Email and messaging threats
Phishing attacks and email spam are constant threats for enterprises. This resource center offers the latest news, tips and expert advice on phishing, spam and other messaging threats as well as best practices for email protection.
Top Stories
-
Feature
08 Jul 2025
Phishing prevention: How to spot, stop and respond to scams
From email scams to BEC attacks, phishing is one of the biggest fish organizations must fry. Get advice on how to identify, prevent and respond to phishing schemes. Continue Reading
-
Feature
18 Apr 2025
The history and evolution of ransomware attacks
Ransomware creators have become more innovative and savvier as organizations up their defenses. Continue Reading
-
Opinion
01 May 2019
Putting cybersecurity for healthcare on solid footing
CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
-
Feature
01 May 2019
Huawei ban highlights 5G security issues CISOs must tackle
Why worry over Huawei? A U.S. ban of this Chinese company's products should remind CISOs that now is the time to consider security issues related to the rollout of the 5G network. Continue Reading
-
Guide
29 Apr 2019
How to manage email security risks and threats
When faced with email security risks -- and who isn't? -- do you have the right tools, features, training and best practices in place to face down phishing attacks and manage other threats proactively? Start with this guide. Continue Reading
-
News
26 Apr 2019
FBI report says BEC attacks are increasing, evolving
According to the FBI's 2018 Internet Crime Report, business email compromise attacks are on the rise. Security experts highlight how BEC scams are evolving. Continue Reading
-
Tip
25 Apr 2019
The top 3 email security threats and how to defuse them
Understanding the nature of the top 3 email security threats -- malware, phishing and spoofed domains -- can help reduce their impact. Continue Reading
-
Answer
26 Mar 2019
Can PDF digital signatures be trusted?
Digital signatures on PDF documents don't necessarily guarantee their contents are valid, as new research shows viewer implementations don't always detect incomplete signatures. Continue Reading
-
Tip
20 Mar 2019
Find out whether secure email really protects user data in transit
Outside of user perceptions, how safe is secure email in terms of protecting users' data in transit? Our expert explains how much the SSL and TLS protocols can protect email. Continue Reading
-
Tip
14 Mar 2019
Nine email security features to help prevent phishing attacks
Check out nine email security features that can help protect you from phishing attacks. First, make sure they're enabled on your email system configuration, and if not, start your wish list. Continue Reading
-
Tip
01 Mar 2019
Top 5 email security issues to address in 2019
The top five email security issues come from a variety of places, from email phishing to account takeovers. Our security expert recommends being vigilant and poised to take action. Continue Reading
-
Quiz
20 Dec 2018
Test your phishing security knowledge with this quiz
Email phishing can cause major security breaches if users aren't careful. IT must train users on email security best practices to defend against these attacks. Continue Reading
-
News
06 Dec 2018
NRCC email breach confirmed eight months later
A security company was brought in to investigate a National Republican Congressional Committee breach from April, but little is known about the NRCC email theft. Continue Reading
-
Feature
05 Dec 2018
Testing email security products: Results and analysis
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products and the challenges it faced to come up with sound methodologies. Continue Reading
-
Feature
30 Nov 2018
Testing email security products: Challenges and methodologies
Kevin Tolly of the Tolly Group offers a look at how his company set out to test several email security products, as well as the challenges it faced to come up with sound methodologies. Continue Reading
-
Answer
21 Nov 2018
How were attackers able to bypass 2FA in a Reddit breach?
Reddit announced a breach after users were socially engineered and attackers bypassed 2FA protocols. Discover how this attack was possible and how sites can avoid falling victim. Continue Reading
-
Answer
08 Nov 2018
What is behind the growing trend of BEC attacks?
BEC attacks cost over $676 million in 2017, according to the FBI's Internet Crime Report. Learn how to recognize possible BEC attacks from expert Michael Cobb. Continue Reading
-
Answer
05 Nov 2018
How can U2F authentication end phishing attacks?
By requiring employees to use U2F authentication and physical security keys, Google eliminated phishing attacks. Learn how the combination works from expert Michael Cobb. Continue Reading
-
Answer
22 Oct 2018
What are DMARC records and can they improve email security?
Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson. Continue Reading
-
Feature
15 Oct 2018
Create an email phishing test to minimize attack vectors
With email phishing testing, IT can improve its end-user security. Phishing attacks prey on user ignorance, so IT can use a test to teach users how to avoid this attack vector. Continue Reading
-
Tip
25 Sep 2018
How to create an internal phishing campaign from scratch
When IT begins an email phishing campaign, it must determine what server the emails will come from, consider phishing tool options and more. Continue Reading
-
Tip
06 Sep 2018
How the STARTTLS Everywhere initiative will affect surveillance
The EFF's STARTTLS Everywhere initiative encrypts email during delivery and aims to prevent mass email surveillance. Expert Michael Cobb explains how STARTTLS works. Continue Reading
-
Photo Story
04 Sep 2018
4 enterprise email clients to consider instead of Outlook
Organizations looking to cut costs or make a change for their business email client have numerous options to replace Microsoft Outlook, but not all of them are viable. Continue Reading
-
Tip
16 Aug 2018
How to mitigate the Efail flaws in OpenPGP and S/MIME
Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb. Continue Reading
-
News
31 Jul 2018
U.S. government making progress on DMARC implementation
The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away, and only half of the domains have the correct policy in place. Continue Reading
-
News
27 Jul 2018
LifeLock vulnerability exposed user email addresses to public
News roundup: A LifeLock vulnerability exposed the email addresses of millions of customers. Plus, Amazon's Rekognition misidentified 28 members of Congress as criminals, and more. Continue Reading
-
News
28 Jun 2018
EFF's STARTTLS Everywhere aims to protect email in transit
The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing. Continue Reading
-
News
15 Jun 2018
EU institutes Kaspersky ban, calls software 'malicious'
News roundup: Following a vote by the European Parliament to implement a Kaspersky ban in the EU, Kaspersky announced it would halt ties with the No More Ransom project and Europol. Continue Reading
-
News
15 Jun 2018
FBI fights business email compromise with global crackdown
U.S. federal agencies worked with international law enforcement in Operation Wire Wire to find and prosecute alleged cybercriminals conducting business-email-compromise scams. Continue Reading
-
Tip
14 Jun 2018
How to use the OODA loop to improve network security
The OODA loop can be used to establish cyber deception against hackers to improve network security. Learn the OODA steps and how they can be applied to security with Kevin Fiscus. Continue Reading
-
Feature
01 Jun 2018
Business email compromise moves closer to advanced threats
The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks. Continue Reading
- 29 May 2018
-
Podcast
24 May 2018
Risk & Repeat: Breaking down the Efail flaws
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Efail vulnerabilities in PGP and S/Mime protocols, as well as the rocky disclosure process for the flaws. Continue Reading
-
Tip
21 May 2018
Create an effective email phishing test in 7 steps
The best way for IT to improve email phishing security is through comprehensive testing, which helps identify which users are susceptible and what type of fake email is most effective. Continue Reading
-
News
18 May 2018
Telegrab malware threatens Telegram desktop users
News roundup: Telegrab malware enables hackers to grab encryption keys and browser credentials from Telegram sessions. Plus, DHS released its new cybersecurity strategy, and more. Continue Reading
-
Podcast
17 May 2018
Risk & Repeat: Business email compromise on the rise
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise in business email compromise activity based on new data from the FBI's 2017 Internet Crime Report. Continue Reading
-
News
16 May 2018
Efail disclosure troubles highlight branded vulnerability issues
The Efail disclosure process was one day away from completion, but attempts to generate hype for the vulnerabilities led to details leaking earlier than researchers intended. Continue Reading
-
News
14 May 2018
Efail flaws highlight risky implementations of PGP and S/MIME
The messy disclosure of the Efail flaws raised questions about the security of email encryption, while experts said S/MIME may be more at risk than some PGP implementations. Continue Reading
-
News
14 May 2018
FBI: Business email compromise tops $676 million in losses
Verizon's Data Breach Investigations Report indicates an increase in ransomware while the FBI's Internet Crime Report shows a downward trend, with business email compromise on the rise. Continue Reading
-
News
30 Apr 2018
Phishing threats still dwarf vulnerabilities, zero-days
Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and enterprises are still on the defensive. Continue Reading
-
News
26 Apr 2018
SecureWorks warns of business email compromise campaign
SecureWorks researchers uncovered an extensive business email compromise campaign targeting the maritime shipping industry, which may have cost organizations millions of dollars. Continue Reading
-
Answer
28 Mar 2018
Zyklon malware: What Microsoft Office flaws does it exploit?
Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet data with expert Judith Myerson. Continue Reading
-
Feature
08 Mar 2018
How ransomware variants are neutralizing data backups
The latest iterations of ransomware aim to undercut backups as an effective method for recovering from attacks. Learn how to overcome this vulnerability. Continue Reading
-
News
23 Feb 2018
Hackers used SWIFT-based attacks to steal millions from banks
News roundup: Hackers once again used SWIFT-based attacks to steal millions from Russian and Indian banks. Plus, hackers used an L.A. Times website for cryptojacking, and more. Continue Reading
-
Answer
21 Feb 2018
How are tech support scams using phishing emails?
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis. Continue Reading
-
News
14 Feb 2018
Zero-day Telegram vulnerability exploited for cryptomining
Kaspersky Lab disclosed a zero-day vulnerability in Telegram that the security vendor says was abused by Russian cybercriminals in a cryptomining malware campaign. Continue Reading
-
Feature
21 Dec 2017
Get the best botnet protection with the right array of tools
Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading
-
Tip
12 Dec 2017
Use SpoofGuard to defend against malicious activity in VMware NSX
SpoofGuard monitors network traffic to identify malicious activity and prevent phishing attacks. Before you enable SpoofGuard in NSX, there are a few things you should know. Continue Reading
-
Tip
09 Nov 2017
Email security issues: How to root out and solve them
Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more. Continue Reading
-
News
31 Aug 2017
Spambot email leak compromises 711M records
An email leak containing 711 million records was found in a breach of a spambot list stored in the Netherlands and included both addresses and passwords used to access email accounts. Continue Reading
-
Answer
25 Aug 2017
How is cross-platform malware carried in Word docs?
Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks work and how to defend against them. Continue Reading
-
Guide
21 Aug 2017
How to attack DDoS threats with a solid defense plan
An anti-DDoS program requires solid understanding of the threat and a clearly thought-out strategy. This guide will help you define and implement a solid DDoS defense plan. Continue Reading
-
Answer
10 Aug 2017
Libpurple flaw: How does it affect connected IM clients?
The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works. Continue Reading
-
Answer
07 Aug 2017
How did flaws in WhatsApp and Telegram enable account takeovers?
Flaws in WhatsApp and Telegram, popular messaging services, enable attackers to break encryption and take over accounts. Expert Michael Cobb explains how the attacks work. Continue Reading
-
News
27 Jul 2017
Phishing research shows troubling trends for enterprise users
Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats. Continue Reading
-
Answer
20 Jul 2017
How can users protect themselves from the DocuSign phishing email?
A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack. Continue Reading
-
Answer
08 Jun 2017
The Apple Notify flaw: How does it allow malicious script injection?
Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work. Continue Reading
-
Answer
26 May 2017
How can customer service staff spot social engineering email attacks?
Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks. Continue Reading
-
News
05 May 2017
SS7 vulnerability allows attackers to drain bank accounts
News roundup: Attackers exploit SS7 vulnerability and drain bank accounts. Plus, Trump signs government IT executive order, an Intel AMT flaw threatens millions and more. Continue Reading
-
Answer
04 May 2017
Why did the PHPMailer library vulnerability have to be patched twice?
After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works. Continue Reading
-
News
04 May 2017
Google Docs phishing attack grants attacker full Gmail access
A Google Docs phishing attack abused OAuth to give malicious actors full access to a victim's Gmail account and contacts, but Google claims to have blocked the attacks. Continue Reading
-
Answer
19 Apr 2017
How does Nemucod malware get spread through Facebook Messenger?
The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack. Continue Reading
-
Answer
06 Apr 2017
How serious is a malicious DLL file vulnerability for enterprises?
A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability and its classification. Continue Reading
-
Answer
24 Mar 2017
How does the Locky ransomware file type affect enterprise protection?
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift. Continue Reading
-
News
23 Mar 2017
DV certificates abused, but policing may not be possible
Research shows DV certificates can be a prime target for phishing and malware operators, but experts are unsure how certificate authorities should deal with the issue. Continue Reading
-
Answer
03 Mar 2017
What's the best corporate email security policy for erroneous emails?
If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise. Continue Reading
-
Answer
22 Feb 2017
How can obfuscated macro malware be located and removed?
A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware. Continue Reading
-
Answer
07 Feb 2017
How did a Signal app bug let attackers alter encrypted attachments?
The Signal app, used for end-to-end encrypted mobile messaging, contained a bug that allowed data to be added to attachments. Expert Michael Cobb explains the flaw. Continue Reading
-
News
17 Jan 2017
Gmail phishing campaign uses real-time techniques to bypass 2FA
Researchers saw a Gmail phishing campaign in the wild using clever tricks to access accounts including a difficult 2FA bypass only possible in real time. Continue Reading
-
Answer
05 Dec 2016
What should happen after an employee clicks on a malicious link?
The response to an employee clicking on a malicious link is important for organizations to get right. Expert Matthew Pascucci discusses how to handle the aftermath of an attack. Continue Reading
-
Answer
21 Jun 2016
What new Asacub Trojan features should enterprises watch out for?
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for. Continue Reading
-
Feature
18 Mar 2016
Detecting and Combating Malicious Email
In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims. Continue Reading
-
Feature
30 Dec 2015
Symantec Messaging Gateway and Symantec Email Security.cloud: Product overview
Expert Karen Scarfone examines the Symantec Messaging Gateway and Symantec Email Security.cloud email security gateway products that detects and blocks messages that contain suspicious content and threats. Continue Reading
-
Feature
30 Dec 2015
Proofpoint Enterprise Protection: Product overview
Expert Karen Scarfone examines the Proofpoint Enterprise Protection email security gateway product, which scans inbound and outbound email messages for malware, phishing and spam threats. Continue Reading
-
Feature
21 Dec 2015
McAfee Email Protection, Security for Email Servers: Product overview
Expert Karen Scarfone reviews the McAfee Email Protection and McAfee Security for Email Servers products that are used for monitoring, blocking and quarantining email messages. Continue Reading
-
Feature
21 Dec 2015
Clearswift SECURE Email Gateway: Product overview
Expert Karen Scarfone reviews the Clearswift SECURE Email Gateway product, which monitors incoming and outgoing emails. Continue Reading
-
Feature
21 Dec 2015
Fortinet FortiMail: Product overview
Expert Karen Scarfone reviews the Fortinet FortiMail email security gateway product that is used for monitoring email messages on behalf of an organization. Continue Reading
-
Feature
14 Dec 2015
Cisco Email Security Appliance: Product overview
Expert Karen Scarfone reviews Cisco's Email Security Appliance product that is designed for detecting and blocking email-borne threats. Continue Reading
-
Feature
16 Dec 2014
Targeted Cyber Attacks
In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets. Continue Reading
-
Answer
19 Nov 2014
How can vishing attacks be prevented?
Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them. Continue Reading
-
News
10 Sep 2010
'Here you have' email worm spreads
NASA, Wells Fargo, Comcast and Disney were hit by the old-school email worm, which spreads by harvesting victims' contact data. Continue Reading
-
News
06 May 2010
Symantec warns of Apple phishing scam
Symantec is warning of a new phishing campaign targeting Apple users in an attempt to trick them into giving up their Apple gift card data. Continue Reading
-
News
19 Mar 2010
Sophos researchers warn of new Amazon phishing scam
Phony email message claims Sony laptop is on the way. Continue Reading
-
News
11 Feb 2010
How to turn off Google Buzz and avoid privacy issues
Google's new Twitter-like tool in Gmail, called Google Buzz, has prompted some privacy advocates to cry foul. Here's how to turn it off. Continue Reading
-
News
17 Dec 2009
Panda warns of American Express phishing scam
Standard phishing attack targets American Express customers. Continue Reading
-
News
19 Oct 2009
Scareware report highlights successful business model
Report finds cybercriminals well organized in coordinated rogue antivirus schemes. Continue Reading
-
News
06 Oct 2009
Massive phishing scheme affects Microsoft Hotmail accounts
Microsoft Hotmail passwords were stolen and posted online. Security experts say Gmail, Yahoo accounts affected as well. Continue Reading
-
News
05 Mar 2009
Fierce competition prompted new Cisco email security options
Increasing competition at the high end of the email security market has prompted Cisco and others to offer a mix of very robust options at attractive prices. Continue Reading
-
Answer
26 Jan 2009
What are the security risks of opening port 110 and port 25?
If an external manufacturer wants to remotely access its leased copiers, is it risky to open both port 110 or port 25? Mike Chapple reveals a few security repercussions. Continue Reading
-
News
13 Jan 2009
Phishing attack uses pop-up message on bank sites
Security researchers have discovered a new phishing method that forces pop-up login messages to appear on legitimate banking websites. Continue Reading
-
News
21 May 2008
ING hopes to cut phishing attacks with encryption software
The bank's free software gives customers a secure pipeline when they connect to their accounts. Continue Reading
-
News
14 May 2008
Google Docs used in latest spam run
Spammers are using Google's Web-based word processor and testing their campaigns using Google analytical tools. Continue Reading
-
Tip
17 Jan 2008
Cleansing an infected mail server
Learn five measures you can take to when cleaning up a massive email virus infection Continue Reading
-
News
30 Oct 2007
Beware of phishing attemps, FTC warns
Phishers are using the Federal Trade Commission to trick victims into downloading malware onto their machines. Continue Reading
-
Answer
30 May 2007
How secure are document scanners and other 'scan to email' appliances?
Copiers and document scanners have always posed challenges for information security teams. In this SearchSecurity.com Q&A, Michael Cobb reveals how the right policies can control the use (and abuse) of these devices. Continue Reading
-
Answer
02 May 2007
How can header information track down an email spoofer?
Spammers can use spoofed headers to hide the true origin of unwanted email. In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to trust where a message is coming from. Continue Reading
-
Feature
12 May 2005
E-mail policies -- A defense against phishing attacks
In this excerpt of Chapter 6 from "Phishing: Cutting the Identity Theft Line," authors Rachael Lininger and Russell Dean Vines explain how e-mail policies help protect companies from phishing attacks. Continue Reading