PhishLabs has recently observed attacks targeting enterprises with Emotet payloads for the first time since January, when coordinated efforts by authorities to disrupt operations led this family of threat actors to halt activity.Emotet’s primary function is providing malicious software initial access to compromised systems. It is one of the most widely distributed and well-connected malware...

Phishing attacks targeting consumers during 2021 have increased nearly 32% from 2020, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. While trends have been erratic, multiple spikes in activity continue to make phishing the most dominant attack method on the threat landscape. Threat actors are experimenting with a variety of tactics to target enterprises with these attacks,...

Vishing attacks targeting corporate users have more than doubled for the second consecutive quarter, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Response-Based attacks such as these are increasingly targeting corporate users and stand alongside email-based Credential Theft and Malware attacks to make up the top attack vector targeting enterprises.Every quarter, PhishLabs...

Ransomware has evolved into a booming underground economy — low risk, minimal barriers, and high rewards. Fueled by a sophisticated dark web marketplace, attackers now outsource critical components of their operations to specialized threat actors. Among the most notorious are Initial Access Brokers (IABs), ransomware affiliates who profit by selling direct access to compromised networks. In this...

Vishing attacks have more than doubled for the second consecutive quarter, according to the PhishLabs Quarterly Threat Trends & Intelligence Report. The November 2021 report uses hundreds of thousands of attacks analyzed and mitigated by PhishLabs to identify the top threats targeting brands and determine emerging trends throughout the threat landscape.Key Findings of the Quarterly Threat Trends &...

Multi-stage vishing attacks have more than doubled since Q2, overtaking BEC attacks as the second most reported response-based threat. These two-pronged attacks differ from conventional vishing by combining malicious emails and phone calls to trick victims into disclosing sensitive information. Emails associated with these campaigns are particularly adept at getting past attack controls because...

Malware delivered via email continues to be the primary source of damaging ransomware attacks targeting businesses and their brands. The malware threat landscape has been tumultuous over the course of 2021, with unskilled actors enjoying a lower barrier to entry through as-a-service models, allowing easy access to proven and sophisticated malicious software. These tools are in a constant state of...

Fake mobile apps are more sophisticated and more dangerous than ever. Cloned and spoofed mobile applications flood both official and third-party app stores, exploiting brand trust to trick users into downloading malware. These imposters don’t just erode brand equity; they expose users to serious data breaches. And with mobile users often skipping basic security precautions, the risk of compromise...

Financial institutions have experienced a 15.3% increase in share in phishing attacks, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. This increase establishes financial services as the top targeted industry and shows threat actors continue to place high value on compromised banking credentials. In this post, we take a look at the tools and infrastructure used by threat...

Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Every quarter, PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting enterprises to identify key trends in the threat landscape. In this piece we take a look at phishing volume, industries targeted, and how attacks are being staged.2021 Phishing...

Domains remain one of the most exploited tools in the hands of threat actors, fueling phishing schemes and victim manipulation. In our latest Quarterly Threat Trends & Intelligence Report, we uncover how attackers are weaponizing Legacy Generic (gTLD) and Country Code (ccTLD) top-level domains — along with HTTPS and free security certificates — to infiltrate and target enterprises. Top-level...

Social media threats targeting enterprises have increased 47% since January 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report. While the attack volume varies by industry, today the average organization is being targeted on social media with increasing frequency.Every quarter, PhishLabs analyzes and mitigates hundreds of thousands of phishing and social media attacks...

Every quarter, PhishLabs analyzes and mitigates hundreds of thousands of phishing and social media attacks targeting enterprises. In this post, we discuss the top threats reaching corporate inboxes based on incidents detected and mitigated with our Suspicious Email Analysis solution.Credential TheftCredential theft continues to represent the largest share of threats targeting corporate inboxes....

Brand threats account for 68% of fraud-related cyber-attacks and social media has become one of the most dangerous battlegrounds. According to the Global Anti-Scam Alliance, over $1.03 trillion was lost to scams in 2024, with a significant portion tied to social media fraud and brand impersonation.Unlike traditional cyberattacks that target internal infrastructure, brand threats live outside an...

Phishing volume in 2021 continues to outpace last year by 22%, according to PhishLabs Quarterly Threat Trends & Intelligence Report. The August 2021 report uses data from hundreds of thousands of attacks analyzed and mitigated by PhishLabs to identify the most recent top threats targeting brands and determine emerging trends throughout the threat landscape.Key Findings of the Quarterly Threat...

One piece of evidence that adds value to investigating social media threats is the threat actor’s chosen username. Usernames can hold meaning to the individual, and as a result provide useful information when expanding investigations to different social platforms. As we covered in our last OSINT post, connecting all known social media accounts to one user is a critical step in determining risk,...

Phishing attacks are becoming more elusive and more dangerous. To extend the life of their campaigns and increase success rates, threat actors employ evasion techniques designed to hide malicious content from security teams. By avoiding detection, attackers boost their chances of reaching more victims and profiting from compromised accounts or stolen data.One increasingly common approach is...

Cybercriminals use sophisticated evasion tactics to outsmart security scanners and human detection — prolonging the life of phishing campaigns. These techniques are often layered for maximum effect. In this post, we spotlight one such method: active evasion, where access is restricted based on device type to block non-targets and avoid exposure.Restricting by DeviceActive evasion refers to...

In Q2, ransomware made headlines with multiple high-profile attacks and tactics. The largest infrastructure shutdown in U.S. history brought the East Coast to a halt, operators doubled up on ransomware strains, and reported attacks are on track to beat 2020, with numbers already surpassing Q1 by 38%.As ransomware continues to drive data loss and fraud for enterprises and their brands, PhishLabs is...

Evasion techniques are methods attackers deploy to extend the life of phishing campaigns. The longer a threat is active, the more opportunity it has to claim victims.Attackers have two objectives when applying evasion techniques:Defeat automated scanning technologies designed to quickly shut down or prevent attacks from going live.Increase the time, cost, and complexity required for security...