Looking ahead to 2023, Fortra’s security experts anticipate new cyber challenges will emerge. In return, organizations and authorities will work more closely together to better strengthen their security posture and response to threats. In this blog, we take a look at what our cybersecurity experts predict for 2023.
Whether you love or loathe social media, these platforms have become integral to how we communicate as individuals and businesses. Cybercriminals have also taken note, embracing these communication channels wholeheartedly to reach vast audiences quickly, anonymously, and cheaply, successfully defrauding targets of all stripes.
Criminals are capitalizing on the urgency behind gift-giving celebrations such as Black Friday, Cyber Monday, Christmas, and Hanukkah. Counterfeit activity has grown more than 50% from September through November, with a 27% increase over the course of November alone, according to Fortra’s PhishLabs.
In Q3, Credit Unions nearly overtook National Banks as the top targeted industry on the Dark Web, according to recent data from Fortra’s PhishLabs.
In Q3, the volume of social media attacks targeting the average business was 40.4% higher than the same time last year, according to the latest data from Fortra’s PhishLabs.
The financial industry continues to experience the largest volume of abuse among all industries on social media.
Listen as Agari’s John Wilson discusses the latest research from Agari and PhishLabs by Fortra.
The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands.
Retail brands are increasingly targeted with fraudulent advertisements, fake social accounts, and falsely branded websites. These multipronged counterfeit campaigns redirect sales and compromise consumer data using brand recognition, the same component critical to driving sales within the retail industry.
Nearly half of stolen data on the Dark Web was marketed through Chat-Based Services in Q2 after a sharp increase in illegal transactions, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report.
In Q2, malicious attacks targeting organizations on social media have increased more than 20% over Q1, according to the latest Agari and PhishLabs’ Quarterly Threat Trends & Intelligence Report.
Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a BEC attack.
Billy Smith, Managing Director at PhishLabs by Fortra, and Mike Jones, Senior Director of Product Management at Agari by Fortra, discuss the evolution of social engineering attacks, and how organizations can proactively fight back against phishing.
Emotet contributed to just over 47% of all attacks targeting corporate users in Q2, narrowly surpassing the former leader QBot.
Despite billions having been invested into perimeter and endpoint security since the onset of the pandemic and the birth of remote or hybrid work environments, phishing and business email compromise (BEC) scams have become primary attack vectors into organizations, often giving threat actors the toehold they need to wreak havoc on companies and their customers.
In Q1, the exchange of sensitive data on Carding Marketplaces and Forums increased as government seizure of multiple Dark Web sites prompted a shift in where actors conduct illegal activities, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report.
In Q1, more than 51% of phishing sites abused paid services, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report.
Social media attacks targeting enterprises have increased 105% from Q1 2021 to Q1 2022 according to Agari and PhishLabs’ latest Quarterly Threat Trends & Intelligence Report.
This guest blog by Dr. Edward Amoroso, TAG Cyber, provides a high-level overview of modern advances in cyber threat intelligence and how the Fortra cybersecurity portfolio supports this important method for reducing information risk in enterprise at various levels of the intelligence process starting with data security.
In this episode of the EM360 podcast, Head of Content Max Kurton talks to John LaCour, Founder & CTO of Phishlabs and Principal Strategist at parent company Fortra, about Social Media as a threat channel.
In Q4, Carding Marketplaces experienced a dramatic increase in activity, representing 32.9% of criminal exchanges on the Dark Web and signaling a shift away from web forums.
Social Media attacks targeting enterprises increased 103% in 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report.
Hybrid Vishing attacks have increased 554% in volume, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.
Qbot and ZLoader payloads targeting enterprises contributed to almost 89% of email-based malware volume in Q4.
In Q3, more than 75% of threats observed on the Dark Web were related to stolen credit card and debit card data, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.
Attacks targeting enterprises on Social Media have increased 82% since January, according to PhishLabs Quarterly Threat Trends & Intelligence Report.
PhishLabs has recently observed attacks targeting enterprises with Emotet payloads for the first time since January, when coordinated efforts by authorities to disrupt operations led this family of threat actors to halt activity.
Phishing attacks targeting consumers during 2021 have increased nearly 32% from 2020, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.
Vishing attacks targeting corporate users have more than doubled for the second consecutive quarter, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.
Vishing attacks have more than doubled for the second consecutive quarter, according to PhishLabs Quarterly Threat Trends & Intelligence Report.
A new Android banking trojan is targeting financial institutions, crypto-wallets, and the retail industry.
Multi-stage vishing attacks have more than doubled since Q2, overtaking BEC attacks as the second most reported response-based threat.
As ransomware continues to improve its tactics and break records, PhishLabs is monitoring payload families reported in user inboxes that are used to facilitate these attacks.
Cloned and spoofed mobile applications can damage a brand’s reputation and compromise user data.
In this post, we take a look at the tools and infrastructure used by threat actors to target financial services.
Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.
Social media threats targeting enterprises have increased 47% since January 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report.
In this post, we discuss the top threat types reaching corporate inboxes, and what these attacks mean for security teams.
In order to protect their organizations, security teams should prioritize efforts to proactively detect brand abuse.
Phishing volume in 2021 continues to outpace last year by 22%, according to PhishLabs Quarterly Threat Trends & Intelligence Report.
Usernames can hold meaning to the individual, and as a result provide useful information when expanding investigations to different social platforms.
Threat actors improve the resiliency of phishing campaigns by concealing malicious content from security teams. In this post we discuss active evasion, restricting by interaction.
Cybercriminals use evasion techniques to extend the life of phishing campaigns. In this post we discuss active evasion, restricting non-targets by device.
Evasion techniques are methods attackers deploy to extend the life of phishing campaigns. In this post, we take a look at active evasion techniques restricting non-targets by location.
In this post, we show the frequency of common look-alike domain threats, the mechanics of an attack, and resources to minimize risk.
Impersonation is a highly effective tactic for threat actors because it piggybacks on the credibility of a brand to legitimize a malicious objective. As a result, it is one of the most common components of a cyber attack.
By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. In this post, we'll describe how domains help us communicate on the Internet, the anatomy of a look-alike domain and why we fall for them, how attackers create them, and the best place to begin when facing this common threat.
Digital evolution is leaving enterprises increasingly susceptible to attacks outside the network perimeter.In order to detect and respond to today's most relevant threats, security teams are investing in operational Digital Risk Protection (DRP) capabilities.
Data stolen in ransomware attacks is frequentlybecoming public even after the victim has paid.
The life of a phishing site is brief, but impactful. A recent study found that by the time phishing URLs show up in blocklists, most damage is done.
Today's enterprise attack surface is not limited to the corporate network. In fact, the network is just a small slice. When it comes to deciding how and where to attack an enterprise, threat actors have ample opportunity beyond the network perimeter. As a result, enterprises are investing in operational capabilities to detect and respond to external threats across the digital risk landscape. This is Digital Risk Protection (DRP).
Digital Risk Protection (DRP) continues to gain momentum and attention among CISOs and security professionals. DRP, an operational security function once classified under Threat Intelligence (TI), has been elevated by the Gartner Hype Cycle and other analyst research as an emerging security function that security teams rely on to address multiple external cyber threat use cases.
Social media is rapidly becoming the preferred online channel for threat actors. Almost four billion people use some form of social media, and organizations are increasingly reliant on company pages, executive presence, and positive customer interaction to build a strong brand. As a result, a malicious post or tweet can cause irreversible damage to an enterprise.
PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers.
The digital presence of today's enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood of experiencing a major incident due to data leakage is very high. So much so that a recent Gartner Emerging Technologies Report highlighted data leakage as a primary concern.
Demand for Digital Risk Protection has grown due to the need for better visibility and remediation of threats targeting enterprises' digital assets.
On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked. What does this mean for enterprises and their security teams?
Digital Risk Protection has emerged as a critical new capability for security teams according to Gartner.
Much like a threat actor can pose as an executive in BEC attacks, they can take over a social media account and abuse the inherent trust we have with it.
Attend our upcoming webinar to learn about the latest techniques threat actors use to abuse social media for phishing attacks.
A unique mobile obfuscation technique discovered to help threat actors keep their attacks alive longer.
Want to protect your brands, employees, and customers from threats originating from social media? Your marketing team and their tools are not sufficient.
Last month our Director of Product Management discussed why modern enterprise organizations need a digital risk protection plan in place. Here are a few tips to get you started.
When bad social media posts go viral, there is a good chance the press will pick up on it. However, how damaging is it to a brand? Let's look at some numbers.
In the wake of the Associated Press coverage highlighting Google's location tracking fiasco, now is a good time for a refresher on why geolocation tracking is an issue.