Is E-mail as Bad as You Say? Part II

The first article published on this project’s blog was titled “Is E-mail as Bad as You Say It Is? Yes. Yes It Is.” It demonstrated the title by listing a number of news pieces published by both well-known and less-well-known news sources which illustrated how so many security problems stem from e-mail.

DARKReading, 1/24/2017
The trouble with DMARC: 4 serious stumbling blocks
Abstract:
DMARC has major setup challenges and then comes maintenance.

Wired, 5/14/2018
Encrypted Email Has a Major, Divisive Flaw
Abstract:
An attack called eFail causes vulnerable e-mail clients to compromise encrypted e-mail.

Verizon, 2018 Data Breach Investigations Report
A 2018 study by Verizon revealed some awful statistics:

  • Phishing and pretexting represent 98% of social incidents and 93% of breaches. Email continues to be the most common vector (96%). (p.11)
  • 49% of non-Point-of-Sale malware was installed via malicious e-mail (p.5)

ComputerWeekly, 4/19/2019
A Quarter of Phishing Emails Bypass Office 365 Security
Abstract:
Even with advanced scanning techniques, malicious actors still manage to get phishing e-mails past Microsoft.

BleepingComputer, 8/20/2019
Scammer Tricks City Into $1 Million Wire Transfer
Abstract:
A scammer tricked the City of Saskatoon into wiring money. The attack was a classic case of [Business E-mail Compromise] fraud.

Bleeping Computer, 9/10/2019
Business Email Compromise Is a $26 Billion Scam Says the FBI
Abstract:
BEC scams are increasing and highly profitable for the bad guys.

Cisco Talos, 9/20/2019
Emotet is back after a summer break
Abstract:
One of the world’s most dangerous botnets is back and tricks users more by sending spam to a user’s contacts and quoting a user’s e-mail.

ZDNet, 10/1/2019
Former Yahoo engineer pleads guilty to hacking user emails in search for porn
Abstract:
Man uses access from former employer to access over 6,000 e-mail accounts and then pivot to other services from there.

Vice, 2/10/2020
How Big Companies Spy on Your Emails
Abstract:
3 popular e-mail apps on the Apple app store sift through users’ e-mails for the purposes of selling the data.

Bleeping Computer, 4/2/2020
Phishing emails impersonate the White House and VP Mike Pence
Abstract:
Malicious actors are utilizing Coronavirus and implied extortion by US vice president Mike Pence to trick users into clicking on a link.

The Verge, 5/16/2020
Edison Mail rolls back update after iOS users reported they could see strangers’ emails Abstract:
A bug in an e-mail app causes a data breach, despite publisher’s testimony otherwise.

Bleeping Computer, 5/14/2020
Scammers steal $10 million from Norway’s state investment fund Abstract:
Criminals hack e-mail server, monitor all e-mail passing through, execute Business E-mail Compromise attack.

Wired, 8/4/2020
Decades-Old Email Flaws Could Let Attackers Mask Their Identities
Abstract:
Ambiguities in how e-mail server software handles envelope information could enable phishing attacks in organizations with DMARC, DKIM, and/or SPF.

New York Times, 9/18/2020
Iranian Hackers Found Way Into Encrypted Apps, Researchers Say
Abstract:
Hackers linked to Iranian government use phishing, malicious documents, and malware to work around encrypted messaging applications