Home M3AAWG in the News
URL
February 19, 2021

Phishing campaign alters prefix in hyperlinks to bypass email defenses


Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional email defenses by subtly changing the prefixes (a.k.a. schemes) of malicious URLs in hyperlinks.

URL
February 17, 2021

NIST hints at upgrades to its system for scoring a phish’s deceptiveness


Officials from the National Institute of Standards and Technology (NIST) this week teased future improvements to the agency’s recently introduced “Phish Scale” measurement system, which helps companies determine whether phishing emails are hard or easy for their employees to detect. 

URL
February 08, 2021

M3AAWG to Hold 51st General Meeting to Advance Strategies and Tactics to Fight Online Abuse


The Messaging, Malware and Mobile Anti-Abuse Working Group to gather cybersecurity leaders, experts and member companies for virtual summit on February 15-18; Topics include NIST's "The Phish Scale," smishing in the UK, TLS 1.3 and more.

URL
December 22, 2020

Breach alerts dismissed as junk? New guide for sending vital emails may help


The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But how many of these email notifications will go ignored, bounced or quarantined?

URL
November 12, 2020

Phantom Clicks: Non-Human Intervention Distorts Email Marketing Metrics, Study Finds


It seems simple: You send a marketing email, and the recipient opens and clicks on it or doesn’t. Right?
Not quite. Received email is increasingly being handled via Non-Human Interaction (NHI) — through software programs that can throw off marketers' metrics and hurt their sender reputation.

URL
September 10, 2020

Nation State Interference During the US Presidential ‘Pandemic Election’


Emotive topics such as COVID-19 and the role of policing will be at the heart of this election, and these tense issues, alongside the highly polarized nature of the electorate, ensure there will be a fertile ground for misinformation campaigns from nation state actors seeking to influence the outcome of the election. Such a phenomenon was observed recently in the so-called ‘Brexit election’ in the UK in December 2019, following which the UK government’s Intelligence and Security Committee (ISC) described Russia as a “highly capable cyber-actor.” 

URL
September 08, 2020

Interview: Seth Blank, Technical Committee Co-Chair, M3AAWG


Speaking to Infosecurity, Seth Blank, technical committee co-chair of M3AAWG and VP of standards and new technologies at Valimail, said the issue it is looking to overcome is “a lack of clarity around well-known technical requirements.”

URL
September 03, 2020

Bringing BEC home: How to protect against BEC attacks while remote


As cybercrime spikes in the wake of COVID-19, BEC’s toll is expected to rise this year. The Federal Bureau of Investigation (FBI) recently issued a warning to businesses on the growing threat of BEC attacks using the pandemic as a backdrop for unusual requests like payments to a “new” vendor or a change of account information.

URL
August 20, 2020

61% of Airlines Have No Published DMARC Record, Customers Susceptible to Email Fraud


The majority of airline companies are potentially leaving their customers vulnerable to email fraud, such as phishing, according to a new analysis by Proofpoint.

URL
July 10, 2020

U.S. universities at risk of back-to-school and Covid-19 email fraud


The top 20 universities based in the U.S. are failing to implement proper DMARC protections and policies, opening the door for fraudsters to spoof their email domains and convincingly impersonate them at a time when students are likely expecting to receive a wealth digital communications related to back-to-school instructions, researchers warn.

URL
June 29, 2020

Why Trump’s administration is going after the GDPR


U.S. officials are ramping up criticism of Europe’s flagship privacy law, which they say protects cybercriminals.

URL
June 18, 2020

The Bigger the News, the Bigger the Cyber Threats


Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.

URL
June 11, 2020

M3AAWG issues email authentication advice for security pros


The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) has put out a joint call-to-action with Google and Verizon for the security industry to take more proactive measures to authenticate and secure their sending domains and email addresses by deploying email authentication at scale.

URL
June 11, 2020

Firms Unite To Fight COVID-19 Spam


A group of major firms, including Google, Verizon and Comcast, has formed an initiative to fight COVID-19-related spam.

URL
June 11, 2020

Google Warns of Emerging #COVID19 Cyber-Threat Hotspots


Google has warned of a rise in COVID-19 threats in specific parts of the world, as cyber-criminals adapt their campaigns regionally.

URL
June 10, 2020

Working Group Calls for Greater DMARC Support and Adoption


In an open statement shared with Infosecurity, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) made a call for further steps to be taken to “authenticate and secure sending domains and email addresses by deploying email authentication at scale and at enforcement.”

URL
June 01, 2020

Should you deploy a TLS 1.3 middlebox?


To inspect or not to inspect, that is the question.

TLS 1.3 is by far the most secure version of the Transport Layer Security (TLS) protocol, but its use of ephemeral elliptic curve keys--and the deprecation of static RSA keys--means that TLS sessions now offer forward secrecy, a bane to enterprise security administrators who want to maintain visibility into their network traffic.

URL
May 26, 2020

M3AAWG's 49th General Meeting Goes Virtual to Continue the Fight Against Online Abuse

200-member strong Messaging, Malware and Mobile Anti-Abuse Working Group gathers to discuss online security and privacy best-practices in the wake of attacks taking advantage of COVID-19

URL
May 18, 2020

Think Before You Click. How to Protect Your Small Business From Malicious COVID-19 Email


The latest hook? The pandemic. Since nearly every individual and organization is impacted by COVID-19, everyone is a potential target for these cyberattacks, especially those without cybersecurity experience, namely small businesses.
 

URL
May 08, 2020

WHY CAMPAIGNS NEED TO RETHINK HOW TO SECURE THEIR COMMUNICATIONS


Every campaign plan for this cycle has changed dramatically because of COVID. In-person activities are curtailed for the foreseeable future. In their place, candidates and groups are moving to virtual town halls, virtual rallies and relying more on texting, paid media and email. 

Pages