Executive impersonation on social media is at an all-time high as threat actors take advantage of AI to improve and scale their attacks. In Q3, accounts pretending to belong to high-ranking executives on social media climbed to more than 54% of total impersonation volume, surpassing brand attacks for the first time since Fortra began tracking this data. The volume and composition of these attacks...

One of our Digital Risk Protection service customers, LastPass, is committed to monitoring the cyber threat environment to keep our customers as secure as possible. To highlight this commitment, we want to call attention to recent joint efforts to disrupt a phishing campaign targeting LastPass customers and associates that began two weeks ago. We are sharing this with you not because it is a new...

Banks were targeted on social media more in Q2, after the largest spike in activity since 2021, according to Fortra’s PhishLabs. While cybercriminal focus on financial institutions remains high, the average number of social media attacks per business, per month in 2023 is trending lower than in 2022. In Q2 specifically, businesses experienced nearly 18 fewer attacks on social channels on average...

In Q2, phishing attacks targeting social media platforms increased more than 23%, according to Fortra’s PhishLabs. This is the greatest volume of attacks on social media in two years and puts the industry ahead of historically top targeted financial institutions. Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this...

The latest Verizon Data Breach Investigations report indicates that over 70% of data breaches involved the human element. Cybercriminals exploit people to trick them into clicking unsafe links, opening malicious attachments, entering their credentials into bogus login pages, sharing sensitive data, and authorizing fraudulent fund transfers. One area where many exploits take place is on social...

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information. While social media...

Social media attacks targeting businesses have jumped 12.2% in Q1 from the previous quarter, according to Fortra’s PhishLabs. Attacks on social channels are also trending higher than Q1 2022, with the average business experiencing more than 81 attacks per month. External platforms, such as social media , are widely used by cybercriminals to engage in fraud and distribute misinformation...

Email impersonation is the fastest growing and most successful means of bypassing email security controls. In Q4 2022, the response-based and credential theft attacks that make up email impersonation reached their highest percentage of share of all email threat volume, contributing to more than 97% of attacks reported by end users. In this series, we look at the top email impersonation threats...

Business email compromise (BEC) is a dangerous type of email spoofing that targets businesses, aiming to damage them in some way. Overall, BEC “is one of the most financially damaging online crimes,” according to a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of...

Social media attacks targeting organizations closed out 2022 nearly 19% higher than Q4 of 2021, according to Fortra’s PhishLabs. Social platforms continue to act as a hotbed for malicious activity, leaving organizations of all sizes vulnerable to impersonation and abuse. As of Q4, businesses can expect an average of 72.54 attacks on social media per month. PhishLabs analyzes hundreds of thousands...

Phishing sites impersonating reputable organizations continue to represent the top online threat to businesses and their brands. In Q4, Financial Institutions were targeted most by credential theft phish, experiencing the largest share of malicious sites recorded since 2021, according to Fortra’s PhishLabs. Within the group, criminals capitalized on the broad customer bases and recognizable names...

One of the most popular attack strategies used by criminals to mislead consumers into doing the wrong thing is phishing. Phishing can occur via text message (SMS or instant messaging apps, coined SMiShing), social media or via phone, but email-based attacks are the ones most often linked to the term. It's easy for phishing emails to reach millions of users at once and to blend in with the many...

Phishing is one of the most prevalent forms of cyberattack used by bad threat actors to either steal personal data, or to gain entrance into a business’ network. These surreptitious and malicious email messages trick unsuspecting recipients into clicking a link or opening an attachment that contains malware, ransomware, or in the case of Business Email Compromise (BEC) , employs impersonation...

Facebook. Twitter. Instagram. LinkedIn. YouTube. Pinterest. Mastodon. The list goes on. Whether you love or loathe social media, these platforms have become integral to how we communicate as individuals and businesses. Cybercriminals have also taken note, embracing these communication channels wholeheartedly to reach vast audiences quickly, anonymously, and cheaply, successfully defrauding targets...

In Q3, the volume of social media attacks targeting the average business was 40.4% higher than the same time last year, according to the latest data from Fortra’s PhishLabs. Social media attack volume has grown significantly year-over-year with the average business in 2022 experiencing 84.5 malicious incidents per month versus 50.59 in 2021. Fortra analyzes hundreds of thousands of social media...

In Q3, nearly 80% of threat actors opted to compromise existing websites or abuse free tools when staging phishing sites, according to the latest data from Fortra’s PhishLabs. While Compromised Sites represented the lion’s share of staging activity, URL Shorteners, Free Domain Registrations, and Developer Tools all experienced increased abuse in Q3 and pointed to sustained criminal interest in no...

The financial industry continues to experience the largest volume of abuse among all industries on social media. In Q3 banks, credit unions, and other F.I.’s contributed to nearly three-quarters of all attacks on social platforms, with national banks alone more than tripling the volume of the top targeted non-financial, retail. The top threats to financial institutions on social media consist of...

In Q2, four out of five phishing sites were staged using infrastructure that required no investment on the part of threat actors, including Compromised Sites and Free Tools and Services, according to the Agari & PhishLabs Quarterly Threat Trends & Intelligence Report. Although the volume of Paid Domain Registrations associated with phishing sites grew slightly, threat actors continue to choose no...

In Q2, malicious attacks targeting organizations on social media have increased more than 20% over Q1, according to the latest Agari and PhishLabs’ Quarterly Threat Trends & Intelligence Report. Agari and PhishLabs analyze hundreds of thousands of phishing and social media attacks every quarter to identify the top threats targeting enterprises, their brands, and their employees. In this post, we...

In Q2, Response-Based attacks targeting corporate inboxes climbed to their highest volume since 2020, according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs . Response-Based threats such as Advanced-Fee Fraud, Business Email Compromise (BEC), and hybrid Vishing attacks all demonstrated increased volume in Q2, with Vishing specifically growing 625% over the...