Is your organisation ready to tackle the new challenge of QR code phishing, also known as quishing? In this TechNewsWorld article, Dr. Steve Jeffery discusses the latest carrier of choice for payloads via email.

Executive impersonation on social media is at an all-time high as threat actors take advantage of AI to improve and scale their attacks. In Q3, accounts pretending to belong to high-ranking executives on social media climbed to more than 54% of total impersonation volume, surpassing brand attacks for the first time since Fortra began tracking this data. The volume and composition of these attacks...

It’s not news that most enterprises operate in the cloud. Migration to the cloud leads to better collaboration, data storage, and lower costs compared to on-premises resources. Odds are your organization is currently enjoying the conveniences of the cloud. The cloud has reshaped the way organizations operate, but with the migration comes new obstacles in email security, and the cloud has its own...

QR phishing is currently considered a high priority risk capable of bypassing existing security controls, according to the latest article from Cyber Security Intelligence. QR Phishing, otherwise known as Quishing, is an extension of phishing attacks that is gaining popularity among threat actors who understand many email systems have difficulty reading the contents of the code. Similar to...

Threat Background & History Beginning in the first half of 2022, Fortra has monitored a significant ongoing upward trend in fraud activity originating from various Phishing-as-a-Service (PhaaS) operations. Some of these services have thrived, while the popularity of others has diminished. One PhaaS operation that has notably been present throughout the past two years is known as Strox (aka Strox...

Fortra’s PhishLabs has identified two separate incidents of new Google top-level domain (TLD) .zip used in phishing attacks. The attacks, detailed in the September issue of Cyber Defense Magazine, use .zip to impersonate a social media conglomerate and global technology company. Look-alike domains using common file extensions are increasingly used to enhance the perceived legitimacy of cyber...

Banks were targeted on social media more in Q2, after the largest spike in activity since 2021, according to Fortra’s PhishLabs. While cybercriminal focus on financial institutions remains high, the average number of social media attacks per business, per month in 2023 is trending lower than in 2022. In Q2 specifically, businesses experienced nearly 18 fewer attacks on social channels on average...

Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation...

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information. While social media...

The US healthcare sector continues to be aggressively targeted by ransomware operators. Royal and BlackCat are two of the more recent – and highly sophisticated – ransomware threats. These two new flavors of ransomware pose serious potential impacts on the healthcare sector, but there are appropriate mitigation and defense strategies that organizations can take to protect against them. What is...

Social media attacks targeting businesses have jumped 12.2% in Q1 from the previous quarter, according to Fortra’s PhishLabs. Attacks on social channels are also trending higher than Q1 2022, with the average business experiencing more than 81 attacks per month. External platforms, such as social media , are widely used by cybercriminals to engage in fraud and distribute misinformation...

Ransomware and phishing are usually put in two separate categories when cyberattack methodologies are discussed. However, ransomware operators are increasingly leveraging phishing tactics to deploy their malicious payloads, and the potential for compromise is exponentiating as a result. Ransomware and Phishing - a match made in heaven Phishing is the number one delivery vehicle for ransomware...

Social media attacks targeting organizations closed out 2022 nearly 19% higher than Q4 of 2021, according to Fortra’s PhishLabs. Social platforms continue to act as a hotbed for malicious activity, leaving organizations of all sizes vulnerable to impersonation and abuse. As of Q4, businesses can expect an average of 72.54 attacks on social media per month. PhishLabs analyzes hundreds of thousands...

Phishing sites impersonating reputable organizations continue to represent the top online threat to businesses and their brands. In Q4, Financial Institutions were targeted most by credential theft phish, experiencing the largest share of malicious sites recorded since 2021, according to Fortra’s PhishLabs. Within the group, criminals capitalized on the broad customer bases and recognizable names...

Cybercriminals are increasingly using steganography to hide malware in phishing attacks targeting businesses. Read Digital Journal’s interview with Alyn Hockey , Fortra’s VP of Product Management, to learn why this tactic is particularly difficult to detect, and what security teams can do to avoid falling victim. Check out the article here .

“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible. Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves often pretend to be C...

​Organizations face a growing danger from phishing and ransomware, which have been the most common forms of cybercrime in recent years. Most businesses have fallen victim to phishing or ransomware attacks at some point. Every business needs to act against the growing threat of phishing, the primary method through which ransomware and other malware are spread. On the bright side, organizations have...

Email fraud is on the rise. Phishing emails were the most often used attack type last year, according to numerous reports, including the ENISA Threat Landscape 2022 report. The highest financial losses are reportedly attributable to phishing and business email compromise (BEC) assaults, in which the attacker poses as a coworker or senior executive at a company via email. Email scams are so popular...

Sometimes when sending phishing simulations to our clients, we setup a reply-to address to see if people will reply to suspicious emails and many do. Many people interpret our simulations as scams and articulate that in colorful language. Others provide information that would be dangerous in the hands of a threat actor, such as contact information for the  appropriate  employee for us to connect...

In 2022, geopolitical unrest and an expanding online attack surface contributed to the emergence of several themes across the cyber landscape. Infrastructures associated with opposing ideologies were highly targeted, with government agencies, supply chains, and IOT devices falling victim to high-profile campaigns. Cybercriminals launched increasingly advanced attacks on vulnerable entities, with...