Avanan Updates

Week of 11/1—11/5 

This is the Weekly Digest of our latest blog posts, white papers, case studies, attack briefs, and more. Each Monday, we'll send you our updates from the previous week.


Want to sign up to receive these each week? Click here

New Website Content


Top 5 Email Security Threats


In this explanatory blog, we discuss some of the top email security threats out there today. We dive into the effects the pandemic had on the world of security; why it's more essential than ever to install email security; and the different types of threats, including Business Email Compromise and malware. The article also delves into some of the best practices to ensure your email stays protected. 



What is Account Takeover?

This is another explanatory blog that discusses account takeover. This blog explains the phenomenon of account takeover; why it can be dangerous for enterprises; and some of the best practices to prevent it. 



New Attack Spoofs Amazon to Obtain Payment from End-User

In this attack, we describe a multi-step scam that spoofs Amazon. The attack has two goals: obtain payment info, and then obtain phone numbers to continue attacks later on, a phenomenon we're calling phone number harvesting. The attack starts by spoofing an Amazon order notification. All the links are legit, pointing to the actual Amazon site. The only recourse someone has is to call the number listed in the email. This is not an Amazon number. When someone calls the number, no one answers. A few hours later, the call is returned and they ask for a credit card number and CVV to cancel the transaction. What's particularly interesting about this attack is that it doesn't stop after the credit card info is obtained. Because they now have a phone number, they can begin to do text-based or voicemail-based scams, whenever they want. 



Defense-in-Depth: Why the Legacy Model Doesn't Hold Up

Defense-in-depth is a critical tenant of security. However, as this blog explains, sometimes the legacy approach doesn't adhere to that. When you purchase a SEG, you end up getting two systems, instead of layered security. With your O365 license, you get features like archiving, secure messaging and more. You get that with your SEG, too. But instead of layering security so that there are fail-safes, you're just getting more of the same.



Microsoft ATP's Filter as Spam Issue

In this blog, we follow a Reddit thread that details users' frustrations with ATP's filtering. In particular, when the policy is to send spam detections to be quarantined, it instead gets filtered as spam and sent to the Junk folder. This happens due to misconfiguration. If everything is not aligned perfectly, issues like this can happen easily. 


Avanan, 259 West 30th Street, New York, NY 10001

Unsubscribe Manage preferences