Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams
Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed
Stay secure with the latest email security updates, best practices, and threat alerts to protect your inbox and sensitive information.
Search across headline titles and summaries.
Background for this topic.
Email is a system for exchanging digital messages, typically using mail servers and clients over a network. In security, it includes both the messages and the accounts, servers, domains, and authentication mechanisms that handle them. Email commonly carries phishing links, malicious attachments, and fraudulent requests for payments or credentials; compromised accounts can also be used to impersonate trusted people and conduct further attacks.
Defenses include filtering and malware scanning, phishing-resistant multifactor authentication, careful handling of links and attachments, and monitoring for unusual login or sending activity. Domain controls such as SPF, DKIM, and DMARC help receiving systems detect messages that are forged or sent without authorization, while encryption protects message contents in transit or at rest when correctly implemented. Security teams should preserve relevant headers and mailbox activity so suspicious messages can be investigated, removed, and used to identify affected accounts and other recipients.
Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed
GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction
Messaging menace used text and email to bombard people Food delivery company HelloFresh is nursing a £140,000 ($178k) fine by Britain’s data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months.…
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. [...]
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. [...]