Ever hit send on an email and immediately felt that sinking feeling? Maybe it was an attachment containing sensitive data that was misplaced, or that clever phishing email that convinced a colleague to cough up login credentials. These are cases that clearly explain the critical need for Email Data Loss Prevention (DLP).

We are thrilled to announce the first release of powerful updates to Egress Prevent Analytics within the Egress Security Center, designed to provide deeper insights, richer data, and enhanced functionality for all our customers.

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry. “Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts,” the advisory states.

France’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record reports. The agency attributes the campaign to “Nobelium,” a threat actor tied to Russia’s Foreign Intelligence Service (the SVR).

The threat of phishing attacks looms larger than ever. The LA County Department of Public Health recently announced that 50 employees fell victim to phishing attacks, compromising sensitive patient data. These deceptive schemes have become a staple in the cyberthreat landscape, targeting individuals and businesses of all sizes. For every employee, understanding the signs and consequences of a phishing attack is crucial to safeguarding their organization.

Cybersecurity moves fast, and the latest threats to reach organizations worldwide are being built on the back of artificial intelligence (AI) models that spit out accurate code, realistic messages, and lifelike audio and video designed to fool people. But as headline-grabbing as AI-based attacks appear to be, they aren’t driving the most breaches globally. That would be BEC attacks, in which attackers leverage stolen access to a business email account to create a scam that results in financial gain.

If you had to choose between regular cybersecurity training and simulated phishing testing, the data shows you should choose simulated phishing tests. When the security awareness training (SAT) industry started over a decade ago, there was some controversy about whether simulated phishing tests should be conducted. The idea of simulated phishing testing was relatively new and some people took them as not only unusual, but potentially unethical and unneeded.

Over 11 million phishing attacks have been reported to the UK’s Suspicious Email Reporting Service (SERS) over the past year, according to new data from Action Fraud. The UK’s National Cyber Security Centre has also taken down more than 329,000 phishing sites since the SERS program started in 2020.

Mobile phones have revolutionized the way we work, granting unprecedented freedom and flexibility to access emails and communicate from virtually anywhere. However, this convenience comes with its own set of risks, particularly when it comes to email security. With the rise in remote work and the increasing reliance on mobile devices, employees are now responding to work emails at all hours, often on personal devices.

A new report from Barracuda has found that email conversation hijacking attacks have risen by 70% since 2022. Additionally, business email compromise (BEC) attacks accounted for 10.6% of social engineering attacks in 2023, compared to 8% in 2022 and 9% in 2021. These attacks require more effort on the part of attackers, but they typically have a much higher payout than other forms of social engineering.