Hybrid Vishing attacks have increased 554% in volume, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Response-Based attacks such as these, combined with Credential Theft and Malware Delivery, collectively represent the top online attack vector targeting corporate users. Every quarter, PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting...

Social media threats targeting enterprises more than doubled last year. Attacks on the retail industry specifically have grown, as threat actors are targeting victims with impersonation and counterfeit ad campaigns. Purchasing behavior is increasingly influenced by social media, making it an attractive vector for these kinds of campaigns. The tendency of social media users to consume information...

Social Media attacks targeting organizations increased 103% in 2021, according to PhishLabs’ Threat Trends & Intelligence Report. The February 2022 report uses hundreds of thousands of threats analyzed and mitigated by PhishLabs to identify the top phishing and social media attacks targeting enterprises, employees, and their brands, as well as determine emerging trends throughout the threat...

Qbot and ZLoader payloads targeting enterprises contributed to almost 89% of email-based malware volume in Q4. Malware variants attributed to attacks continue to fluctuate from quarter to quarter, often dramatically, as criminal families combine or outsource operations to maximize their odds of lucrative campaigns. Qbot and ZLoader previously led payload volume in Q2 and Q1 (respectively) of 2021....

In Q3, more than 75% of threats observed on the Dark Web were related to stolen credit card and debit card data, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. While there are significant volumes of malicious activity targeting industries on the Dark Web, the extensive nature of credit card fraud makes this threat type the most pervasive. Every quarter, PhishLabs analyzes...

Attacks targeting enterprises on Social Media have increased 82% since January, according to PhishLabs Quarterly Threat Trends & Intelligence Report. Threat actors are increasingly abusing Social Media to launch attacks, as lack of security vigilance among users and critical brand presence among organizations makes platforms a desirable way to engage in malicious activity and spoof legitimate...

PhishLabs has recently observed attacks targeting enterprises with Emotet payloads for the first time since January, when coordinated efforts by authorities to disrupt operations led this family of threat actors to halt activity. Emotet’s primary function is providing malicious software initial access to compromised systems. It is one of the most widely distributed and well-connected malware...

Phishing attacks targeting consumers during 2021 have increased nearly 32% from 2020, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. While trends have been erratic, multiple spikes in activity continue to make phishing the most dominant attack method on the threat landscape. Threat actors are experimenting with a variety of tactics to target enterprises with these attacks,...

Vishing attacks targeting corporate users have more than doubled for the second consecutive quarter, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Response-Based attacks such as these are increasingly targeting corporate users and stand alongside email-based Credential Theft and Malware attacks to make up the top attack vector targeting enterprises. Every quarter,...

Ransomware continues to grow as a thriving underground economy with limited risk and little barrier to entry. Ransomware attacks are supported by a robust ecosystem of dark web services, where many of the tasks needed to carry out an attack can be outsourced. These tasks are increasingly available and sold by threat actors who specialize in them. In this post, we take a look at Initial Access...

Vishing attacks have more than doubled for the second consecutive quarter, according to the PhishLabs Quarterly Threat Trends & Intelligence Report. The November 2021 report uses hundreds of thousands of attacks analyzed and mitigated by PhishLabs to identify the top threats targeting brands and determine emerging trends throughout the threat landscape. Key Findings of the Quarterly Threat Trends...

Multi-stage vishing attacks have more than doubled since Q2, overtaking BEC attacks as the second most reported response-based threat. These two-pronged attacks differ from conventional vishing by combining malicious emails and phone calls to trick victims into disclosing sensitive information. Emails associated with these campaigns are particularly adept at getting past attack controls because...

Malware delivered via email continues to be the primary source of damaging ransomware attacks targeting businesses and their brands. The malware threat landscape has been tumultuous over the course of 2021, with unskilled actors enjoying a lower barrier to entry through as-a-service models, allowing easy access to proven and sophisticated malicious software. These tools are in a constant state of...

Cloned and spoofed mobile applications can damage a brand’s reputation and compromise user data. Fake mobile apps are widely available on both third-party and official app stores and rely heavily on brand impersonation to build trust and drive downloads. Many mobile users lack the security posture normally practiced on desktops, leaving devices vulnerable to compromise. Fake Apps Cloned Mobile...

Financial institutions have experienced a 15.3% increase in share in phishing attacks, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. This increase establishes financial services as the top targeted industry and shows threat actors continue to place high value on compromised banking credentials. In this post, we take a look at the tools and infrastructure used by threat...

Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Every quarter, PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting enterprises to identify key trends in the threat landscape. In this piece we take a look at phishing volume, industries targeted, and how attacks are being staged. 2021...

Domains are some of the most highly abused tools threat actors use to manipulate victims and execute phishing attacks. In the latest PhishLabs Quarterly Threat Trends & Intelligence report, we break down how actors are abusing Legacy Generic (gTLD) and Country Code (ccTLD) Top-level domains, HTTPS, and free security certificates to target enterprises. Top-level Domain Abuse Percent of Phish...

Social media threats targeting enterprises have increased 47% since January 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report. While the attack volume varies by industry, today the average organization is being targeted on social media with increasing frequency. Every quarter, PhishLabs analyzes and mitigates hundreds of thousands of phishing and social media attacks...

Every quarter, PhishLabs analyzes and mitigates hundreds of thousands of phishing and social media attacks targeting enterprises. In this post, we discuss the top threats reaching corporate inboxes based on incidents detected and mitigated with our Suspicious Email Analysis solution. Reported Threats in Corporate Inboxes Credential Theft Credential theft continues to represent the largest...

Brand threats have accounted for 68% of fraud attacks so far this year. Contrary to traditional cyber attacks, which are designed to compromise the infrastructure or circumvent controls, brand threats live outside of the organization’s control and compromise the reputation of your brand. Common types of brand misrepresentation include spoofed emails, social media scams, and fake mobile apps. The...