For email, security starts with spam, otherwise known as unsolicited email. This is often the bane of not only those who live in their email inboxes,but also of the IT administrators who manage email services. The good news is that spam filters are getting better every day and email providers tend to deploy the very latest and greatest for their customers. The bad news is that these filters still aren't perfect, which means they can catch a lot of "good" email but often vary significantly in effectiveness. Today's spam filters are based largely on machine learning (ML) as the primary method of determining what's bound for the trash bin. Given that ML gets more effective over time, it is no surprise that the services that have been around the longest tend to have better spam detection.
What about the time you clicked on that PayPal link that wasn't really a PayPal link? "Phishing" is a term applied to either websites or emails that pretend to be something they're not in hopes of getting a user to click on something they should have ignored. This tactis is done in hopes of then getting users to provide confidential information they would have otherwise kept to themselves, typically like passwords, financial information, or other personal data. While there are security measure that fight this, the mechanics behind phishing are, unfortunately, also consistently becoming more sophisticated. Even some dedicated antivirus and business-class hosted endpoint protection suites are having trouble keeping up.
×