Expert(s):
CTO and Co-founderfeature_status*/ ?>
Valimail

Comments Dotted : 13
April 01, 2020

Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach
If successful, this can lead to account takeover, identity theft and other scams that may affect an individual for years to come.
It would not be a surprise if the breached data of 5.2 million Marriott International hotel guests was used by cybercriminals to commit effective phishing attacks. For attackers, knowing customers’ contact details, birthdays, and loyalty program information means their social engineering attacks can be highly tailored and therefore all the more convincing, especially if leveraging brand impersonation tactics. Phishing campaigns often follow soon after breaches like this, targeting the.....Read More
It would not be a surprise if the breached data of 5.2 million Marriott International hotel guests was used by cybercriminals to commit effective phishing attacks. For attackers, knowing customers’ contact details, birthdays, and loyalty program information means their social engineering attacks can be highly tailored and therefore all the more convincing, especially if leveraging brand impersonation tactics. Phishing campaigns often follow soon after breaches like this, targeting the victims with fake security warnings that look like they came from the breached company. In fact, 83 percent of phishing emails overall are brand or company impersonations. If successful, this can lead to account takeover, identity theft and other scams that may affect an individual for years to come. As phish become increasingly hard to identify, email security solutions based on validating sender identity are a powerful defense that can help thwart these attacks at their source.  Read Less
March 11, 2020

North Carolina City And County Shut Down After Ryuk Ransomware Attack – Expert Commentary
This is a highly effective approach in blocking ransomware, BEC and countless other attacks.
Phishing is implicated in more than 90% of all cyberattacks, and it is the preferred vector used by the Ryuk ransomware that hit Durham City and the County of Durham computers and systems last week. One of the key ways governments can close the door against such attacks is to adopt industry best practices, including the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard, a vendor-neutral authentication technology that allows organizations to protect their emailing.....Read More
Phishing is implicated in more than 90% of all cyberattacks, and it is the preferred vector used by the Ryuk ransomware that hit Durham City and the County of Durham computers and systems last week. One of the key ways governments can close the door against such attacks is to adopt industry best practices, including the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard, a vendor-neutral authentication technology that allows organizations to protect their emailing domains from being used in impersonation-based phishing. This is a highly effective approach in blocking ransomware, BEC and countless other attacks. In fact, the U.S. federal government has already made huge strides in adopting DMARC, thanks to a forward-thinking directive from the Department of Homeland Security in 2017. But many government agencies at the state and local level remain unprotected, and therefore will continue to be vulnerable to Ryuk and more.  Read Less
March 06, 2020

Experts Insight On Hacker Accessed T-Mobile Employee Email Accounts And User Data
T-Mobile’s breach is a clear example of how hackers can obtain a wealth of sensitive information just by compromising email accounts.
In an era when BEC attacks are proving to be a highly popular and effective attack method, these types of incidents are unfortunately far too common. T-Mobile’s breach is a clear example of how hackers can obtain a wealth of sensitive information just by compromising email accounts. With access to a plethora of personal data on past and current customers and employees, hackers can potentially trade this data for profit in dark web marketplaces, or use it to commit account takeover, identity.....Read More
In an era when BEC attacks are proving to be a highly popular and effective attack method, these types of incidents are unfortunately far too common. T-Mobile’s breach is a clear example of how hackers can obtain a wealth of sensitive information just by compromising email accounts. With access to a plethora of personal data on past and current customers and employees, hackers can potentially trade this data for profit in dark web marketplaces, or use it to commit account takeover, identity theft, or other scams. In fact, phishing campaigns often follow hot on the heels of breaches like this. Leveraging the compromised data, the malicious actor could target customers with extremely convincing phishing emails that appear to come from the breached company in order to harvest more sensitive information from them. As phish become increasingly hard to identify, sender identity-based email security solutions are a powerful defense that can help thwart these attacks at their source.  Read Less
February 28, 2020

Shark Tank’s Barbara Corcoran Is Out $400K In Phishing Scam – Expert Commentary
Organizations need to focus on validating and authenticating sender identity.
The phishing scam impacting Corcoran’s company clearly debunks the myth that phishing emails are easy to spot. Many companies invest in employee security training to prevent this kind of attack. But as this incident proves, humans are not able to identify malicious emails reliably. Hackers leverage impersonation and heavily researched social engineering tactics to appear as trustworthy senders, and their fraudulent messages are often indistinguishable from legitimate ones. In fact, 83 percent .....Read More
The phishing scam impacting Corcoran’s company clearly debunks the myth that phishing emails are easy to spot. Many companies invest in employee security training to prevent this kind of attack. But as this incident proves, humans are not able to identify malicious emails reliably. Hackers leverage impersonation and heavily researched social engineering tactics to appear as trustworthy senders, and their fraudulent messages are often indistinguishable from legitimate ones. In fact, 83 percent of phishing emails are brand or company impersonations, and another 6 percent impersonate people that the recipient knows. As this scam illustrates, the consequences of a successful phishing attack are far too high to put the onus entirely on employees. Organizations need to focus on validating and authenticating sender identity. By taking steps like properly enforcing DMARC and employing advanced anti-phishing solutions that confirm senders’ identities for inbound email, organizations can add a crucial defensive layer to their inboxes.  Read Less
February 20, 2020

Experts Insight On Ransomware Attack Forces U.S. Gas Pipeline To Shut Down
In fact, users in the U.S. open 30% of phishing emails, and 12% of those targeted by these emails click.
Phishing is implicated in more than 90% of all cyberattacks, and this attack on a U.S. natural gas facility shows exactly why: Email is a highly effective attack vector. Many companies invest in security training to prevent these types of cyberattacks, but as a defense, this is not completely reliable. That’s because malicious actors often leverage impersonation and social engineering to appear as trustworthy senders to victims, making their fraudulent messages indistinguishable from.....Read More
Phishing is implicated in more than 90% of all cyberattacks, and this attack on a U.S. natural gas facility shows exactly why: Email is a highly effective attack vector. Many companies invest in security training to prevent these types of cyberattacks, but as a defense, this is not completely reliable. That’s because malicious actors often leverage impersonation and social engineering to appear as trustworthy senders to victims, making their fraudulent messages indistinguishable from legitimate ones. In fact, users in the U.S. open 30% of phishing emails, and 12% of those targeted by these emails click on the infected links or attachments. The consequences of a cyberattack are far too high to put the onus on employees to identify malicious emails. To stop crippling ransomware attacks, organizations need to prevent the phish from getting into their inboxes in the first place — which can be done by properly enforcing DMARC and implementing advanced anti-phishing solutions to authenticate and validate sender identity. By doing so, organizations can add a crucial defensive layer to keep ransomware attacks at bay and defend critical infrastructure against disruption.  Read Less
February 14, 2020

Multiple Experts On Puerto Rico $2.6M Phishing Scam
The FBI found that the cost of BEC attacks reached $26 billion over a three-year period.
Contrary to popular belief, phishing emails are not always easy to identify. They do not always contain obvious typos, broken English or clearly come from unknown senders. Cybercriminals have become adept at crafting emails that are difficult to discern from legit messages that recipients receive daily, and even though many organizations invest in employee email security training to prevent these kinds of attacks, attackers continue to find success often through impersonation. In fact, 90% of.....Read More
Contrary to popular belief, phishing emails are not always easy to identify. They do not always contain obvious typos, broken English or clearly come from unknown senders. Cybercriminals have become adept at crafting emails that are difficult to discern from legit messages that recipients receive daily, and even though many organizations invest in employee email security training to prevent these kinds of attacks, attackers continue to find success often through impersonation. In fact, 90% of email attacks use impersonation, and phishing attacks that impersonate senders have increased in frequency by 25%. These stats are connected to business email compromise (BEC). BEC is a type of spearphishing attack that uses impersonation to trick the recipient into believing the message came from a trusted sender. BEC messages aim at the direct extraction of value from the target, and in this case, the message posed as fake bank instructions. This is not a one-time occurrence, in fact, the FBI found that the cost of BEC attacks reached $26 billion over a three-year period. To prevent these attacks and avoid the same fate as the Puerto Rican government, and so many other victims, organizations must focus on validating and authenticating sender identity. By taking steps like properly enforcing DMARC and employing advanced anti-phishing solutions that confirm senders’ identities, organizations can add a crucial defensive layer to their inboxes.  Read Less
February 13, 2020

Amex Chase Users Targeted In New, Clever Phishing Campaign – Email Security Expert Commentary
In fact, 83 percent of phishing emails are brand or company impersonations.
The latest scam targeting Chase and American Express customers demonstrates how effective impersonation techniques can be in phishing attacks. In fact, 83 percent of phishing emails are brand or company impersonations. Playing on Chase and Amex users’ fears of someone abusing their credit card information, victims are more inclined to fall for the bait and input their highly sensitive information in a fake verification process. Doing so would allow cybercriminals to commit identity theft on.....Read More
The latest scam targeting Chase and American Express customers demonstrates how effective impersonation techniques can be in phishing attacks. In fact, 83 percent of phishing emails are brand or company impersonations. Playing on Chase and Amex users’ fears of someone abusing their credit card information, victims are more inclined to fall for the bait and input their highly sensitive information in a fake verification process. Doing so would allow cybercriminals to commit identity theft on the victims or sell their information in dark-web marketplaces. As threat actors become more adept at crafting emails that are indistinguishable from legitimate ones, we must focus on validating and authenticating sender identity. With email, this can be accomplished by properly enforcing DMARC, a widely-accepted open standard that ensures only authorized senders can use your domain in the From: field of their email messages.  Read Less
December 13, 2019

New Phishing Campaign Targeting Gov’t Departments Around The World – Commentary From Email Security Expert
To stop attacks like this, the first essential step is to prevent malicious emails.
This new global phishing campaign targeting government departments is a prime example of how sophisticated and convincing cybercrime tactics have become, especially phishing attacks. There is a common misconception that phishing emails are easy to identify, because they’ll contain spelling and grammar errors and are clearly not coming from anyone the recipient knows. The truth is, cybercriminals have become extremely adept at crafting emails that are indistinguishable from legitimate emails.....Read More
This new global phishing campaign targeting government departments is a prime example of how sophisticated and convincing cybercrime tactics have become, especially phishing attacks. There is a common misconception that phishing emails are easy to identify, because they’ll contain spelling and grammar errors and are clearly not coming from anyone the recipient knows. The truth is, cybercriminals have become extremely adept at crafting emails that are indistinguishable from legitimate emails that recipients receive every day. In this particular instance, the hackers are using advanced impersonation techniques (used in over 80 percent of spear-phishing emails) and even writing emails in the targets’ native language, all with the aim of driving victims to spoofed websites that will steal the victims’ login credentials. To stop attacks like this, the first essential step is to prevent malicious emails from ever entering inboxes. Most email defenses will focus on the content of the messages and the links they contain, but given the rapidly evolving attacks techniques, content-centric systems don’t always catch the bad guys. Therefore, it’s imperative for companies to implement known best practices to proactively defend their inboxes, such as properly enforcing DMARC, a widely-accepted open standard that ensures only authorized senders can use your domain in the From: field of their email messages, and deploying modern anti-phishing solutions that validate senders’ identities.  Read Less
October 10, 2019

Indiana Health System Breach Potentially Impacted More Than 68K Patients – Expert Commentary
This incident demonstrates how healthcare organizations and other companies need email security systems.
Phishing attacks continue to be a leading cause of data breaches, as shown with the recent breach targeting Indiana-based Methodist Hospitals. In fact, spear-phishing plays a role in at least 90 percent of all cyberattacks and is a highly effective tactic leveraged by cybercriminals. Because medical records contain an abundance of personal information, including Social Security numbers, addresses, payment information, and insurance information, they are highly valuable on the dark web, allowing .....Read More
Phishing attacks continue to be a leading cause of data breaches, as shown with the recent breach targeting Indiana-based Methodist Hospitals. In fact, spear-phishing plays a role in at least 90 percent of all cyberattacks and is a highly effective tactic leveraged by cybercriminals. Because medical records contain an abundance of personal information, including Social Security numbers, addresses, payment information, and insurance information, they are highly valuable on the dark web, allowing cybercriminals to commit insurance fraud, account takeover and identity theft. Many organizations invest in employee email security training to prevent these kinds of attacks. However, the pressure to identify fraudulent emails should not solely be on the employees, as modern phishing attacks are extremely hard to identify due to convincing impersonation techniques (used in over 80 percent of all spear phishing messages) and sophisticated social engineering. This incident demonstrates how healthcare organizations and other companies need email security systems that validate and authenticate sender identity before an email reaches an employee inbox.  Read Less
September 27, 2019

DoorDash Data Breach Impacts 4.9M Users – Experts Comments
Email security solutions that focus on authenticating sender identity are critical to fostering an atmosphere of trust with email communication.
DoorDash’s data breach — which exposed names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords — puts close to 5 million people at an increased risk for phishing attacks and other fraudulent activity. Cybercriminals can use this kind of data, in combination with effective and widely used email impersonation techniques, to send people especially convincing phishing emails. If successful, these phishing attacks can lead to account takeover, identity.....Read More
DoorDash’s data breach — which exposed names, email addresses, delivery addresses, order history, phone numbers, and hashed passwords — puts close to 5 million people at an increased risk for phishing attacks and other fraudulent activity. Cybercriminals can use this kind of data, in combination with effective and widely used email impersonation techniques, to send people especially convincing phishing emails. If successful, these phishing attacks can lead to account takeover, identity theft and other scams. In fact, 83 percent of phishing emails are brand or company impersonations. Trust is an essential aspect of day-to-day life. People need to be able to trust that the companies and services they use, or work for, are going to protect their sensitive, personal data. Organizations must do a better job at securing that data in order to maintain trust. Additionally, people need to be able to trust that emails they receive are actually sent by real people or entities, as opposed to cybercriminals leveraging impersonation techniques. Email security solutions that focus on authenticating sender identity are critical to fostering an atmosphere of trust with email communication. This will also help reduce data breaches, since phishing emails are implicated in more than 90 percent of all cyberattacks.  Read Less