A SquareX study found inadequacies of major email providers in protecting users against malicious document-based threats.
In a sample of 100 malicious documents sent via a third-party email provider, ProtonMail, to several major email providers, the study revealed Google and Outlook were not able to detect modified malicious documents containing readily accessible attack tools, even though demonstrating basic detection capabilities in identifying unmodified malicious document samples.
Startling finding
The findings exposed a cybersecurity loophole posing a potential threat to users globally and revealing inadequacies in detecting and intercepting emerging threats.
"The inadvertent discovery of this significant lapse in email security during our product enhancement process was startling," shared Vivek Ramachandran, the founder and CEO of SquareX. "Our intention in making these findings public is to ignite a dialogue on the urgent need for reinforced security measures and encourage email providers to either elevate their security protocols or transparently acknowledge their current limitations," added Vivek.
Bridging security gap
SquareX has introduced an advanced in-browser malicious document scanning feature as a part of its browser extension to address inadequacies. The company invites other companies to join them in safeguarding web activities against potential threats and bolstering cybersecurity.