Courtesy of Agari by Fortra Email spoofing is one of the most common forms of cybercriminal activity, specifically a form of identity deception that's widely used in phishing and spam attacks. It underpins the mechanism required to conduct hacking activities, and it can take many forms. Unfortunately, most email users will eventually receive an email that has been spoofed—whether they know it or...

Hybrid vishing attacks have increased 500% year-over-year as cybercriminals find success using these techniques to steal sensitive information. Listen as Agari’s John Wilson discusses the latest research from Agari and PhishLabs by Fortra. Click here to listen to the podcast.

The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow. Additionally, bad actors are continuously modifying attack...

Retail brands are increasingly targeted with fraudulent advertisements, fake social accounts, and falsely branded websites. These multipronged counterfeit campaigns redirect sales and compromise consumer data using brand recognition, the same component critical to driving sales within the retail industry. The massive expansion of ecommerce and online consumer-to-retail interaction creates a...

Nearly half of stolen data on the Dark Web was marketed through Chat-Based Services in Q2 after a sharp increase in illegal transactions, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report . The advertisement and exchange of stolen information on the Dark Web is volatile due to the constant threat of disruption or seizure by authorities. Often, when one site is...

In Q2, four out of five phishing sites were staged using infrastructure that required no investment on the part of threat actors, including Compromised Sites and Free Tools and Services, according to the Agari & PhishLabs Quarterly Threat Trends & Intelligence Report. Although the volume of Paid Domain Registrations associated with phishing sites grew slightly, threat actors continue to choose no...

In Q2, Response-Based emails targeting corporate users reached the highest volume since 2020, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report . Malicious and potentially damaging emails targeting corporate inboxes have climbed to a three-quarter high, and include Response-Based scams, Credential Theft, and Malware. Every quarter, Agari and PhishLabs analyze...

In Q2, malicious attacks targeting organizations on social media have increased more than 20% over Q1, according to the latest Agari and PhishLabs’ Quarterly Threat Trends & Intelligence Report. Agari and PhishLabs analyze hundreds of thousands of phishing and social media attacks every quarter to identify the top threats targeting enterprises, their brands, and their employees. In this post, we...

In Q2, Response-Based attacks targeting corporate inboxes climbed to their highest volume since 2020, according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs . Response-Based threats such as Advanced-Fee Fraud, Business Email Compromise (BEC), and hybrid Vishing attacks all demonstrated increased volume in Q2, with Vishing specifically growing 625% over the...

Courtesy of Digital Guardian by Fortra Attackers continue to find clever new ways to disguise phishing emails. Here are 10 different ways you can identify a phishing email. While large-scale ransomware and distributed denial of service (DDoS) attacks may be taking up up the bulk of people’s cybersecurity news feeds, organizations have more to worry about than the newest and most sophisticated...

Courtesy of Agari by Fortra. Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a BEC attack . We released a report on a business email compromise (BEC) cybercriminal group named London Blue in December 2018. The report dove into the organizational structure of West African...

Cyber attacks targeting retail brands have increased dramatically over the last year. Since Q3 2021, retail has experienced a nearly 500% increase in attacks on social media alone. Counterfeit websites and look-alike domains are also among the top threats to online retailers. Attackers incorporate stolen designs and trademarks to stand up counterfeit sites, outbid legitimate businesses with...

Courtesy of Tripwire by Fortra. Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them...

Courtesy of Expert Insights Billy Smith is the Managing Director at PhishLabs by Fortra. With a wealth of experience in the IT and cybersecurity industry, Smith is an expert in using curated threat intelligence to take down cyberthreats. In his role at PhishLabs, Smith enables organizations to proactively identify and remediate threats across their digital channels, including email, social media...

Emotet contributed to just over 47% of all attacks targeting corporate users in Q2, narrowly surpassing former leader QBot. This is the first quarter Emotet has represented the majority of payload reports since its disruption in January 2021. Together, Emotet and QBot dominated payload volume, totaling more than 90% of reported payload activity. Malicious payloads distributed via phishing emails...

Courtesy of Agari by Fortra. What is Email Spoofing? Email spoofing is one of the most common forms of cybercriminal activity, specifically a form of identity deception that’s widely used in phishing and spam attacks. It underpins the mechanism required to conduct hacking activities, and it can take many forms. Unfortunately, most email users will eventually receive an email that has been spoofed...

It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks , such as executive or brand impersonation. According to IC3’s Internet Crime Report, over $44 million in losses in 2021 were a direct result of malicious phishing and advanced email scams. Despite billions having...

The financial services cybersecurity environment is extremely complex, with a dizzying number of often-overlapping regulations, ongoing threats, and understaffed teams trying to manage it all. Despite paying significant attention to security, many organizations continue to be the targets of advanced persistent threats, fraud, sophisticated phishing campaigns, and other bold efforts to access the...

In Q1, the exchange of sensitive data on Carding Marketplaces and Forums increased as government seizure of multiple Dark Web sites prompted a shift in where actors conduct illegal activities, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report. These sites specialize in the trafficking of stolen credentials and data such as usernames, passwords, banking, and account...

In Q1, more than 51% of phishing sites abused paid services, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report. This is the first time in five consecutive quarters where the majority of phishing sites were staged using Paid Domain Registrations or Compromised Sites. Phishing volume as a whole continues to increase in 2022 in comparison to the same time period last...