#email security

Security awareness tips, industry news, and product updates.

Reviewing employee-reported emails
Threat IntelligenceProduct Updates

Reported Email Review: Turning Employees Into Sensors

When employees report suspicious emails through the empowsec Outlook or Gmail add-in, those reports land in an admin review queue where security teams can classify each one and build real threat intelligence from what is actually reaching inboxes.

Marcus Chen·7/5/2026·8 min read
Reporting a phishing email from Outlook
Phishing & Social EngineeringProduct Updates

Report Phishing from Outlook: The empowsec Add-In Guide

empowsec's Outlook add-in gives employees a one-click 'Report phishing' button in their inbox - capturing email headers and content for review while instantly rewarding employees who correctly identify a simulation.

Marcus Chen·7/3/2026·8 min read
An employee carefully reading an email thread on an office computer
Phishing & Social EngineeringThreat Intelligence

Thread Hijacking: Phishing From Inside Trusted Emails

Thread hijacking lets attackers reply inside a real email conversation, with a familiar subject, history, and trusted sender. It defeats the 'unknown sender' instinct. Here is how to spot it.

Elena Vasquez·7/1/2026·7 min read
Close inspection of a web address on a laptop screen with a magnifying glass
Phishing & Social EngineeringThreat Intelligence

Lookalike Domains & Typosquatting: A Defense Guide

An 'rn' that reads as an 'm', an extra word, a wrong TLD — lookalike domains impersonate trusted brands in phishing and brand abuse. Here is how to spot them and the controls that blunt them.

David Kowalski·6/22/2026·7 min read
A simulated phishing landing page used for training
Phishing & Social EngineeringProduct Updates

Phishing Landing Pages, Credential Capture, and Tracking

empowsec tracks every step of a simulated phishing attack - from the pixel that records an open to the fake login form that records a credential submission - and turns each event into a learning opportunity.

Marcus Chen·6/13/2026·7 min read
Editing a localized phishing email template
Phishing & Social EngineeringProduct Updates

Phishing Template Library: Localization and Import/Export

empowsec's phishing template library lets you build, translate, import, and export realistic lure emails - so every simulation reaches each employee in their own language.

Marcus Chen·6/9/2026·7 min read
Security team reviewing a phishing simulation dashboard
Phishing & Social EngineeringProduct Updates

Phishing Simulation Campaigns: A Complete Overview

Phishing simulation campaigns let you measure and improve how your employees respond to real-world lures - safely, at scale, and with the data to prove it is working.

Marcus Chen·6/7/2026·6 min read
Marketing employee reviewing a social media account alert on a laptop
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Facebook Phishing Through Google: What Teams Should Do

A new campaign abused Google AppSheet emails to steal Facebook business accounts at scale. Here is what your team should watch for and how empowsec helps build the right response habits.

Marcus Chen·5/5/2026·7 min read
Employee reporting a suspicious email from their Gmail inbox
Security Awareness TipsProduct Updates

Report Suspicious Emails Directly from Gmail with empowsec

Our new Google Workspace add-on lets employees report phishing, spam, and suspicious emails with one click — right from their Gmail inbox. Here's how it works and why it matters.

Marcus Chen·5/2/2026·6 min read
Aerospace technology and rocket engineering facility representing the defense software targeted in the spear-phishing campaign
Phishing & Social EngineeringThreat Intelligence

Chinese Spy Used Spear Phishing to Steal NASA Defense Software

A Chinese national posed as U.S.-based researchers for years, using spear-phishing emails to trick NASA employees and military personnel into handing over restricted aerospace software. The case is a masterclass in why identity verification matters.

Marcus Chen·4/30/2026·7 min read
A colorful party invitation envelope being opened, symbolizing a potential phishing scam
Phishing & Social EngineeringSecurity Awareness Tips

Fake Party Invitations Are the Newest Phishing Trap

Cybercriminals are spoofing Paperless Post, Evite, and Punchbowl to send fake party invitations that exploit your fear of missing out. Here's how the scam works and how to protect yourself.

Rachel Andersen·4/29/2026·7 min read
Person scanning a QR code on a smartphone with a laptop open in the background
Phishing & Social EngineeringSecurity Awareness TipsThreat Intelligence

Quishing in 2026: The QR Phishing Tricks Your Tools Still Miss

QR code phishing has evolved far beyond a simple scan-and-steal. Split codes, Unicode fakes, CAPTCHA gates, and state-sponsored campaigns are rewriting the rulebook — and most security stacks still can't read a QR code.

Elena Vasquez·4/22/2026·13 min read
« Previous12Next »