Phish of the Week: Coming Soon to an Inbox Near You

COVID-19 Scams Have a New Plot

The vaccine is finally here. And so are the attackers…

The Department of Homeland Security and FBI are officially warning of cyber fraud as the COVID-19 vaccines near FDA approval. And we’re already starting to see this new twist in phishing land in inboxes.

The vaccine scams will ultimately follow the standard COVID-19 hacker behaviors – preying on fear, near-flawless impersonation of a trusted organization, and — ultimately — dissemination of malware or ransomware with disastrous impact.

But what’s different in this phase is our patience. It’s waning. Your employees are excited (possibly desperate) for a pandemic-free life. And there is no better ransomware target than an emotional and distracted employee.

As cybersecurity professionals, we must remain extra-diligent. And we must do everything possible to intercept the source of these cyber threats – phishing.

Read on for proven ways to get ahead of these attacks and protect your employees.

The Struggle to Not Click is Real

The health sector isn’t the only one being plagued by Trickbot and Ryuk ransomware. Our security research team recently detected a persistent Trickbot campaign that exploits fears about job loss (how can you not click an HR email in times like these?), and lures victims to click on a link that drops malware infections by way of Trickbot.

Read the blog for in-depth details of the campaigns, how our time-zero detections uncovered it, and what you can do to protect yourself from similar phish. (4 min)

Shocker! BEC is Back in the News

Business Email Compromise (BEC) is the FBI’s focus in their latest warning about email auto-forwards. In this recent video,, we explain how BEC attacks have become more difficult-to-detect over time, and the six things you need to know to protect against BEC threats.

Watch the video (18 min)

Frameworks…A Love Story

Many organizations look to security frameworks to strategize protection against today’s cybercrime. Check out this blog to hear from former Guess? CISO and Area 1 product expert about leaning on – not worshipping – the MITRE ATT&CK and other frameworks and how to use them as guardrails (not rules) to secure your organization.

Read the blog (3 min)


Shalabh Mohan

VP, Product at Area 1

With a career spanning 20 years fighting bad guys online, Shalabh leads all product and go-to-market functions at Area 1 Security, with extensive prior experience across security, enterprise, and cloud infrastructure companies such as Aspen Networks, IronPort Systems, Cisco and Bracket Computing. Shalabh and his teams have taken products from conception all the way to large scale businesses; and in the process have consistently helped make the Internet a safer place. An alumnus of Stanford University and the University of Texas at Austin, Shalabh holds five patents and can claim to know something about enterprise infrastructure and security.

How to replace your email gateway with Cloudflare Area 1

Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.