A newly-discovered technique misusing SMTP commands allows cybercriminals to pass SPF, DKIM and DMARC checks, empowering impersonated emails to reach their intended victim. Earlier this month, Timo Longin, security researcher with cybersecurity consulting firm SEC Consult published details on what is now referred to as SMTP Smuggling.

Threat actors constantly improve their tactics and are always on the hunt for technical or social vulnerabilities they can exploit. The pandemic-induced Great Resignation, massive layoffs, continuous company restructuring, and upcoming holidays make this a very busy time of changes in the labor force. Due to this upheaval, employees are always on the lookout for any updates from their Human Resources (HR) department, as HR often sends updates or notifications via company-wide email.

Life is full of problems. A product manager's life is that, and more! But it’s also the very reason we have been able to contribute to many, many awesome products. Since becoming a product manager, I’ve learned that the problems worth solving aren't always easy to spot and you have to do some sifting, rejecting and re-framing to get to the good stuff.

Following the release of the Phishing Threat Trends Report, we recently hosted the Human Risk Summit, a virtual gathering of top industry leaders to discuss human risk in cybersecurity.

As the most downloaded app in the world right now, the number of TEMU impersonation emails has increased by 112% since October 1st, 2023. As discounts and spending-based reward coupons form a substantial part of TEMU’s awareness campaigns, the company is reportedly spending $2bn annually on marketing. As the brand continues to grow in popularity, cybercriminals are increasingly leveraging it to lend authenticity to their spoofing attempts.

Midstride in this year’s holiday shopping, it’s important to realize just how many websites exist that impersonate legitimate online retailers. More importantly, your users need to know how to spot these types of attacks before falling victim.

If you click on a phishing link you should immediately disconnect your device from the internet, scan your device using antivirus software and keep a lookout for suspicious activity and transactions on your online accounts. Continue reading to learn what a phishing link is, what could happen if you click on a phishing link and how to avoid clicking malicious links.

Kroll forensic examiners and threat intelligence analysts identified a new phishing tactic targeting individuals using QR codes. Victims receive phishing emails impersonating Microsoft, letting them know that additional security measures are required and asking victims to scan the QR code in the body of the email or the email attachment.

A new BazarCall phishing campaign is using Google Forms to send phony invoices, according to researchers at Abnormal Security. “BazarCall/BazaCall attacks typically start with a phishing email designed to appear as a payment notification or subscription confirmation from a known brand,” Abnormal explains. “Within the email, recipients can find the amount to be charged—generally between $49.99 to $500 or more, depending on the subscription or service being impersonated.