Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Proofpoint Essentials MSP services leverage the same enterprise-class security that powers some of the world’s largest and most security-conscious companies for SMBs. This visibility and security give them the protection for their greatest security risk—their people. Small and medium-sized businesses (SMBs) are targeted with the same attacks as large enterprises but they often lack the personnel and financial resources to purchase and operate security solutions aimed at large enterprises.

Email messaging is the most widely used form of communication, whether in the business world or in our daily personal lives. And it is because of this reason that email communication is one of the most targeted areas by cybercriminals.

We’ve all had it happen. You receive an email telling you that you’ve won a prize draw you never entered or a foreign prince wants to transfer you a huge sum of money and needs your bank details. These obvious scams can be spotted from a mile away and are what we tend to think of when we think of phishing, but it’s not always that apparent. Over the years, phishing scams have become harder to detect and many have fallen victim as a result.

Regardless of the industry or organization, corporate email is the main cause of unauthorized and accidental data leaks. Employees are constantly sending emails to external parties that may contain sensitive company data, personally identifiable information (PII), trade secrets and other intellectual property.

From nation-state threat actors to typical cybercriminals, the public sector faces a multitude of cybersecurity threats. At the same time, public-sector organizations struggle to maintain a robust cyber hygiene posture because they need to balance limited budgets with complex IT environments and highly interconnected ecosystems.

Phishing emails are a serious problem for both businesses and consumers. Phishers use phishing emails to steal users’ personal information, like usernames, passwords, credit card numbers, social security numbers and other sensitive data.

Recently, we observed a malware spam campaign leveraging the current COVID-19 situation. The emails were sent from a compromised mailbox using a mailer script. The message contains a link leading to a Word document. The email takes advantage of a COVID-19 test mandate as a pretext to lure the unsuspecting user into clicking the link and downloading the document. Figure 1. COVID-19 themed malspam with link to the malicious document.

Gmail is an immensely popular service, with nearly 2 billion active accounts. And as the service has grown, businesses have turned to it for all kinds of things it was never meant to do: user authentication, password recovery, and perhaps most problematic, the passing of sensitive or regulated data between parties.