Phishing sites impersonating reputable organizations continue to represent the top online threat to businesses and their brands. In Q4, Financial Institutions were targeted most by credential theft phish, experiencing the largest share of malicious sites recorded since 2021, according to Fortra’s PhishLabs. Within the group, criminals capitalized on the broad customer bases and recognizable names...

Cybercriminals are increasingly using steganography to hide malware in phishing attacks targeting businesses. Read Digital Journal’s interview with Alyn Hockey, Fortra’s VP of Product Management, to learn why this tactic is particularly difficult to detect, and what security teams can do to avoid falling victim. Check out the article here. if(window.strchfSettings === undefined) window...

Whaling phishing attacks specifically target C-suite executives, putting highly sensitive, mission-critical data at serious risk. These sophisticated scams often involve cybercriminals impersonating executives to deceive employees into revealing confidential information or executing fraudulent transactions. Because they focus on high-value individuals and assets, these attacks pose a significant...

​Organizations face a growing danger from phishing and ransomware, which have been the most common forms of cybercrime in recent years. Most businesses have fallen victim to phishing or ransomware attacks at some point. Every business needs to act against the growing threat of phishing, the primary method through which ransomware and other malware are spread. On the bright side, organizations have...

​ We're going to delve into what the meaning of SPF for email is, how to implement it, the benefits of deploying it, and how to further protect your email-sending domains. What is SPF for Email? Sender Policy Framework (SPF) is an email authentication standard that domain owners use to specify the email servers they send email from, making it harder for fraudsters to spoof sender information....

Email fraud is accelerating and evolving. In 2024 alone, phishing remained the most common type of cyberattack, and business email compromise (BEC) caused more than $2.7 billion in losses across over 21,000 reported incidents. Despite the growing awareness, email continues to be a prime entry point for cybercriminals for one simple reason: we rely on it constantly. It's how we send invoices, share...

Phishing remains one of the most effective and widespread tactics used by cybercriminals to deceive victims and gain access to sensitive information. While phishing can occur through text messages (SMiShing), social media platforms, or phone calls, email continues to be the most common vector. With AI tools making it easier to craft convincing, personalized messages at scale, phishing campaigns...

When it comes to email authentication standards, should you use DKIM, SPF, or both? We’re going to cover these terms, when you should use them, what they do—and how best to protect your email domains. Is it Either/Or—or Both? Should the battle really be SPF vs. DKIM? While not mandatory, it’s highly recommended to use both SPF and DKIM to protect your email domains from spoofing attacks and...

Phishing remains one of the most common cyberattacks, used to steal personal data or gain access to business networks. These deceptive emails trick recipients into clicking malicious links or opening attachments carrying malware or ransomware. In the case of business email compromise (BEC), attackers impersonate trusted colleagues or vendors to prompt recipients into taking immediate action.As...

QBot was the most reported payload targeting employee inboxes in Q4, according to Fortra’s PhishLabs. This is the fourth consecutive month QBot has led malware activity as bad actors target organizations with a steady stream of high-volume attack campaigns. QBot previously represented the second most reported payload family, trailing behind RedLine Stealer in Q3.Email payloads remain the primary...

Sometimes when sending phishing simulations to our clients, we setup a reply-to address to see if people will reply to suspicious emails and many do. Many people interpret our simulations as scams and articulate that in colorful language. Others provide information that would be dangerous in the hands of a threat actor, such as contact information for the appropriate employee for us to connect...

In this DKIM setup guide, we’ll walk you through the steps on how to set up DKIM correctly, test it, avoid common pitfalls, and fix common mistakes. In case you’re new to DKIM, or DomainKeys Identified Mail, we’ll start with a high-level overview before getting to the step-by-step instructions, but you can first look up your DKIM record here. What is DKIM? A Brief Introduction DKIM is a...

In this post, we’ll briefly explain what a DMARC policy is, how to set up your DMARC email record, what the three types of DMARC policies are and when to implement each one, and how to diagnose and fix any issues associated with it. Basically, your DMARC policy tells email receivers what to do with illegitimate or possibly fraudulent emails—whether to reject, quarantine, or accept them. Overall,...

In 2022, geopolitical unrest and an expanding online attack surface contributed to the emergence of several themes across the cyber landscape. Infrastructures associated with opposing ideologies were highly targeted, with government agencies, supply chains, and IOT devices falling victim to high-profile campaigns. Cybercriminals launched increasingly advanced attacks on vulnerable entities, with...

Facebook. X. Instagram. LinkedIn. YouTube. TikTok. Threads. The list keeps growing. Whether you’re a fan or a critic, there's no denying that social media platforms have become essential communication channels for individuals and organizations alike. Unfortunately, cybercriminals are exploiting the same platforms — drawn by their immense reach, anonymity, and low cost of entry. Social media has...

Criminals continue to exploit the urgency around major gift-giving seasons like Black Friday, Cyber Monday, Christmas, and Hanukkah. Counterfeit activitynow surges by more than 50% from September through November, with a 27% spike in November alone. These sophisticated threats impersonate trusted brands across social media platforms and the open web, targeting consumers through deceptive ads, look...

In Q3, Credit Unions nearly overtook National Banks as the top targeted industry on the Dark Web, according to recent data from Fortra’s PhishLabs. Credit Unions have been increasingly targeted on underground channels, with Q3 2022 representing the highest incident count for the industry in four consecutive quarters.Compromised data associated with Financial Institutions as a whole is consistently...

In Q3, the volume of social media attacks targeting the average business was 40.4% higher than the same time last year, according to the latest data from Fortra’s PhishLabs. Social media attack volume has grown significantly year-over-year with the average business in 2022 experiencing 84.5 malicious incidents per month versus 50.59 in 2021. Fortra analyzes hundreds of thousands of social media...

The volume of malicious emails reported in corporate inboxes has reached a four-quarter high, according to the latest data from Fortra’s PhishLabs. These threats are largely composed of Response-Based, Credential Theft, and Malware attacks targeting employees.Every quarter, Fortra analyzes hundreds of thousands of phishing and social media attacks targeting enterprises, brands, and employees. In...