The first article published on the Mensago, formerly Anselus, website was titled, “7 News Articles Which Prove How Horrible E-mail Really Is.” It included news pieces published by both well-known and less-well-known news sources from around the Web which illustrated how so many security problems stem from e-mail. Below you will find thirteen more which demonstrate how much e-mail needs to take a permanent vacation.
The trouble with DMARC: 4 serious stumbling blocks
DMARC is hard to set up and then comes maintenance.
Encrypted Email Has a Major, Divisive Flaw
An attack called eFail causes vulnerable e-mail clients to compromise encrypted e-mail.
Verizon, 2018 Data Breach Investigations Report
A 2018 study by Verizon revealed some awful statistics:
- Phishing and pretexting represent 98% of social incidents and 93% of breaches. Email continues to be the most common vector (96%). (p.11)
- 49% of non-Point-of-Sale malware was installed via malicious e-mail (p.5)
A Quarter of Phishing Emails Bypass Office 365 Security
Even with advanced scanning techniques, bad actors still manage to get phishing e-mails past Microsoft.
Scammer Tricks City Into $1 Million Wire Transfer
A scammer tricked the City of Saskatoon into wiring money. The attack was a classic case of Business E-mail Compromise fraud.
Business Email Compromise Is a $26 Billion Scam Says the FBI
Bleeping Computer, 9/10/2019
Business E-mail Compromise scams are increasing and highly profitable for the bad guys.
Emotet is back after a summer break
Cisco Talos, 9/20/2019
One of the world’s most dangerous botnets is back and tricks users more by sending spam to a user’s contacts and quoting a user’s e-mail.
Former Yahoo engineer pleads guilty to hacking user emails in search for porn
Man uses access from former employer to access over 6,000 e-mail accounts and then pivot to other services from there.
How Big Companies Spy on Your Emails
3 popular e-mail apps on the Apple app store sift through users’ e-mails to sell the data.
Phishing emails impersonate the White House and VP Mike Pence
Bleeping Computer, 4/2/2020
Bad actors utilize Coronavirus and imply extortion by US vice president Mike Pence to trick users into clicking on a malicious link.
Edison Mail rolls back update after iOS users reported they could see strangers’ emails The Verge, 5/16/2020
A bug in a mobile e-mail app causes a data breach. Publisher claims otherwise.
Scammers steal $10 million from Norway’s state investment fund
Bleeping Computer, 5/14/2020
Criminals hack e-mail server, sniff all e-mail passing through, and execute Business E-mail Compromise attack.
Decades-Old Email Flaws Could Let Attackers Mask Their Identities
Ambiguities in how e-mail server software handles envelope information could enable phishing attacks in organizations using e-mail security technologies DMARC, DKIM, and/or SPF.
Iranian Hackers Found Way Into Encrypted Apps, Researchers Say
New York Times, 9/18/2020
Hackers linked to Iranian government use phishing, malicious documents, and malware to work around encrypted messaging apps.