In today's rapidly evolving digital landscape, email remains a critical artery of communication for organizations worldwide. However, this indispensable tool is also...
In today's rapidly evolving digital landscape, email remains a critical artery of communication for organizations worldwide. However, this indispensable tool is also...
As we navigate deeper into the digital age, the omnipresence of AI (Artificial Intelligence) in cybersecurity narratives has become undeniable. With every vendor cla...
The digital transformation journey has led many organizations toward cloud-based email systems, a move that has significantly altered the cybersecurity landscape. Th...
Miercom assessed the five top security vendors' Zero Trust Platforms, comparing their security efficacy, ease of use, breadth and comprehensiveness.
Ransomware and malware remain a primary concern for organizations. In 2023, 1 in every 10 organizations worldwide was hit with an attempted ransomware attack, a 33% ...
Mail Exchange records—or MX Records—is a public way of notating the mail server responsible for receiving and sending messages. Think of it like a public address, si...
New research by Check Point has found a significant security vulnerability in Microsoft Outlook, known as the #MonikerLink bug. The bug exploits the way Outlook proc...
Are you frustrated with the lack of effectiveness in your email security measures? Despite investing in various solutions, you may still be vulnerable to cyber threa...
Temu, an international online e-commerce store that has quickly gained prominence, offers discounted goods directly shipped to consumers without intermediate distrib...
Phishing attacks have become increasingly sophisticated, and one of the latest threats targeting Microsoft 365 users is the fake invoice phishing scam. This scam aim...
Account takeover is a growing concern in the world of email security. Cybercriminals are constantly finding new ways to gain unauthorized access to email accounts, a...
Hackers will try just about anything to get you to click on a malicious link.
Over the summer, we saw a somewhat unexpected rise in QR-code-based phishing attacks.
Q4 2023 has come and gone, but the threat of phishing attacks remains on the rise, with "brand phishing" taking the lead. According to Check Point's 2024 Brand Phish...
In the digital age, email has become an indispensable tool for communication, especially within organizations. Services like Outlook are integral for scheduling meet...
It is officially 2024, and hearing the phrase, "new year, new you," is expected and typically indicates change (e.g., bad habits, personal development, exercise, etc...
A new report by Check Point Research illustrates a concerning rise in advanced phishing attacks that target blockchain networks by using wallet-draining techniques.
In March of 2023, Microsoft confirmed a zero-click attack in Outlook that would compromise the end-user without them doing anything. They don’t need to click a link ...
Would you believe that many API-based email security solutions don't look at malware?
Many Phishing attacks include password-protected attachments as a means to avoid inspection. These attacks often employ very simple techniques to prevent security so...
You have a spam and phishing problem.
Need to improve your email security? It doesn't take long. In just a few clicks, you can set up Avanan and immediately see the results. Don't believe us? See it for ...
We’ve been writing extensively about BEC 3.0 attacks.
Threat actors have long taken advantage of current events -- from natural disasters to regional holidays and cultural moments -- to deceive people.
Recently, we've seen a large rise in QR-code, or Quishing, attacks. These QR codes are delivered via email and contain a link to a malicious credential harvesting pa...
One person's spam is another person's newsletter. These differing opinions in how end-users view emails fall into a larger category called graymail. It could be a sp...
Cybercriminals are launching incredibly sophisticated "quishing” campaigns armed with malicious QR codes. Attack volumes have grown 2,400% since May, including an at...
Recently, we've seen a lot of news about Quishing--or QR Code phishing. This is when the link behind a QR code is malicious, but the QR code itself is not. There was...
The hottest trend in the world of email security is quishing or QR Code phishing.
When someone takes over an account via email, they usually do one of the following actions:
DLP serves as a crucial tool for preventing and controlling the sharing of sensitive information with external parties.
Account takeovers happen when an outside actor gains access to an email account. This can happen through a number of ways, from standard brute force to more complex ...
We've been continually writing about how hackers are utilizing Google as a springboard to launch phishing attacks. The latest version of this is through Google Colle...
Recently, Check Point Research (CPR) made an alarming discovery in Latin America - an ongoing campaign deploying a fresh variant of the BBTok banking malware. This n...
Recently, we've seen a lot of news about Quishing--or QR Code phishing. This is when the link behind a QR code is malicious, but the QR code itself is not. There was...
We've been writing more and more about the ways in which hackers are utilizing Google services to launch phishing attacks. One of the ways they are doing this is by ...
BEC attacks are financially damaging and difficult to stop. It's why hackers continually launch these attacks. In this video, we break down one example of a BEC atta...
In an account takeover (ATO) attack, an attacker gains unauthorized access to the credentials for a user’s online account. This access can then be used for identity ...
Check Point researchers recently discovered a large-scale phishing campaign in Colombia targeting over 40 prominent companies. The attackers aimed to discreetly inst...
We've written a lot recently about how Google services are being utilized by hackers as a springboard for carrying out phishing attacks. One of those services is Goo...
We've written a lot about how scammers are using PayPal for BEC 3.0 scams. This means tat hackers are sending invoices directly from PayPal, not a spoofed site. That...
We’ve been talking about it week after week—hackers are using legitimate services for illegitimate means.
We first wrote about ZeroFont phishing a few years ago, and it remains one of our most viewed stories here. Why? Because it's an innovative technique that hackers ha...
A stunning new development in the world of Teams phishing was announced by Microsoft.
A new phishing campaign is taking off in MIcrosoft Teams.
Last week, we wrote about how hackers are utilizing Google Looker Studio to carry out phishing campaigns.
HTML and HTM attachments make up 50% of malicious attachments. Why are hackers resorting to this attachment form? In this video, we break it down:
Microsoft Teams is quickly becoming a burgeoning attack vector. We've written about a few new attacks recently. In this video, we break down one of them:
Today, we’re writing about cyberattacks we’re seeing via Google Looker Studio and other Google applications. Google Looker Studio is a powerful data visualization so...
By now, you know full well what BEC is. It's receiving a message, usually from someone pretending to be a higher-up, and asking for information. These are incredibly...
Zelle, the money-transfer service, is a favorite of hackers to spoof. We've written about it in detail. In this video, we walk you through what a typical Zelle scam ...
Interested in switching from your SEG and moving on to Avanan? The transition in super easy. Here's how you do it:
Whack-a-Mole is fun at the arcade--less fun if it's a staple of your email security program. But with many API solutions, playing whack-a-mole is the only option. An...
The word ransomware is enough to cause fear in any organization. But it doesn't have to be fear-inducing. Our guide provides five security measures that you can impl...
Business Email Compromise is the most financially damaging phishing attack in cybersecurity. How can your organization ensure it doesn't cause damage? This is a guid...
Our product is comprehensive, but our customers continually come to us for the following five key security issues.
We're lucky to have a ton of talented employees here at Avanan. One of them, Sr. Solutions Engineer Michael Hansen, has a wide variety of skills, including coding. A...
The NIST (National Institute of Standards and Technology) Cybersecurity Framework is a widely recognized framework that provides guidelines for improving the cyberse...
NOBELIUM--aka Midnight Blizzard, APT29, Cozy Bear--the group behind the sprawling SolarWinds attack, is at it again, with a new attack utilizing Teams.
The hottest trend in the phishing world is leveraging legitimate services to send illegitimate messages.
We’ve been writing recently about how hackers are utilizing legitimate services to send out phishing campaigns.
One of our customers uses Slack for a lot of their daily communication. The company holds a lot of data about customers, and often this is shared internally to facil...
Ads make the internet go round. And nobody does more with online ads than Google.
Google Collection is a cool tool that allows you to save links, images and videos and share them with others.
Last year, we wrote about a story we heard. Someone who was using an API-based competitor for email security told us about a mail rule they have: every email that go...
According to our own Michael Hansen, one of our Security Engineers, "One user's newsletter is another user's spam."
Executive Summary A new cyber attack targeting NATO countries supporting Ukraine during the NATO Summit shows why only a comprehensive email security solution can st...
Using the comment feature in Google Docs represents another instance in the evolution of BEC 3.0. Utilizing legitimate sites makes it easy for hackers to end up in t...
Phishing through URL-based scams is a deceitful tactic used by hackers to obtain confidential information from users by creating fake links that mimic legitimate one...
This month, Check Point celebrated 30 years as a company. This is an incredible achievement for any company.
Last week, we wrote about a new Teams malware variant making the rounds. As we wrote, the vulnerability essentially allows hackers to bypass all security measures an...
Cybercriminals have a sneaky technique up their sleeves - brand phishing, also known as brand impersonation or brand spoofing. This tactic involves assuming the iden...
A recently discovered vulnerability in Microsoft Teams has opened the door for non-employees to effortlessly send harmful files to employees without undergoing any s...
In recent months, Check Point Research has observed a surge in phishing attacks that exploit reputable online form builder services like Formspark, Formspree, EmailJ...
It is widely acknowledged in the market that organizations require an extra layer of email security to complement Microsoft's existing protection.
In June, 43% of all malicious files were PDFs, indicating a significant rise in their use for malicious purposes.
Mark Ostrowski is Head of Engineering, US East, Check Point. He has 20 years’ experience in IT security and has helped design and support some of the largest securit...
URL-based phishing tricks users into providing sensitive information to hackers through fake links that imitate legitimate ones. We've been looking at some examples ...
A majority of our customers--90%--use our patented inline mode for email security.
One of the key capabilities of an email security solution is the ability to detect anomalies. When something happens that's out of the ordinary, it can be a sign tha...
One of the biggest problems with online security is URL-based phishing. These attacks involve fake links that mimic legitimate ones, tricking users into entering sen...
Our research has revealed that credential harvesting remains the top attack vector, responsible for 59% of attacks. This malicious tactic also plays a significant ro...
Soda PDF is a popular PDF editing tool. It allows for the easy editing of PDFs–which is not always an easy thing to do–as well as various features like conversion to...
We're proud to be named a Leader in The Forrester Wave™: Enterprise Email Security, Q2 2023 report. Harmony Email & Collaboration (HEC) received the highest scor...
Botswana Power Corporation (BPC) struggled with protecting its operation and strategic infrastructure as email became the prevalent attack vector. Their needs requir...
Mark Ostrowski is Head of Engineering, US East, Check Point. He has 20 years’ experience in IT security and has helped design and support some of the largest securit...
AESI is a consulting service to electric utility generation, transmission, distribution, and independent system operators. After testing their email security effecti...
Lightbeam Health solutions help unify claims and clinical data to healthcare solutions.
GIMV secures critical investment data for many financial services. However, their challenge to protect their cloud IT strategies and manage an ever-changing landscap...
Ayesa is a technology solution to assist engineering, technology, and consulting agencies. After facing multiple sophisticated threats to their cloud-based platforms...
Aalborg Kommune wanted a solution providing consistent email security covering Microsoft 365 and cloud-based platforms. However, to relieve the burden from their sup...
A large manufacturing company, Midwest Rubber, needed to protect their company from malware, phishing, and malicious attacks while simplifying management complexity....
Successful hacks rarely spell out what’s about to happen.
When it comes to spear-phishing, the force a threat actor takes to impact its victim can produce equal (if not greater) damage, and one way of doing so is using the ...
We've talked a lot about the Zero-Click attack that was recently propagated on Outlook. It allows for a damaging attack that steals NTLM hashes (the form in which Wi...
ChatGPT doesn't actually "know" anything (it's a statistical program), but if it's going to have a sentient sense of anything, it's probably going to be about AI its...
Canal Bank helps protect Panama's commercial clients. With sensitive data to protect, Canal Bank needed a solution to defend its Office 365 users from malware, phish...
Email threats continue to increase. In the first half of 2022, according to Check Point Research, email-delivered attacks reached 89% of all in-the-wild attacks.
Regina Miracle is a leading intimate wear, sportswear, and personal protective equipment manufacturer. After failed attempts from Microsoft to protect their Office 3...
Quectel is a global IoT solution based in Shanghai and has faced increasing risks for cyber-attacks, with ransomware being the primary weapon. Needing a comprehensiv...
One of our key features for blocking compromised accounts is our auto-blocking feature.
There is an AI arms race in all industries, and nowhere is that more apparent than in email security.
Organizations know that today’s email threats mandate layered security and require the deployment of another email security solution on top of Microsoft’s, whether i...
We have been tracking the next wave of Business Email Compromise attacks. It relies on the use of legitimate services to unleash attacks. There’s nothing fake or spo...
Data loss prevention is a key part of any email security solution. Preventing sensitive data from getting into the wrong hands is an essential part of what we do.
We've written extensively about the tremendous wave of attacks that are being originated from PayPal.
UPDATE, 5/2/23: On Tuesday, 5/2/23, Avanan researchers and members of Linktree’s security and trust team spoke via video conference. The two companies spoke in more ...
Zelle, the widely used and highly acclaimed money-transfer service, is now a prime target for cybercriminals. The simplicity of sending funds to friends or businesse...
The new wave of phishing that we’ve talked a lot about is BEC 3.0. Essentially, it’s the ability for hackers to sign up for a free account somewhere, send out an inv...
One of the key tenants of email security is detecting anomalies. When something happens that's out of the ordinary, it can be a sign that malicious behavior is afoot...
We’ve redefined email security a number of times.
Customers that use gateways like Mimecast, Proofpoint, Barracuda and IronPort might be susceptible to email attacks that other Office 365 and Gmail customers are not...
Email messages aren’t always what they seem. We talk often about how hackers obfuscate text and code within messages. That can be an effective way to bypass security...
Ever feel like you're playing whack-a-mole when it comes to your email security? Ever feel like you're Bill Murray chasing after that gopher?
Avanan started in 2015 with a simple premise, that securing email in the cloud required a new approach. We did that with our patented solution, securing Microsoft 36...
Proofpoint ,Mimecast, Barracuda and IronPort are traditional email security gateways that redirect traffic through a cloud-based proxy before it reaches the email se...
The Check Point and Avanan ethos has always been Prevention First. We've explained to customers the importance of blocking attacks before an end-user has a chance to...
The majority of companies still use legacy gateways to protect their email. More and more, however, companies, are realizing the limitations of this approach, was or...
Before email services like Office 365 and Gmail became popular, gateway architecture was the only deployment model for email security. Unfortunately, it is just not ...
Let’s be honest. From being a noun or a verb to describing social media or fashion, “what’s trending” is a term gaining steam. However, whether the trend is popular,...
One of the most spoofed brands in phishing attacks is Microsoft.
Avanan customers are protected against a new vulnerability, CVE-2023-23397.
Business Email Compromise (BEC) attacks have overwhelmed traditional email security providers because they don’t rely on URLs or malicious attachments to compromise ...
Email gateways were designed to scan and block inbound messages. Their visibility and enforcement is limited to just email. They are unable to take action against an...
According to Gartner, only 7% of organizations inspect their internal email. This is despite the fact that the last five years have seen a rise in internal threat ac...
Both Microsoft 365 and G-Suite include their own email filters for spam, phishing and malware. When you deploy an external email gateway, however, you must put them ...
We see phishing campaigns all the time--dedicated, long-standing attempts to hit end-users.
Hackers always try to prey on end-users’ fear, uncertainty, and doubt. It’s all about tricking end-users into doing something they don’t want to do–namely, handing o...
Do you have a handle on how your SOC is handling phishing? More specifically, do you know how they are responding to end-user requests to restore messages and report...
Amazon is beyond convenient.
Ransomware. The word is enough to send shivers down any IT professional's spine.
The state of email security is a growing concern among IT and security decision-makers.
Governments are among the most attacked industries in the world. Why? Because they hold incredible amounts of data. That data is gold for hackers.
Traditional phishing emails have followed the same set-up for decades – a malicious attachment or URL embedded in the email.
Security services have a problem and it’s called BEC 3.0.
Dynamics 365 Customer Voice is a Microsoft product that is used primarily to gain feedback from customers.
We have all had the unpleasant experience of dealing with a used car salesperson. We all know the drill. They try to strongarm you with multiple different tactics th...
An individual’s inbox is a mixture of personal and professional information that many organizations feel is safe with complex passwords and security questions.
One of the most financially devastating attacks is Business Email Compromise (BEC). In 2021, the FBI found that BEC-related complaints added up to $2.4 billion. For ...
Business Email Compromise attacks are one of the fastest-growing and most difficult-to-stop attacks in the cybersecurity space. There are a number of variants, but i...
In July of last year, we wrote about a new campaign where hackers are sending phishing emails and malicious invoices directly from PayPal.
According to a new report featured in ITWire, URL-based dominance is a growing trend over phishing attachments and 4x more likely to reach users, particularly high-p...
In a global marketplace, the ability to geotarget is huge.
ClickFunnels is an online service that helps entrepreneurs and small businesses generate leads, build marketing engines and grow their businesses.
It can be tough being a student. Between the cost of tuition, room and board, and just daily life, it gets expensive very quickly.
Earlier, an outage hit Microsoft Office, causing disruption and delays across the business world.
Do you have three minutes? Of course you do. So in three minutes, you can set up Avanan (Harmony Email & Collaboration), and get robust, inline protection for yo...
A few years ago, we wrote about the MetaMorph attack. In this attack, the malicious HTML attachments use meta refresh to redirect the end-user from an HTML attachmen...
A new report found that OneDrive represents 30% of all cloud malware downloads. That's significantly higher than most other cloud apps. This represents a nearly thre...
A few months ago, we wrote about how hackers are utilizing Microsoft’s Dynamics 365 Customer Voice platform to send phishing links. In general, the attack works by s...
Last year, we wrote about a number of different Facebook-inspired attacks. See here and here for examples.
Be wary of any next-gen, API-based email security provider when they use the term, “milliseconds”. This should be an automatic red-flag for which they must be able t...
Tracking numbers are the lifeblood of holiday shipping emails. Most emails you'll get from delivery services are tracking numbers. And if you're like some people, in...
There are few things more frustrating than getting a notification that a package couldn't be delivered. It requires far too much work to get it back on track. But wh...
We've all gotten some variant of this email before, even legitimate ones. A package can't be delivered. Maybe they couldn't get access to a building; maybe the addre...
The new series of G2 badges are out, and once again, we are thrilled and floored by the number of badges we've received. Thanks to our amazing customers, we're at th...
By now, you've got a sense of the type of Phishmas emails you may expect this holiday season. Shipping errors. Delivery fails. Tracking number mishaps. It's a verita...
Phishing attacks, a major threat to corporate and personal cybersecurity, can deliver malware and steal sensitive data or money from an organization. Phishing protec...
We talk a lot about the limitations that come with API-based email security solutions. These detect and remediate solutions wait for an email to come into the inbox ...
This Phishmas, be sure you know how to spot all the signs of a bad email.
In our Phishmas series, we've written a lot about Direct Deposit scams. These are common scams, and we've seen more of them over the course of the holidays. We belie...
For years, password-protected attachments have been a sore spot for email security services. Until we can reliably break encryption, you can't scan the password-prot...
This Phishmas, we're going to be ordering a ton of things from Amazon.
In August 2021, Check Point acquired Avanan. Now, it's been over a year later and things are going great.
Using deception and manipulation, social engineering attacks induce the target into doing something that an attacker wants. The social engineer may use trickery, coe...
Avanan now offers archiving, allowing customers to store emails for a period of seven years, as well as filter through emails to find relevant ones and export them.
Earlier this week, in our Phishmas series, we discussed the influx we're seeing in Direct Deposit scams. Essentially, a hacker impersonates an employee and asks HR t...
This Phishmas, we expect to check delivery companies for package and delivery status.
During Phishmas, you can expect a large increase of phishing emails from shipping companies like UPS, DHL and FedEx. End-users receive tons of legitimate emails from...
Email is one of the most widely used forms of corporate communication, but it is also a common cyberattack vector. Phishing attacks are a common means for attackers ...
In our first example of Phishmas scams, we'll talk about Direct Deposit fraud.
Phishes roasting in an open email...malware nipping at your nose. It's Phishmas and all the hackers are stirring--even your mouse!
In the third quarter of this year, Asia experienced the most cyberattacks of all regions in the world, according to Check Point Research, with an average of 1,778 we...
The World Cup is underway, with wall-to-wall soccer on tap for the next month.
Researchers have uncovered a state-sponsored hacking campaign that uses Google accounts to send emails, and then uses a Google Drive or Dropbox folder as the mechani...
Ransomware is a top-of-mind security concern for many organizations. However, not all ransomware attacks are the same. A number of different ransomware variants are ...
Emotet is a sophisticated, self propagating Trojan . While Emotet began as a banking trojan, its modular design has allowed it to evolve into a distributor for other...
It’s the most wonderful time of year. Family. Post-turkey malaise. Shopping. Phishing scams.
In 2021, high-profile ransomware attacks, such as the Colonial Pipeline and Kaseya hacks, caused significant disruptions to supply chains and companies’ operations.
Avanan is proud to receive the 2022 Tech Innovator Award in Email Security from CRN.
Avanan received a 5-star review from Expert Insights.
Avanan's Incident Response-as-a-Service (IRaaS) uses our team of highly-trained, Tier 2 security analyst experts to review end-user requests to release emails from q...
According to Check Point research, the second-most targeted industry in the world is the government sector. In the third quarter of this year, governments were on th...
Ransomware has emerged as a dominant cyber threat and one of the most expensive types of cyberattacks that an organization can fall victim to. However, not all ranso...
By now, the differences between Avanan and other API-based solutions are clear:
Dynamics 365 Customer Voice is a Microsoft product that is used primarily to gain feedback from customers.
Vishing – a portmanteau of voice and phishing – attacks are performed over the phone, and are considered a type of a social engineering attack, as they use psycholog...