Category Archives: ValiMail

Russian Phishing Attack Uses Harvard Emails

From Tweney Media client ValiMail, a timely post that scored incredible engagement on LinkedIn, raising ValiMail’s profile and helping to establish CEO Alexander García-Tobar as an email security expert:

Russian Phishing Attack Uses Harvard Emails — Due to Lack of Email Authentication

A Russian phishing attack used a fake Harvard email address in an attempt to get malware into American think tanks and nonprofits, the Harvard Crimson reports.

The attack shows how effective it can be for phishers to use the exact domain name of organizations that are unprotected by email authentication.

This attack also shows how difficult email authentication is for many organizations–Harvard included. Quotes in the Crimson story, and ValiMail’s domain checker, make it clear that Harvard was essentially defenseless against phishing attacks.

Worse: Phishing-led attacks account for a huge proportion of hacks, including the momentous intrusions into the Democratic National Committee. Hackers start their assault by sending phish emails to targets within the organization, and if they’re lucky enough to get someone who clicks on a link or opens a malicious attachment, they use that opening to get into the network itself.

Hey, it worked on John Podesta.

Understanding Email Authentication, But Not Enforcing It

ValiMail logoFrom Tweney Media client ValiMail, a provider of email authentication services via a SaaS platform:

[A recent security] audit shows that most corporations, banks, and government agencies have a long way to go before they fully implement the most advanced email authentication, DMARC.

However, many organizations clearly understand the importance of authentication preventing phishing and other forms of email fraud, … It’s just that very few companies have succeeded in getting DMARC to the point where it’s actually doing anything to stop fraud.

For more, read the whole post:  Corporations Understand DMARC Is Critical. So Why Can’t They Get to Enforcement?