Cloud Email Filtering Bypass Attack Works 80% of the Time
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
Spam can deliver phishing links, malware, and fraudulent messages, making it a path for account theft and other cyberattacks.
Search across headline titles and summaries.
Background for this topic.
Spam is unsolicited, usually bulk messaging sent through email, text messages, social platforms, or other communication services. It may be commercial advertising, but security-relevant spam commonly includes deceptive messages designed to look like trusted communications. Automated campaigns can target large numbers of recipients at low cost, while compromised accounts and spoofed sender identities can make messages appear more credible.
Spam is a delivery channel for phishing, malware, fraudulent payment requests, and credential theft; links or attachments should therefore be treated as untrusted until verified. Defenses include reputation and content filtering, user reporting, attachment and URL analysis, and email authentication controls such as SPF, DKIM, and DMARC to reduce sender spoofing. Security teams should preserve relevant message headers and indicators when investigating campaigns, blocking associated infrastructure and checking whether recipients interacted with the content.
A majority of enterprises that employ cloud-based email spam filtering services are potentially at risk, thanks to a rampant tendency to misconfigure them.
Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. [...]