Why Inbox Security is Critical for Organizations

The inbox is still where most breaches begin. But the threats hiding inside it are developing. The CSA Cyber Landscape 2024/25 report states that phishing is up 49%, and nearly 1 in 8 phishing emails now use AI-generated content. It’s no longer just little 'tricks' such as spelling errors, or fake logos that we have to look for, it’s precision-engineered social engineering, crafted by models that learning just as fast as we patch. And, yes, it’s not just email. New technologies — AI, IoT, and cloud services — are expanding the attack surface more quickly than most security teams are able to adapt. AI has become the ultimate double-edged sword, while it writes phishing scripts in seconds and debugs malicious code at scale, even as defenders use it to predict and block the next breach. Add to that: Cloud outages at giants like Alibaba, Microsoft Azure, and Salesforce — proving even the strongest aren’t immune. IoT devices multiplying across workplaces, often unsecured, running on outdated firmware. Hypervisor attacks slipping under the radar, creating hidden virtual machines to stay undetected for months. Every one of these vectors leads back to the same question: If the attack starts with a click, how do you make sure that click is safe? Singapore's strategic response, including regulation, OT, Cloud and AI security, educating the population, strengthening the Cybersecurity Ecosystem and talent, while addressing Supply Chain Risks is admirable. But we at ViewQwest are trying to do our part too. We built our SecureMail Gateway — not just to see, but to stop: Blocking phishing and spoofing before they hit inboxes Data Loss Prevention Detecting AI-generated threats in real time Aligning with CSA’s recommended frameworks for resilience Because resilience starts with your inbox — and it ends with the people who can trust it.

Attackers can send emails that look like they’re from your company without ever touching your systems. They spoof your domain, impersonate your executives, and target your customers. This can turn into real financial loss. Customers pay fake invoices. Vendors update payment details based on a fraudulent message. Employees get pulled into credential or payment scams that look legitimate. For a small business, that can mean lost revenue, recovery costs, and operational disruption. Email authentication helps reduce this risk. SPF and DKIM verify sending systems. DMARC ties it together and tells receiving servers how to handle messages that fail checks. When configured and enforced, many spoofed emails can be filtered or blocked before they reach inboxes. It also gives you visibility into who is trying to use your domain. It’s worth checking where you stand: Ask your MSP or IT team if SPF, DKIM, and DMARC are configured and actively monitored. Confirm your DMARC policy is enforced, not just set to monitor. Make sure you can review and act on DMARC reports. This is basic protection that’s easy to put in place, inexpensive to maintain, and can make a meaningful difference, especially given how much business communication and payments still rely on email. Learn more here: ➢ FTC: "How to Stop a Would-Be Business Impersonator" https://lnkd.in/gfjq6eEu ➢ FTC: "Email Authentication" https://lnkd.in/gmZuyxFj #Cybersecurity #EmailSecurity #EmailAuthentication #SmallBusiness #BusinessRisk

Microsoft 365 mailbox rules are being weaponized as a core technique behind $2.77 billion in annual Business Email Compromise losses. A new Proofpoint report reveals that 10% of all compromised Microsoft 365 accounts get malicious inbox rules installed within seconds of the initial breach, targeting 400+ million users worldwide by abusing built-in email functionality that no security tool will ever flag as suspicious. 😏 A password has been changed. Two-factor authentication is confirmed working. The IT team marked the incident as resolved. But somewhere in that inbox, a rule with the name "." has been running quietly the whole time. Every email that came in got copied and forwarded to the attacker's address. Has been for months. Because nobody checked the rules. The shortest recorded time between an account takeover and the creation of a malicious rule was 5 seconds. The rule forwards emails containing "invoice," "wire," "contract," or "payment" to an external address, or deletes incoming security alerts and MFA notifications before they ever land in the inbox. A password reset does not touch inbox rules. Neither does changing MFA settings. The rules are stored at the mailbox level, completely independent from login credentials. Proofpoint confirmed cases where attackers had been locked out for months, but data was still leaving the organization every day through a forwarding rule nobody had removed. The standard Microsoft 365 admin interface does not show all inbox rules. The command that actually finds everything is: Get-InboxRule -Mailbox user@domain.com -IncludeHidden If something turns up: → Delete the unauthorized rule immediately and verify no additional rules remain → Revoke all active sessions and refresh tokens, not just the password → Check Entra ID sign-in logs for anything that happened just before the rule was created → Confirm that external auto-forwarding is disabled at the organization level in Exchange Online A password reset was never incident response, it was always only step one. → https://lnkd.in/e6KECVJc Hacking is not a hobby but a way of life. 🎯 Research & writing: Jolanda de Koff | HackingPassion.com Sharing is fine. Copying without credit is not. Read the full breakdown: → https://lnkd.in/ek_H8uzw #EthicalHacking #Microsoft365 #M365 #BEC #CyberSecurity #InfoSec #EmailSecurity #OutlookSecurity #BusinessEmailCompromise #HackingPassion #IdentitySecurity #Phishing

Email may feel old-school compared to messaging apps and video calls, but it remains one of the most relied-on channels for business communication. That’s also what makes it such an attractive target. Threat actors know that if they can get into your inbox, they can get into your organization. Over the past few years, attackers have evolved their techniques by combining psychology, personalization, and AI to craft emails that look authentic. They don't just send one email; they often mimic normal work processes with follow-up messages and quick replies to build trust. Traditional defenses like secure email gateways, filters and firewalls help, but they can’t replace human judgment. The human element continues to be the most common entry point in cyber incidents. That’s why effective training matters. It needs to feel real, relevant, and connected to the threats employees actually encounter. We achieve this by running adaptive simulations that reflect modern phishing tactics. These are not the obvious "foreign prince needing information to send you money” scams we all know. They mirror the types of messages that blend into a normal workday. These simulations are intentionally challenging. AI-generated content, better targeting, and cleaner formatting make today’s phishing attempts harder to recognize. This allows us to test using realistic scenarios and see in real time how employees respond, including which red flags they identify and which ones they might overlook. We also implement learning modules on AI deepfakes and social engineering. Earlier this year, our teams even stepped into the role of the attacker and crafted phishing emails themselves to test our internal teams and detections. It gave them a deeper understanding of how easily a small detail can influence whether a message gets opened or reported. Cybersecurity is more than technology. It is about people. When we strengthen our employees’ instincts, we strengthen our entire organization.

The KPMG rapture email made headlines for its unusual content but what stood out to me was the security angle. A trainee accountant managed to send a mass email with a 173 page attachment across the firm. On the surface it was just a message about faith. But imagine if that attachment carried malicious code, how many people would have opened it without thinking twice simply because it came from inside. This shows how much we rely on trust in internal systems. Insider threats aren’t always about bad actors, sometimes it’s about access, misuse or just not realising the risks. All it takes is one account, one email one attachment, to create a global incident. This raises questions every organisation should be asking itself. Who really needs permission to send to global lists? Are attachments being scanned no matter where they come from? Do we have systems in place to flag unusual behaviour like mass sending before it becomes a problem? The lesson here is that trust is not a control. Security isn’t only about firewalls and keeping hackers out, it’s about governance, monitoring and remembering that sometimes the bigger risks come from within. #CyberSecurity #InsiderThreats #Governance #RiskManagement #InfoSec

We live in a world where e-mail phishing is no longer the only cybersecurity threat. A new and increasingly dangerous trend is 𝐞𝐦𝐩𝐥𝐨𝐲𝐦𝐞𝐧𝐭 𝐟𝐫𝐚𝐮𝐝: attackers no longer attempt merely to deceive through false messages, but instead infiltrate organizations under the guise of newly hired employees. Imagine this scenario: a candidate presents an impeccable résumé, “perfect” references, credible online profiles, and even participates in interviews conducted with deepfake technology. The individual is hired, gains access to corporate e-mail, project repositories, and internal systems… and within a few days, the attacker has already obtained control over the company’s infrastructure. ⚠️ 𝑇ℎ𝑖𝑠 𝑖𝑠 𝑛𝑜𝑡 𝑐𝑙𝑎𝑠𝑠𝑖𝑐𝑎𝑙 𝑝ℎ𝑖𝑠ℎ𝑖𝑛𝑔. 𝑇ℎ𝑒𝑠𝑒 𝑎𝑟𝑒 𝑎𝑡𝑡𝑎𝑐𝑘𝑠 𝑡ℎ𝑎𝑡 𝑝𝑒𝑛𝑒𝑡𝑟𝑎𝑡𝑒 𝑡ℎ𝑟𝑜𝑢𝑔ℎ 𝐻𝑅 𝑎𝑛𝑑 𝑟𝑒𝑐𝑟𝑢𝑖𝑡𝑚𝑒𝑛𝑡 𝑝𝑟𝑜𝑐𝑒𝑠𝑠𝑒𝑠. Key findings show that: - More than 320 confirmed cases have involved attackers (including North Korean operatives) infiltrating companies remotely under false employment. - The number of such infiltrations has increased by 220% compared to the previous year. - Once inside, attackers can exfiltrate sensitive data, install backdoors, and compromise critical systems. The implications - Digital identity has become the new security perimeter. Protecting e-mail alone is no longer sufficient. - Access must be restricted. No individual-whether newly hired or long-tenured-should retain permanent access to sensitive resources. One promising approach is the Zero Standing Privileges (ZSP) model, which entails: - granting access only when required (Just-In-Time), - restricting rights to the minimum necessary (Just-Enough-Privilege), - implementing comprehensive auditing and continuous monitoring of all activities. Cybersecurity is no longer solely the responsibility of IT departments; it also extends to HR processes, recruitment, and onboarding practices. Without careful verification of identities and strict access control, organizations may end up “hiring” the very individual who will sabotage their systems. In a digital landscape where attackers are becoming increasingly sophisticated, cybersecurity must be treated as a priority by everyone-from newly onboarded employees to senior executives. Further details: https://lnkd.in/dNmtfGvv #CyberSecurity #Phishing #HR #ThreatIntelligence #ZeroTrust

𝗕𝗢𝗢𝗠 — 𝗪𝗛𝗘𝗥𝗘 𝗧𝗛𝗘 𝗜𝗡𝗕𝗢𝗫 𝗠𝗘𝗘𝗧𝗦 𝗧𝗛𝗘 𝗦𝗨𝗣𝗣𝗟𝗬 𝗖𝗛𝗔𝗜𝗡 So yes — congratulations to James Savard and Burcu YARAR for being on top of the ball — without the cushion of multi-billion-dollar contracts. Because when a civilian sector publication can map the risks so clearly, it raises the question: how can multi-million-dollar contractors sited by the GAO, holding defense-scale budgets, still leave cracks wide open? 𝗪𝗛𝗘𝗥𝗘 𝗜𝗧 𝗔𝗟𝗜𝗚𝗡𝗦 ► Contextual attacks: Attackers weaponize context — reply-chains, trusted names, real POs — not just attachments or malware. That’s the same dynamic behind horizontal contamination (trust flowing between suppliers) and vertical contamination (threats climbing from subs to primes to the DoD). ► Speed of compromise: Breakout times in minutes or seconds mirror the urgency we flag in defense logistics: one fraudulent transaction or a hijacked CAD file can ripple into operational stoppages. ► Third-party blast radius: Breaches with supplier involvement have surged; when one supplier is compromised, every allied partner connected to that node inherits the risk. 𝗪𝗛𝗘𝗥𝗘 𝗜𝗧’𝗦 𝗛𝗜𝗚𝗛𝗘𝗥 𝗦𝗧𝗔𝗞𝗘𝗦 𝗜𝗡 𝗗𝗘𝗙𝗘𝗡𝗦𝗘 ► Horizontal contamination: A hijacked allied supplier email taints everyone who shares that route or logistics data. ► Vertical contamination: A compromised subcontractor on a weapons system can ride “up the ladder” into primes and U.S. command systems. ► Operational impact: In commercial manufacturing it’s fraud and delays. In defense it can mean mission failure, compromised readiness, or adversaries embedding malware into sustainment systems across NATO allies. 𝗪𝗛𝗬 𝗧𝗛𝗜𝗦 𝗠𝗔𝗧𝗧𝗘𝗥𝗦 The article reframes what we’ve been saying: the inbox is the frontline. It’s not always a suspicious attachment — it’s the assumptions: trusted domains, reply-chains, “line-down” urgency that attackers mimic. An invoice reroute in automotive is a financial hit. The same tactic in defense logistics means spare parts don’t arrive — aircraft don’t fly, ships don’t sail. So yes — this is a commercial mirror of the same principle. The difference in defense is scale and consequence: fraud becomes strategic contamination between allies. That’s the connection most of industry hasn’t yet made — and it’s exactly where the focus needs to be. 👉👉 👉 If commercial supply chains already see the playbook, what excuse does a GAO-cited defense logistics contractor with multi-million-dollar budgets have for leaving cracks wide open? As cybersecurity expert Andy Jenkinson would ask across the pond: is it complacent, or compliant? In other words — is this happening by accident, or by choice? Horizontal and vertical contamination aren’t hypotheticals — they’re operational choke points waiting to be triggered. Ignore the inbox, and you hand the keys of readiness to your adversary. Linda Restrepo Editor in Chief

🚨 The Rise of AI-Powered Phishing: Why Your Inbox is the New Battleground Phishing has always been a threat, but artificial intelligence has turned it into something far more dangerous. No more broken grammar or suspicious links, now the emails look perfect, the voices sound real, and even the video calls can be convincingly fake. 💡 In one recent case, a global engineering firm lost nearly £20 million after employees joined what looked like a routine video call with executives. The faces and voices were indistinguishable from reality, but the entire meeting was an AI-generated scam. This is the new frontier of cybercrime. But there are ways to fight back. 🔐 Organizations must: ✅ Enforce MFA and multiple approvals for unusual requests ✅ Simulate phishing, deepfake voice, and video attacks in training ✅ Use AI-driven anomaly detection and adopt zero trust 👤 Common users should: ✔️ Question urgency in messages and calls ✔️ Verify sensitive requests with an independent method ✔️ Limit what they share online ✔️ Keep devices updated ✔️ Trust instincts when something feels “off” 🧠 Your inbox is now a battlefield. Defending it requires a mix of sharp human judgment and smarter AI defenses. 💪 Platforms like https://gurucul.com use advanced AI and machine learning to detect anomalies, prevent identity-based attacks, and uncover sophisticated phishing and deepfake threats before they cause damage. Stay alert. Stay informed. Stay secure. #CyberSecurity #AIThreats #Phishing #Deepfake #ZeroTrust #Gurucul #AIDrivenSecurity

𝗪𝗵𝘆 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱 𝗘𝗺𝗽𝗵𝗮𝘀𝗶𝘇𝗲 𝗘𝗺𝗮𝗶𝗹 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗮𝗻𝗱 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 Email is a critical communication tool, but it is also the most targeted attack vector for cybercriminals. Neglecting email security can expose individuals and organizations to significant risks, including data breaches, financial loss, and reputation damage. 𝗛𝗲𝗿𝗲’𝘀 𝘄𝗵𝘆 𝗶𝘁 𝗱𝗲𝘀𝗲𝗿𝘃𝗲𝘀 𝘆𝗼𝘂𝗿 𝗮𝘁𝘁𝗲𝗻𝘁𝗶𝗼𝗻: 𝟭. 𝗘𝗺𝗮𝗶𝗹 𝗶𝘀 𝘁𝗵𝗲 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 𝘁𝗼 𝗖𝘆𝗯𝗲𝗿 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 ◼️   Phishing Attacks trick users into sharing sensitive data or installing malware. ◼️   Business Email Compromise (BEC) targets organizations by impersonating executives for fraudulent transactions. ◼️   Malware Distribution through malicious links and attachments can cripple operations. 🔍 𝗙𝗮𝗰𝘁: 𝟵𝟬% 𝗼𝗳 𝗰𝘆𝗯𝗲𝗿𝗮𝘁𝘁𝗮𝗰𝗸𝘀 𝘀𝘁𝗮𝗿𝘁 𝘄𝗶𝘁𝗵 𝗲𝗺𝗮𝗶𝗹. 𝟮. 𝗙𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗮𝗻𝗱 𝗥𝗲𝗽𝘂𝘁𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗜𝗺𝗽𝗮𝗰𝘁 A single compromised email can lead to: ◼️   𝗙𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗟𝗼𝘀𝘀: Fraudulent transactions or ransomware demands. ◼️   𝗗𝗼𝘄𝗻𝘁𝗶𝗺𝗲: Operational disruptions caused by malware. ◼️   𝗥𝗲𝗽𝘂𝘁𝗮𝘁𝗶𝗼𝗻 𝗗𝗮𝗺𝗮𝗴𝗲: Loss of trust from clients and stakeholders due to data leaks. 𝟯. 𝗚𝗿𝗼𝘄𝗶𝗻𝗴 𝗦𝗼𝗽𝗵𝗶𝘀𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝗧𝗵𝗿𝗲𝗮𝘁𝘀 Cybercriminals are evolving rapidly with: ◼️   Targeted spear phishing campaigns. ◼️   AI-driven attacks that bypass traditional filters. ◼️   Exploits through public networks like Wi-Fi hotspots. 𝟰. 𝗟𝗲𝗴𝗮𝗹 𝗮𝗻𝗱 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀 ◼️   Regulations like GDPR, HIPAA, and other data protection laws mandate robust email security to safeguard sensitive information. Non-compliance can result in hefty penalties. 𝟱. 𝗛𝗼𝘄 𝘁𝗼 𝗦𝗲𝗰𝘂𝗿𝗲 𝗬𝗼𝘂𝗿 𝗘𝗺𝗮𝗶𝗹𝘀 ◼️   𝗨𝘀𝗲 𝗘𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻: Protect email data in transit and at rest. ◼️   𝗜𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁 𝗔𝗻𝘁𝗶-𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲: Block malicious emails before they reach the inbox. ◼️   𝗧𝗿𝗮𝗶𝗻 𝗬𝗼𝘂𝗿 𝗧𝗲𝗮𝗺: Educate employees to recognize phishing attempts and report suspicious activity. ◼️   𝗔𝗱𝗼𝗽𝘁 𝗠𝘂𝗹𝘁𝗶-𝗙𝗮𝗰𝘁𝗼𝗿 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 (𝗠𝗙𝗔): Add an extra layer of defense for email accounts. 𝗧𝗵𝗲 𝗕𝗼𝘁𝘁𝗼𝗺 𝗟𝗶𝗻𝗲: Email security is not optional - it’s essential. By protecting your inbox, you safeguard your data, finances, and reputation, ensuring business continuity in an increasingly risky digital world. 🔒 𝗦𝗲𝗰𝘂𝗿𝗲 𝘆𝗼𝘂𝗿 𝗲𝗺𝗮𝗶𝗹𝘀 𝘁𝗼𝗱𝗮𝘆 - 𝗱𝗼𝗻’𝘁 𝘄𝗮𝗶𝘁 𝗳𝗼𝗿 𝗮 𝗯𝗿𝗲𝗮𝗰𝗵 𝘁𝗼 𝘁𝗮𝗸𝗲 𝗮𝗰𝘁𝗶𝗼𝗻! #Cybersecurity #EmailSecurity #Emails #DataProtection #Awareness #Tips

Strong security for emails is one of the top concerns of CNI dealing companies. According to a recent OPSWAT report, 80% of CNI companies reported an email-related security breach in the past year. Malicious emails are being exploited to target essential services, and email-based attacks are increasingly used as a key strategy for gaining unauthorised access. CNI organisations, such as utilities, transportation, telecommunications, and data centres, are prime targets for cybercriminals. The appeal lies in the widespread disruption a successful attack can cause. For example, a report from Malwarebytes highlighted that the services industry, which includes many CNI sectors, has been heavily impacted by ransomware, accounting for nearly a quarter of global attacks. Email attacks prove to be particularly effective, according to a report by OPSWAT, which polled 250 IT and security leaders of CNI firms. For instance, CNI organisations experienced 5.7 phishing incidents, 5.6 account compromises, and 4.4 instances of data leakage per year for every 1,000 employees. Yet still, more than half of the respondents assumed that email messages and attachments were safe by default. https://lnkd.in/ghTN_8zX