Knowledge Base

Account takeover (ATO) is when a hacker successfully takes ownership of one or multiple online accounts. This form of fraud is often carried out by the hacker using stolen login credentials to gain access.

Also referred to as “double-barreled” phishing, barrel phishing is a more sophisticated form of phishing that involves two emails.

Brand impersonation is a type of email phishing attack where cybercriminals pose as a trusted brand to dupe victims and steal their data.

A brute-force attack is a trial-and-error method used to obtain information such as passwords or other access codes. Find out more.

Business Email Compromise (BEC) is characterized according to its different forms. In addition to compromising an employee’s email account, methods such as spear phishing or CEO fraud are also used, the latter being preferred by criminals for gaining access to confidential company information or money.

CEO fraud is when a hacker impersonates a senior executive within an organization and attempts to dupe employees into providing sensitive company information, sharing account credentials, or transferring funds.

Clone phishing is a subset of phishing that replicates a previously sent, legitimate email to exploit victims.

What exactly is a computer virus? What are the chances of eliminating one? And what kind of protection is really effective against them?

Computer Vision is a field of computer science that uses Artificial Intelligence (AI) to understand visual data (imagery). Learn more about its use for email security.

A computer worm is a malicious program that reproduces itself as it spreads to as many computers as possible. This makes the it particularly dangerous for companies.

A cousin domain is a form of email spoofing in which hackers use a domain that deceptively resembles the name of another website.

Credential harvesting is a specific type of cyberattack targeting login credentials, such as usernames and passwords.

Credential stuffing is a form of cyberattack that involves using stolen login credentials to access other unrelated services and applications.

With the establishment of cryptocurrency, the era of a new means of payment has been ushered Crypto Mining in. To better understand the miners’ gold rush, we have summarized the most important facts.

Today, encryption is mainly thought of as an IT term, because data, e-mails, computers etc. are encrypted. But that was not always so. Encryption actually has its origins back in the year 480. And until a few years ago, encryption was primarily used in espionage or in top-secret government communications.

Cryptojacking is a type of cyberattack in which hackers infiltrate a user’s device and secretly use computing resources to mine cryptocurrencies.

The Cryptolocker Ransomware is still known to many as an extremely perfidious attack method. Here you will learn everything you need to know.

To identify and combat attacks along the Cyber Kill Chain in time, you need to understand the strategies of the criminals.

A cyberattack is any attempt by nefarious individuals to target an organization’s IT infrastructure, networks, systems, or devices to either steal, expose, or destroy information or assets.

Cybersecurity is the collection of technologies, best practices, and processes used to protect your IT infrastructure, systems, networks, and devices from harmful threats.

Data exfiltration is the deliberate extraction of sensitive data by an external organisation without permission.

Data loss refers to the permanent removal or destruction of sensitive information from an organization’s control. It can occur from intentional or unintentional actions, technological errors or system malfunctions, or external attacks.

Data Loss Prevention (DLP) is the process of protecting sensitive data from getting lost, destroyed, or exfiltrated through unwanted and unauthorized means.

Data privacy refers to the ability for online users to control their personal information, including to what extent it gets shared with third parties.

Naturally, data theft follows a data breach. A data breach is when confidential information is accessed and retrieved by a third party without authorization. Data breaches often occur after hackers compromise an account and gain entry to a protected network.

The abbreviation DDoS stands for Distributed Denial Of Service. A DDoS attack is a type of DoS attack in which several hijacked systems are used to carry out an attack against the target system.

Display name spoofing uses the display name of email senders to deceive recipients. Learn how to prevent it from happening to your organisation.

DomainKeys Identified Mail (DKIM) is an email verification process that validates with a digital signature that an email came from the intended organization.

DNS spoofing, short for Domain Name System spoofing and also referred to as DNS cache poisoning, is a type of cyberattack in which domain name servers are compromised via fake data to redirect users to harmful websites.

Domain spoofing is a phishing attack where cybercriminals use a fake version of a legitimate email address to scam users.

A drive-by download refers to a malicious technique used by cybercriminals to infect a user’s computer or device with malware without their knowledge or active participation. It occurs when a user visits a compromised website or clicks on a malicious link, triggering the automatic download and installation of malware onto their system.

Email filtering refers to the process of analyzing incoming emails and applying specific rules to determine their legitimacy and potential risk.

An email gateway, or secure email gateway (SEG), is a solution designed to enhance the security of email communication.

Email scams are malicious attempts by hackers to trick unsuspecting users into taking a compromising action.

Email security is an important field in cybersecurity that is dedicated to protecting email communications and accounts from cyberattacks. It encompasses a broad collection of technologies, best practices, and standards designed to secure the communication channel.

Email spoofing is a technique used in phishing and spear phishing attempts in which a person attempts to pass off a fraudulent email as a legitimate one that closely resembles a message an individual would typically receive.

What is Emotet? And how can I protect myself from Emotet? Measures to protect against the most dangerous malware Emotet.

Encryption is the process of transforming information to make it unreadable for anyone except those who have the proper encryption key.

EDR systems detect security threats by monitoring endpoint activity for suspicious behaviors, block and contain malicious threats, and facilitate incident response and investigation activities.

Endpoint security is a type of cybersecurity that protects devices such as phones, computers, and tablets from harmful threats and activities.

While there are a few tools available to organizations and MSPs within Microsoft 365 that can help protect user mailboxes, the most commonly known option is Exchange Online Protection (EOP). 

What is GoBD? And what does GoBD mean for companies? The GoBDs are the principles for the proper management and storage of books.

It’s Cybersecurity Awareness Month, and that means it’s an important time to acquire the knowledge that can help protect you, your organization, and your clients from cyberthreats. 

Whenever an organization communicates online and stores and transfers data and information, it must ensure its IT security. But what exactly is this?

Read on to learn more about keylogger attacks, including the most common types, how they’ve evolved over the years, and how your organization can prevent them.

A mail transfer agent (MTA) is software that manages the transfer of email messages between mail servers. Commonly referred to as a mail relay or mail router, an MTA acts as an intermediary, receiving outgoing messages from mail user agents (MUAs) or other mail transfer agents and ensuring their accurate delivery to the intended recipients.

The term malware is used to describe all kinds of malicious software. The focus here is on malware that is loaded onto the device in order to cause damage.

In this post, we break down what an open redirect attack is, how it works, why hackers use it, and how you can protect against it.

Understanding the basics of pharming and how this attack occurs is a critical first step in fortifying your cybersecurity defenses. Let’s dive deeper into the various types of pharming and how to protect against them.

Phishing is a type of social engineering, which mostly works via scam emails. It’s a way hackers try to manipulate victims to lead them to a specific reaction, like typing in a password or opening a malicious document.

Ransomware is a malicious program that is installed unnoticed on the PC of a stranger., which ensures that the computer is locked for the user, and can only be unlocked again by paying a ransom.

RaaS is a subscription service that includes everything a hacker needs to launch a ransomware attack.

The Ransomware kill chain. Here we would like to show you the anatomy of a Ransomware attack along the Cyber Kill Chain. Find out more now.

Ransomware Kill Chain Part 2: How to use the Ransomware Kill Chain model to derive appropriate countermeasures. Learn more from Hornetsecurity.

The goal of remediation is to protect the organization’s sensitive information and prevent any potential damage or unauthorized access.

How hackers collect data from companies via social engineering, without hacking and how to protect against it.

Spear phishing is a form of social engineering, often involving the impersonation of an individual to trick the recipient into performing a desired action, usually financial in nature. Often a hacker will pretend to be someone the victim knows, such as a colleague, manager, customer or supplier.

Insidiously, as in the famous mythology, a Trojan horse attacks computers, steals data and damages the system.

URL rewriting is ubiquitous in security for emails. The underlying functionality might be different from vendor to vendor, but the idea is the same: When users interact with URLs inside their inbox, URL rewriting affords the ability to check whether or not the destinations of the URLs are safe.

In this article, you learn about the basics of vishing, the difference between vishing vs. phishing, and most importantly, how your organization can ensure these attacks are identified and avoided at all costs.