Week of 9/20—9/24
This is the Weekly Digest of our latest blog posts, white papers, case studies, attack briefs, and more. Each Monday, we'll send you our updates from the previous week.
Forwarded this email? Sign up here.
New Website Content
This attack brief discusses how shortened LinkedIn URLs can be used for phishing. By policy, LinkedIn automatically shortens any URL over 26 characters. We've uncovered how hackers take advantage of this, utilizing the short URL (lnkd.in) to start a chain of redirects that ends up on a classic credential harvesting page. One of the reasons this works is because it spoofs a legitimate brand, so it sails into the inbox. In fact, LinkedIn, according to Check Point research, is one of the most impersonated brands. This scheme is easy to launch and easy to fool users with.
In advance of our webinar on Tuesday, September 28th, we put out a blog discussing the importance of AI in email security. This blog goes through a little bit of the history of email security; how rules used to be the default mechanism for security but are now not enough. The blog then discusses why AI is so important for catching advanced threats; how using NLP engines like BERT is so critical; and how Avanan employs AI for every email.