s reputation and bottom line.
Now let’s dive into our cybersecurity news and email security news of the week.
Email scams continue to exploit businesses; hackers target employees, CEOs, and even customers. One popular tactic is a fake invoice.
Central Victorian farmer Rebecca Hamilton received an invoice for $24,000, which appeared to be from her regular supplier. But Ms. Hamilton’s caution saved her from a considerable loss.
The would-be victim said that she received two invoices with red writing stretched across the middle informing her that bank account details had changed. After receiving it, the Shelbourne wool producer called her supplier to check if they had, in fact, changed their details.
Christina Fay, the Livestock feed supplier, said the invoice had come via her email address to Ms Hamilton’s; however, it seemed the hackers changed the details of the email.
Ms Fay stated that when she saw the invoice, it was exactly like the company’s legitimate invoice; it had all the correct information except for the changed account details.
This is precisely how businesses lose significant amounts of money to email scams- by not realizing how important it is to protect their email domain from malicious fraudsters.
In many cases, the level of sophistication of scammers is almost impossible to detect.
On November 17th, security experts at Armorblox reported a credential phishing attack that reportedly targeted 22,000 students at national educational institutions with a campaign impersonating Instagram.
The subject of this email encouraged victims to open the message and caused a sense of urgency to “prevent future harm.”
The email looked like it originated from Instagram Support, with the sender’s name, Instagram handle, and email address matching Instagram’s actual credentials.
This targeted email attack contained recipient-specific data like Instagram user handles, investing a level of trust that this email was a legitimate contact from Instagram.
The malicious email link redirects the user to a fake landing page with Instagram branding and details around the “unusual login attempt detected,” with a ‘This Wasn’t Me’ button.
The button, in turn, directed the victims to a second fake landing page designed to swipe sensitive user credentials.
The email attack bypassed native Microsoft email security controls and email authentication checks. This scam goes to show that even major brands are exploited to steal user credentials from unsuspecting victims.
Any organization’s security is crucial nowadays. With the increase in the number of cyberattacks, it has become essential to secure private data, IT infrastructure, and communications.
Sensitive company and customer information must be protected against unauthorized access. It’s always better to take a proactive approach to secure your databases.
Go ahead and secure your domain with EasyDMARC today!