Resources

Guide
Guide

Disrupt Counterfeit Threats

A Digital Risk Protection Playbook Counterfeit threats, such as fraudulent ads and look-alike domains, are on the rise especially with the expansion of e-commerce and online consumer-to-business interaction. However, the collection and mitigation of counterfeit activity can be complicated. Prioritizing relationships with platforms and providers along with collecting data showing evidence of abuse...
Video
Video

Emerging Threats: Disrupt Counterfeit Activity Targeting Retail Brands

Eric George, Director of Solution Engineering at PhishLabs As retail brands expand their online presence to selling goods and engaging with consumers, threat actors are leveraging the credibility of reputable organizations to profit off of cannibalized sales. Counterfeit storefronts mimic legitimate brands using look-alike domains, copyrighted content, and stolen intellectual property. Threat...
Online Impersonation
Free Domain Abuse Plummets in Q1 as Staging Methods Shift
Blog
Blog

LastPass and Fortra’s PhishLabs Work Together to Protect Customers From Phishing Scams

Tue, 09/26/2023
One of our Digital Risk Protection service customers, LastPass, is committed to monitoring the cyber threat environment to keep our customers as secure as possible. To highlight this commitment, we want to call attention to recent joint efforts to disrupt a phishing campaign targeting LastPass customers and associates that began two weeks ago. We are sharing this with you not because it is a new...
Phishing Sites Impersonating Social Media Jump in Q2
Blog
Blog

Phishing Sites Impersonating Social Media Jump in Q2

By Jessica Ryan on Thu, 08/10/2023
In Q2, phishing attacks targeting social media platforms increased more than 23%, according to Fortra’s PhishLabs. This is the greatest volume of attacks on social media in two years and puts the industry ahead of historically top targeted financial institutions. Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this...
Social Media Security Awareness: What you Should Know
Blog
Blog

Social Media Security Awareness: What you Should Know

Thu, 08/03/2023
The latest Verizon Data Breach Investigations report indicates that over 70% of data breaches involved the human element. Cybercriminals exploit people to trick them into clicking unsafe links, opening malicious attachments, entering their credentials into bogus login pages, sharing sensitive data, and authorizing fraudulent fund transfers. One area where many exploits take place is on social...
On-Demand Webinar
On-Demand Webinar

Inside the World of Social Media Phishing: Financial Scams

On a daily basis, most people will use some form of social media. From checking photos of your friends and pets, to communicating with coworkers and loved ones, social media is a large part of the connected world. Unfortunately, this also means that the more social media is used, the more likely that threat actors will try to exploit it. Join us as we discuss how social media is abused for...
On-Demand Webinar
On-Demand Webinar

Social Media Intelligence: Real World Threats, Real World Impact

Each day, 3.5 billion people use some form of social media. This is close to half of the global population. Because of the wide spread use and adoption of these various platforms, threat actors are increasing the abuse of both the brands and their accounts faster than any other digital medium. Moreover, most platforms lack the necessary security controls to protect their users. This creates a...
The Science Behind the Scenes: How Machine Learning Combats Phishing Attacks and BEC
Blog
Blog

The Science Behind the Scenes: How Machine Learning Combats Phishing Attacks and BEC

Thu, 07/20/2023
Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation...
Top Tactics of BEC Attacks in 2023
Blog
Blog

Top Tactics of BEC Attacks in 2023

By Jessica Ryan on Thu, 04/27/2023
Email impersonation is the fastest growing and most successful means of bypassing email security controls. In Q4 2022, the response-based and credential theft attacks that make up email impersonation reached their highest percentage of share of all email threat volume, contributing to more than 97% of attacks reported by end users. In this series, we look at the top email impersonation threats...
What to Know About Business Email Compromise (BEC) Scams
Blog
Blog

What to Know About Business Email Compromise (BEC) Scams

Thu, 04/06/2023
Business email compromise (BEC) is a dangerous type of email spoofing that targets businesses, aiming to damage them in some way. Overall, BEC “is one of the most financially damaging online crimes,” according to a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of...
More than Half of All Phishing Sites Impersonate Financials in Q4
Blog
Blog

More than Half of All Phishing Sites Impersonate Financials in Q4

By Jessica Ryan on Thu, 02/16/2023
Phishing sites impersonating reputable organizations continue to represent the top online threat to businesses and their brands. In Q4, Financial Institutions were targeted most by credential theft phish, experiencing the largest share of malicious sites recorded since 2021, according to Fortra’s PhishLabs. Within the group, criminals capitalized on the broad customer bases and recognizable names...
What Is an Enterprise’s Secondary Line of Defense Against Phishing Emails?
Blog
Blog

What Is an Enterprise’s Secondary Line of Defense Against Phishing Emails?

Mon, 01/23/2023
One of the most popular attack strategies used by criminals to mislead consumers into doing the wrong thing is phishing. Phishing can occur via text message (SMS or instant messaging apps, coined SMiShing), social media or via phone, but email-based attacks are the ones most often linked to the term. It's easy for phishing emails to reach millions of users at once and to blend in with the many...
What Is an Enterprise’s Primary Line of Defense Against Phishing Emails?
Blog
Blog

What Is an Enterprise’s Primary Line of Defense Against Phishing Emails?

By Monica Delyani on Wed, 01/18/2023
Phishing is one of the most prevalent forms of cyberattack used by bad threat actors to either steal personal data, or to gain entrance into a business’ network. These surreptitious and malicious email messages trick unsuspecting recipients into clicking a link or opening an attachment that contains malware, ransomware, or in the case of Business Email Compromise (BEC) , employs impersonation...
Holiday Season Triggers Rise in Counterfeit Activity
Blog
Blog

Holiday Season Triggers Rise in Counterfeit Activity

Thu, 12/08/2022
Criminals are capitalizing on the urgency behind gift-giving celebrations such as Black Friday, Cyber Monday, Christmas, and Hanukkah. Counterfeit activity has grown more than 50% from September through November, with a 27% increase over the course of November alone, according to Fortra’s PhishLabs. These threats are impersonating brands on social media and the open web to target consumers with...
Financials See Increase in Phishing Attacks, Compromised Sites Lead Staging Methods in Q3
Blog
Blog

Financials See Increase in Phishing Attacks, Compromised Sites Lead Staging Methods in Q3

By Jessica Ryan on Thu, 11/10/2022
In Q3, nearly 80% of threat actors opted to compromise existing websites or abuse free tools when staging phishing sites, according to the latest data from Fortra’s PhishLabs. While Compromised Sites represented the lion’s share of staging activity, URL Shorteners, Free Domain Registrations, and Developer Tools all experienced increased abuse in Q3 and pointed to sustained criminal interest in no...
How to Mitigate Online Counterfeit Threats
Blog
Blog

How to Mitigate Online Counterfeit Threats

Thu, 09/22/2022
The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow. Additionally, bad actors are continuously modifying attack...
How to Collect Intelligence on Threats Targeting Retail Brands
Blog
Blog

How to Collect Intelligence on Threats Targeting Retail Brands

Thu, 09/15/2022
Retail brands are increasingly targeted with fraudulent advertisements, fake social accounts, and falsely branded websites. These multipronged counterfeit campaigns redirect sales and compromise consumer data using brand recognition, the same component critical to driving sales within the retail industry. The massive expansion of ecommerce and online consumer-to-retail interaction creates a...
Q2 Phishing Volume Up, Compromised Sites Lead Staging Methods
Blog
Blog

Q2 Phishing Volume Up, Compromised Sites Lead Staging Methods

By Jessica Ryan on Thu, 09/01/2022
In Q2, four out of five phishing sites were staged using infrastructure that required no investment on the part of threat actors, including Compromised Sites and Free Tools and Services, according to the Agari & PhishLabs Quarterly Threat Trends & Intelligence Report. Although the volume of Paid Domain Registrations associated with phishing sites grew slightly, threat actors continue to choose no...
On-Demand Webinar
On-Demand Webinar

Quarterly Threat Trends & Intelligence Webinar (August 2022)

John Wilson, Senior Fellow for Threat Research at Agari by Fortra Throughout Q2, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The Quarterly Threat Trends & Intelligence Report provides an analysis of the latest findings and insights into key trends shaping the threat...
Account Takeover Protection
Executive Protection
Online Impersonation
External Data Leaks
New Report Documents Highest Volume of Response-Based Email Threats Since 2020
Blog
Blog

New Report Documents Highest Volume of Response-Based Email Threats Since 2020

By Jessica Ryan on Mon, 08/15/2022
In Q2, Response-Based attacks targeting corporate inboxes climbed to their highest volume since 2020, according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs . Response-Based threats such as Advanced-Fee Fraud, Business Email Compromise (BEC), and hybrid Vishing attacks all demonstrated increased volume in Q2, with Vishing specifically growing 625% over the...