TechRadar: Cybercriminals are impersonating social media sites to steal your logins. “Cybercriminals have started impersonating social media companies in their phishing emails, new research has found. Cybersecurity experts from Check Point Research analyzed phishing emails sent out during the third quarter of 2021, and found that WhatsApp, LinkedIn, and Facebook, made the top ten most impersonated brands list for the first time this year.”
Motherboard: Google Blocked Russian Government Phishing Emails Targeting 14,000 Users. “On Wednesday, Google alerted approximately 14,000 users that they had been targets of Russian government sponsored hackers, according to a company employee.”
GovTech: Texas Social Media Censorship Law May Increase Spam Emails. “House Bill 20, which passed on Sept. 9, prohibits email service providers from ‘impeding the transmission of email messages based on content.’ Eric Goldman, a professor at Santa Clara University of Law whose research and teaching focuses on Internet, IP and advertising law topics, says this restricts efforts to control email spam.”
The Verge: The Gmail app takes calls now, too, because Google wants it to do everything. “Google is announcing even more Workspace features today, part of an increased cadence of changes to the company’s office and communications software suite over the past year or so. Today’s announcement is a bit of a milestone, however. Although there is still the smattering of small and coming-soon updates, the bigger change is that Gmail is getting a redesign that reveals its true nature in Google’s eyes: the central hub for every Google communication app.”
Ars Technica: Microsoft Outlook shows real person’s contact info for IDN phishing emails. “This week, infosec professional and pentester DobbyWanKenobi demonstrated how they were able to trick the Address Book component of Microsoft Office to display a real person’s contact info for a spoofed sender email address by using IDNs. Internationalized Domain Names (IDNs) are domains consisting of a mixed Unicode character set, such as letters from both Latin and Cyrillic alphabets that could make the domain appear identical to a regular ASCII domain.”
TechCrunch: ProtonMail logged IP address of French activist after order by Swiss authorities. “ProtonMail, a hosted email service with a focus on end-to-end encrypted communications, has been facing criticism after a police report showed that French authorities managed to obtain the IP address of a French activist who was using the online service. The company has communicated widely about the incident, stating that it doesn’t log IP addresses by default and it only complies with local regulation — in that case Swiss law. While ProtonMail didn’t cooperate with French authorities, French police sent a request to Swiss police via Europol to force the company to obtain the IP address of one of its users.”
Krebs on Security: Gift Card Gang Extracts Cash From 100k Inboxes Daily. “Some of the most successful and lucrative online scams employ a ‘low-and-slow’ approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online.” Really interesting read.
PCWorld: Beware this new phishing attack that’s after your passwords!. “A classic bit of internet security advice just bit the dust. For ages, email users were told to hover their mouse over a link to see where it led—if you saw the URL of a legitimate website, you were in the clear. But on Tuesday, Microsoft shared details on a kind of phishing attack it’s seeing more frequently: Email with links that contain a known website at the start, but actually redirect to a malicious page.”
Make Tech Easier: 6 Disposable and Throwaway Email Providers You Can Try. “Has your email address become a target for spam and scams? One solution is to create a temporary email address, one that you can use to register, shop, sign up, etc., without worrying about your real, permanent email address getting bombarded with junk. Fortunately, there are plenty of sources for disposable or throwaway email addresses that help you avoid the spam and scams.”
Thunderbird 91 lands: Now native on Apple Silicon, swaps ‘master’ for ‘primary’ password, and more (The Register)
The Register: Thunderbird 91 lands: Now native on Apple Silicon, swaps ‘master’ for ‘primary’ password, and more. “Mozilla’s Thunderbird is a cross-platform, open-source email client. Its future looked uncertain in 2015 when Moz CEO Mitchell Baker said ‘sooner or later paying a tax to support Thunderbird will not make sense as a policy for Mozilla.’ Early last year, though, matters improved, with the formation of a wholly-owned subsidiary, MZLA Technologies Corporation, to manage the project.”
CNET: How to use Apple’s Hide My Email feature to kick spammers out of your inbox. “Some spam is sent with malicious intent, but a lot of it boils down to harmless email clogging up your inbox, creating a cacophony of advertisements you don’t want to see, and plenty of time-consuming work to delete or unsubscribe. Apple is taking aim at email spam with a new tool called Hide My Email, which aims to thin out your inbox by keeping email spam from showing up in the first place.? Note that this is a premium service, not free.
Bleeping Computer: DuckDuckGo’s new email privacy service forwards tracker-free messages. “DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting. Users of the service get a free ‘@duck.com’ email address that cleans messages of trackers and forwards them to your normal inbox.”
CanIndia News: J&K Police approaches Google for email details of arrested PDP leader Parra. “Jammu and Kashmir Police has approached Google and US authoritiees, asking them to preserve the e-mails allegedly sent by arrested Peoples Democratic Party youth wing President Waheed Parra to Pakistan-based terror groups.”
9to5 Google: New Gmail with Google Chat tabs rolling out for free accounts, here’s how to turn on. “Last year, Google announced that the future of Gmail will see Chat messaging and group Rooms join the existing Meet video calling integration. This is already available to enterprise Workspace users, and Google is now letting personal Gmail accounts get this ‘integrated workspace.’” Isn’t this something GMail had several years ago, or was that a different integrated chat?