Understand the Latest Threats

Learn about the latest threats and how they work.


Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.

Someone Making Purchase on Laptop with a Credit Card - Ransomware


Ransomware is a type of malicious software that blocks access to a computer system or data, usually by encrypting it, until the victim pays a fee to the attacker. In many cases, the ransom demand comes with a deadline—if the victim doesn’t pay in time, the data is gone forever.

Professional Learning About Business Email Compromise

Business Email Compromise (BEC)

Impostor emails trick people into sending money—sometimes hundreds of thousands of dollars in a single wire transfer—or sensitive corporate or personal data. They appear to come from the CEO or other high-level executive and urge the recipient to keep the details confidential.   

Man Uses Cell Phone - Information Seeking Scams

Information Seeking Scams

Scammers want information, and they try to extract it by tricking recipients of emails. The information they collect could be an organization chart - or as significant as usernames and passwords to corporate resources. 

Someone Uses Laptop to Check Email - Spam


Spam, also known as Unsolicited Commercial Email (UCE), is often questionable, mass-emailed advertisements. At its peak, spam accounted for 92% of all email traffic, and most of the spam was non-malicious.

Two Male Colleagues Discuss Malicious Email Attachments

Malicious Email Attachments

Attackers attach files to email that indirectly launch an executable program that can destroy data, steal and upload information to outsiders, or can silently use the infiltrated computer for other tasks – all without the user’s knowledge.

Man Checks Email on Tablet - Phishing Protection


Phishing is a socially engineered attack that uses embedded URL links to extract information from the user or take control of their computer. Clicking on a link opens a browser, and the user is taken to a site that’s been setup as a trap by the attackers.

Colleague Discuss an Email Attack - Longlining Attack


Mass customized phishing messages that are typically engineered to look like they are only arriving in small quantities, mimicking targeted attacks. Attackers leverage approaches used by mass marketing campaigners to generate millions of dissimilar messages.

Image of a URL Protocol - Watering Hole Attack

Watering Hole

A targeted attack designed to compromise users within a specific industry or function by infecting websites they typically visit and luring them to a malicious site. Watering Hole attacks, or strategic website compromise attacks, are limited in scope as they rely on an element of luck. 

Handling a Spear Phishing Attack

Spear Phishing

Socially-engineered and sophisticated threats sent to an organization’s users that are typically designed to steal information. Spear phishing is a phishing attack where attackers typically personalize messages to the user based on publicly available information about them.

Man Using iPad - Advanced Persistent Threat

Advanced Persistent Threat

Mostly nation-state-sponsored attacks aimed at compromising an organization to carry out espionage or sabotage goals, but which aim to remain undetected for a longer period of time. The term Advanced Persistent Threat (APT) is often misused.

Image of Employees Wearing Suits - Endpoint Security Threats

Endpoint-Delivered Threats

Attackers can use strategies such as leaving an infected USB drive around the organization’s parking lot in anticipation that an employee will pick it up and plug it into a network connected system. 

Image of Computer Hardware - Network Delivered Threats

Network-Delivered Threats

To execute a successful network attack, attackers must typically actively hack a company’s infrastructure to exploit software vulnerabilities that allow them to remotely execute commands on internal operating systems. 

Bad Rabbit Encryption Screen Example

Bad Rabbit

Bad Rabbit is a strain of ransomware that first appeared in 2017. It appeared to target media companies in Russia and Ukraine.

CryptoLocker Ransomware Definition Cover Photo


CryptoLocker is a form of ransomware that restricts access to infected computers by encrypting its contents. Once infected, victims are expected to pay a “ransom” to decrypt and recover their files.

Threat Intelligence Monitoring Dashboard

Data Loss Prevention (DLP)

Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

Tablet Enabled With DMARC Email Authentication Protocol


DMARC is an open email authentication protocol that enables domain-level protection of the email channel. DMARC authentication is designed to detect and prevent email spoofing techniques often used in phishing, business email compromise (BEC), and other email-based attacks.

Professional Using an Email Archiving System

Email Archiving

Email archiving is a system for preserving email communications in a format that can be digitally stored, indexed, searched and retrieved.

Email Filtering Keyboard Key

Email Filtering

Email Filtering is the process of filtering the inbound and outbound email traffic of an organization. For some industries, an on-premises email filtering deployment is required to comply with certain regulations.

Woman checking email on a smartphone - Secure Email Gateway

Email Gateway

A Secure Email Gateway (SEG) is a device or software that is used to monitor emails that are being sent and received. A SEG is designed to prevent unwanted email security threats and deliver good emails.

Email Security Best Practice

Email Security

Email security describes various techniques for keeping sensitive information in email communication and accounts secure against unauthorized access, loss, or compromise.

Email Encryption Definition Cover Image


In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.

EU Flag GDPR Definition Cover Photo


The European Union General Data Protection Regulation (GDPR) is a data protection ruling that took effect in 2018. It creates one set of guidance and authority to protect the personal data of all EU citizens.

Woman Using Laptop - Graymail Attacks


Graymail is bulk email that does not fit the definition of spam because it is solicited and has varying value to different recipients.

Petya Ransomware Definition Cover Photo

Petya (NotPetya)

Petya is a ransomware strain that infects Microsoft Windows-based computers. Like other forms of ransomware, Petya encrypts data on infected systems.

WannaCry Virus Definition Cover Photo


WannaCry is a virus discovered in May 2017 that struck corporate networks running Microsoft Windows as part of a massive global cyber attack. 

Email Security Policy Management Code Example


Malware is an umbrella term for various types of malicious programs that are delivered and installed on end-user systems and servers.

Phones Using Social Media Protection

Social Media Protection

Social media protection solutions prevent unauthorized access to your social media accounts, help you find accounts posing as your brand or executives and shield customers from malicious social media content.

Security Awareness Training

In broad terms, you could think of security awareness training as making sure that individuals understand and follow certain practices to help ensure the security of an organization. From this perspective, security awareness training has been around practically forever, especially when you consider the need for security in military applications.

Shadow IT

Shadow IT refers to the situation in most organizations where users deploy cloud-connected apps or use cloud services within the enterprise environment without the IT department’s knowledge or consent. Some shadow IT usage may be innocuous or even helpful. But they also create new cybersecurity risks.

Office 365 Cloud Servers

Cloud DLP

Cloud data loss prevention (DLP) helps keep an organization’s sensitive or critical information safe from cyber attacks, insider threats and accidental exposure. Cloud DLP solutions provide visibility and protection for sensitive data in SaaS and IaaS applications. Cloud DLP is a primary capability of a Cloud Access Security Broker (CASB).

Persona enfrente de una pantalla de computadora

Email Scams

Email is one of the most beneficial ways to communicate with anyone. But it is also a primary tool used by attackers to steal money, account credentials, and sensitive information.

Empleados en el trabajo usando computadoras protegidas Email Fraud Defense

Account Fraud Takeover

Account takeover fraud, also known as account compromise, occurs when a cyber attacker gains control of a legitimate account.

Someone Using Laptop Protected by Domain Discover

Indicators of Compromise

During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach. These digital breadcrumbs can reveal not just that an attack has occurred, but often, what tools were used in the attack and who’s behind them.

Spear Phishing Attack


Smishing is a form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.

Schützen Sie sich vor Business Email Compromise (BEC)-E-Mails

Email Protection

Email Protection is a combination of security technology deployment and the training of employees, associates, customers and others in how to guard against cyber attacks that infiltrate your network through email.

Cost of Compliance 2020

HIPAA Compliance

Compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) requires companies that deal with protected health information (PHI) to have physical, network, and process security measures in place and follow them.

Schützen Sie sich vor Business Email Compromise (BEC)-E-Mails


In the world of cybersecurity, a sandbox environment is an isolated virtual machine in which potentially unsafe software code can execute without affecting network resources or local applications.

Solution Hero


A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic on a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Proofpoint Cybersecurity Awareness

Cybersecurity / Network Security

Cybersecurity encompasses the technology, services, strategies, practices, policies designed to secure people, data and infrastructure from a wide range of cyber attacks.

Proofpoint Security Awareness Training

Social Media Threats

Social media offers an outlet for people to connect, share life experiences, pictures and video. But too much sharing—or a lack of attention to impostors—can lead to a compromise of business and personal accounts. 


A honeypot is a decoy computer system designed to attract cyber attackers so that security researchers can see how they operate and what they might be after.

Insider Threat Management

Email Spoofing

Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust.

Proofpoint Phishing Awareness Gartner

National Security Awareness Month

Since 2004, a group of government and private organisations gather to help bring more awareness to cybersecurity and data privacy. As organisations migrate to the cloud, cyber threats are focusing less on infrastructure and more on people.

Data Archiving

Data archiving is the process of collecting older data and moving it to a secure location so that it can be retrieved if needed in a data forensics investigation.

Professional Using E-Discovery for Regulatory Compliance


E-discovery is a form of digital investigation that attempts to find evidence in email, business communications and other data that could be used in litigation or criminal proceedings. The traditional discovery process is standard during litigation, but e-discovery is specific to digital evidence.


Most people have heard of phishing; vishing is a different attack that falls under the general phishing umbrella and shares the same goals. Vishers use fraudulent phone numbers, voice-altering software, text messages, and social engineering to trick users into divulging sensitive information.

Ad-Sync - Einfache Verwaltung der Online Schulung für Ihr Unternehmen

Cloud Security

Cloud computing—a broad term that describes the move to the cloud and a mobile workforce—has brought new security and compliance risks. Cloud account takeover, oversharing of data and usage of unapproved cloud applications present big challenges to security teams.