Is E-mail as Bad as You Say? Part II

The first article published on this project’s blog was titled “Is E-mail as Bad as You Say It Is? Yes. Yes It Is.” It demonstrated the title by listing a number of news pieces published by both well-known and less-well-known news sources which illustrated how so many security problems stem from e-mail.

DARKReading, 1/24/2017
The trouble with DMARC: 4 serious stumbling blocks
DMARC has major setup challenges and then comes maintenance.

Wired, 5/14/2018
Encrypted Email Has a Major, Divisive Flaw
An attack called eFail causes vulnerable e-mail clients to compromise encrypted e-mail.

Verizon, 2018 Data Breach Investigations Report
A 2018 study by Verizon revealed some awful statistics:

  • Phishing and pretexting represent 98% of social incidents and 93% of breaches. Email continues to be the most common vector (96%). (p.11)
  • 49% of non-Point-of-Sale malware was installed via malicious e-mail (p.5)

ComputerWeekly, 4/19/2019
A Quarter of Phishing Emails Bypass Office 365 Security
Even with advanced scanning techniques, malicious actors still manage to get phishing e-mails past Microsoft.

BleepingComputer, 8/20/2019
Scammer Tricks City Into $1 Million Wire Transfer
A scammer tricked the City of Saskatoon into wiring money. The attack was a classic case of [Business E-mail Compromise] fraud.

Bleeping Computer, 9/10/2019
Business Email Compromise Is a $26 Billion Scam Says the FBI
BEC scams are increasing and highly profitable for the bad guys.

Cisco Talos, 9/20/2019
Emotet is back after a summer break
One of the world’s most dangerous botnets is back and tricks users more by sending spam to a user’s contacts and quoting a user’s e-mail.

ZDNet, 10/1/2019
Former Yahoo engineer pleads guilty to hacking user emails in search for porn
Man uses access from former employer to access over 6,000 e-mail accounts and then pivot to other services from there.

Vice, 2/10/2020
How Big Companies Spy on Your Emails
3 popular e-mail apps on the Apple app store sift through users’ e-mails for the purposes of selling the data.

Bleeping Computer, 4/2/2020
Phishing emails impersonate the White House and VP Mike Pence
Malicious actors are utilizing Coronavirus and implied extortion by US vice president Mike Pence to trick users into clicking on a link.

The Verge, 5/16/2020
Edison Mail rolls back update after iOS users reported they could see strangers’ emails Abstract:
A bug in an e-mail app causes a data breach, despite publisher’s testimony otherwise.

Bleeping Computer, 5/14/2020
Scammers steal $10 million from Norway’s state investment fund Abstract:
Criminals hack e-mail server, monitor all e-mail passing through, execute Business E-mail Compromise attack.

Wired, 8/4/2020
Decades-Old Email Flaws Could Let Attackers Mask Their Identities
Ambiguities in how e-mail server software handles envelope information could enable phishing attacks in organizations with DMARC, DKIM, and/or SPF.

New York Times, 9/18/2020
Iranian Hackers Found Way Into Encrypted Apps, Researchers Say
Hackers linked to Iranian government use phishing, malicious documents, and malware to work around encrypted messaging applications