New analysis from Red Sift of the 100 largest pharma companies shows nearly half of the sector is still open to domain spoofing. Only 51% of companies are at DMARC enforcement (p=reject)—the control that stops spoofed email at the door. Another 13% sit at p=quarantine, which offers limited filtering but does not equal enforcement. The…Continue Reading: 49% of Big Pharma companies are vulnerable to email phishing as weaponized AI surges
email security
La Poste announces new email authentication requirements for all senders
La Poste (laposte.net) has today announced significant changes to its email authentication requirements that will take effect in September 2025. These new requirements will fundamentally change how emails are processed and delivered to La Poste email addresses. What’s changing? Starting in September, La Poste will implement strict email authentication protocols that will affect all senders….Continue Reading: La Poste announces new email authentication requirements for all senders
What is email spoofing and how can you prevent it?
Executive summary: Email spoofing is a growing cyber threat where attackers forge the sender’s address to impersonate trusted sources, enabling phishing, business email compromise, and financial fraud. Because legacy email protocols like SMTP lack strong authentication, spoofing can bypass traditional filters. Organizations can mitigate this risk by implementing robust email authentication measures, especially DMARC. Solutions…Continue Reading: What is email spoofing and how can you prevent it?
What is social engineering and how can you prevent it?
Executive summary: Email phishing has evolved and criminals now use social engineering to impersonate executives, suppliers, and even government agencies, persuading recipients to approve payments or disclose credentials. Because human judgment sits at the heart of these attacks, technical controls that eliminate spoofed messages before they reach the inbox are essential. DMARC provides that control…Continue Reading: What is social engineering and how can you prevent it?
Attackers are abusing Microsoft 365: Here’s how to stay protected
Executive summary: Varonis has surfaced an active phishing campaign that spoofs internal users by abusing Microsoft 365’s Direct Send feature. Because Direct Send doesn’t require authentication and is treated as “internal,” these messages often bypass the checks you rely on for outside mail. Microsoft now offers an opt-in switch, RejectDirectSend, to block the pathway, but…Continue Reading: Attackers are abusing Microsoft 365: Here’s how to stay protected
SVGs with JavaScript are bypassing traditional email security: Learn how to stay secure
Executive summary: Hackers are hiding JavaScript inside SVG attachments that pass as harmless images, and slipping past Secure Email Gateways (SEGs). To stay secure, organizations need to enforce a DMARC policy of p=reject, easily implemented with Red Sift OnDMARC, to stop compromised SVGs before they reach the end user. Key takeaways: Scalable Vector Graphics (SVG)…Continue Reading: SVGs with JavaScript are bypassing traditional email security: Learn how to stay secure