Resources

Video
Video

On-Demand Webinar: Handling Threats That Land in User Inboxes

The risk of a user receiving a socially engineered attack is higher than ever, and technological solutions often miss the most devastating of them. Though technology is both an important and required component in protecting the enterprise, security teams need to remain vigilant and educated on quickly identifying threats which make it past technology. This includes the latest social engineering...
Account Takeover Protection
Executive Protection
Online Impersonation
External Data Leaks
cyber threat defense report thumbnail
Video
Video

Key Insights from the 2023 Cyberthreat Defense Report

Eric George, Director of Solutions Engineering at Fortra, and Steve Piper, CEO of CyberEdge The 2023 Cyberthreat Defense Report provides deep insight into the perspectives of cybersecurity professionals. Join us to learn what your peers are thinking and doing Thursday, May 4, at 11 a.m. ET. Eric George, Director of Solutions Engineering at Fortra, and Steve Piper, CEO of CyberEdge, will present an...
Account Takeover Protection
Online Impersonation
Top Brand Threats and Defense Tactics
Guide
Guide

Brand Threats Masterclass

In 2024, organizations face growing brand protection challenges with online impersonation attacks targeting their assets through non-traditional means. These attacks are spanning channels not typically protected by corporate controls and leveraging AI to generate lures, making detection increasingly broad and mitigation nuanced. To better understand the top brand risks, Fortra held a roundtable...
Account Takeover Protection
External Data Leaks
Q3 Payload Report
Blog
Blog

Q3 Payload Report

By Jessica Ryan on Thu, 10/26/2023
QBot, the leading payload family in Q3, was disrupted as part of a coordinated, multinational operation led by the FBI on August 29, 2023. This resulted in the removal of 700,000 QBot payloads from infected devices across the globe, and interrupted the activity of one of the most active malware families since the former juggernaut Emotet, which was disrupted in 2021. While QBot led all other...
Account Takeover Protection
On-Demand Webinar
On-Demand Webinar

Quarterly Threat Trends & Intelligence Webinar (August 2022)

John Wilson, Senior Fellow for Threat Research at Agari by Fortra Throughout Q2, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The Quarterly Threat Trends & Intelligence Report provides an analysis of the latest findings and insights into key trends shaping the threat...
Account Takeover Protection
Executive Protection
Online Impersonation
External Data Leaks

10,000 organisations targeted by phishing attack that bypasses multi-factor authentication

10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
phishlabs_admin Thu, 01/11/2024 - 15:06
Courtesy of Tripwire by Fortra. Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them...
Account Takeover Protection
Customer Phishing Protection Couldn’t Be Easier with PhishLabs
Blog
Blog

Customer Phishing Protection Couldn’t Be Easier with PhishLabs

By Monica Delyani on Thu, 07/07/2022
It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks , such as executive or brand impersonation. According to IC3’s Internet Crime Report, over $44 million in losses in 2021 were a direct result of malicious phishing and advanced email scams. Despite billions having...
Account Takeover Protection
On-Demand Webinar
On-Demand Webinar

Quarterly Threat Trends & Intelligence Webinar (May 2022)

Throughout Q1, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The Quarterly Threat Trends & Intelligence Report provides an analysis of the latest findings and insights into key trends shaping the threat landscape. Join our Quarterly Threat Trends & Intelligence webinar...
Account Takeover Protection
Executive Protection
Online Impersonation
External Data Leaks
On-Demand Webinar
On-Demand Webinar

Quarterly Threat Trends & Intelligence Webinar (Feb 2022)

Throughout 2021, PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The PhishLabs Quarterly Threat Trends & Intelligence Report provides an analysis of the latest findings and insights into key trends shaping the threat landscape. Join our Quarterly Threat Trends & Intelligence webinar...
Account Takeover Protection
Executive Protection
Online Impersonation
External Data Leaks
On-Demand Webinar
On-Demand Webinar

Quarterly Threat Trends & Intelligence Webinar (Nov 2021)

Throughout 2021, PhishLabs has detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The PhishLabs Quarterly Threat Trends & Intelligence Report provides an analysis of the latest findings and insights into key trends shaping the threat landscape. Join our Quarterly Threat Trends & Intelligence webinar...
Account Takeover Protection
Executive Protection
Online Impersonation
External Data Leaks
The Most Prevalent Threats to Corporate Inboxes
Blog
Blog

The Most Prevalent Threats to Corporate Inboxes

Thu, 08/26/2021
Every quarter, PhishLabs analyzes and mitigates hundreds of thousands of phishing and social media attacks targeting enterprises. In this post, we discuss the top threats reaching corporate inboxes based on incidents detected and mitigated with our Suspicious Email Analysis solution. Credential Theft Credential theft continues to represent the largest share of threats targeting corporate inboxes...
Account Takeover Protection
Threat Evasion Techniques: Restricting by Interaction
Blog
Blog

Threat Evasion Techniques: Restricting by Interaction

Mon, 08/02/2021
Threat actors improve the resiliency of phishing campaigns by concealing malicious content from security teams. Avoiding detection increases an attacker’s odds of reaching more victims and achieving a more lucrative outcome. There are many types of evasion techniques that can be used individually or in tandem. In this post we discuss active evasion, restricting by interaction. Restricting by...
Account Takeover Protection
Threat Evasion Techniques: Restricting By Device
Blog
Blog

Threat Evasion Techniques: Restricting By Device

Tue, 07/27/2021
Cybercriminals use evasion techniques to bypass scanning technologies and defeat human analysis in order to extend the life of phishing campaigns. There are a variety of evasion techniques and criminals often use multiple variations in tandem. In this post, we focus on active evasion, restricting non-targets by device. Restricting by Device Active evasion is any method an attacker uses to prevent...
Account Takeover Protection
On-Demand Webinar
On-Demand Webinar

Q1 2021 Threat Trends & Intelligence Webinar

In Q1, we detected and mitigated hundreds of thousands of external threats targeting a broad range of enterprises and their brands. In this webinar, John LaCour, Founder and CTO of PhishLabs, will review the findings from analyzing these threats and provide insight into key trends shaping the threat landscape. Attendees will learn: How phishing attack volume changed in Q1 Which industries were...
Account Takeover Protection
Executive Protection
Online Impersonation
External Data Leaks
Account Takeover Attacks Cause Chaos @ Twitter
Blog
Blog

Account Takeover Attacks Cause Chaos @ Twitter

Thu, 07/16/2020
On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked to promote cryptocurrency scams. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked, including those belonging to cryptocurrency companies. What does this mean for enterprises and their security teams? Threat actors...
Account Takeover Protection
COVID-19 Phishing Update: File Sharing Services Abused to Steal Credentials
Blog
Blog

COVID-19 Phishing Update: File Sharing Services Abused to Steal Credentials

By Jessica Ryan on Tue, 05/19/2020
As enterprise workforces continue to transition to remote environments, online file sharing and cloud storage tools are becoming a frequent, if not necessary means of collaboration. While abusing these types of platforms is nothing new to threat actors, the lures they use are now taking advantage of the novel coronavirus. The two examples below demonstrate how. We are providing ongoing updates on...
Account Takeover Protection
Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack
Blog
Blog

Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack

Fri, 01/24/2020
Social media account compromise is nothing new. If you haven't had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix , almost two-thirds of US adults have had at least one social media account hacked. Another report found that 53% of social media logins are fraudulent. But what's the big deal? Your account gets hacked, you eventually...
Account Takeover Protection
Active Office 365 Credential Theft Phishing Campaign Targeting Admin Credentials
Blog
Blog

Active Office 365 Credential Theft Phishing Campaign Targeting Admin Credentials

By Jessica Ryan on Thu, 11/14/2019
PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign. In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains - an educational institution for example - not belonging to Microsoft. If the victim clicked the link, they were...
Account Takeover Protection