Investing in email protection beyond basic anti-spam is vital to protecting an organization. Persuading leadership and stakeholders of this can be complicated. We take a look at ways to obtain comprehensive email security buy-in.
Following a multi-layered approach to phishing defense is a good idea, but using what you have close to home is best when it comes to a sensible security posture. In practice, a robust security awareness training program is key to instruct employees on what to look for when trying to spot phishing emails that may have landed in their inboxes.
QBot was the most reported payload targeting employee inboxes in Q4, according to Fortra’s PhishLabs. This is the fourth consecutive month QBot has led malware activity as bad actors target organizations with a steady stream of high-volume attack campaigns.
Sometimes when sending phishing simulations to our clients, we setup a reply-to address to see if people will reply to suspicious emails and many do. Many people interpret our simulations as scams and articulate that in colorful language. Others provide information that would be dangerous in the hands of a threat actor, such as contact information for […]
Looking ahead to 2023, Fortra’s security experts anticipate new cyber challenges will emerge. In return, organizations and authorities will work more closely together to better strengthen their security posture and response to threats. In this blog, we take a look at what our cybersecurity experts predict for 2023.
The volume of malicious emails reported in corporate inboxes has reached a four-quarter high, according to the latest data from Fortra’s PhishLabs.
In Q3, nearly 80% of threat actors opted to compromise existing websites or abuse free tools when staging phishing sites, according to the latest data from Fortra’s PhishLabs.
In Q3, Redline Stealer represented nearly half of all malware attacks targeting corporate user inboxes. This is the first quarter Redline has led payload volume since PhishLabs began reporting on malware activity.
Listen as Agari’s John Wilson discusses the latest research from Agari and PhishLabs by Fortra.
In Q2, four out of five phishing sites were staged using infrastructure that required no investment on the part of threat actors, including Compromised Sites and Free Tools and Services, according to the Agari & PhishLabs Quarterly Threat Trends & Intelligence Report.
In Q2, Response-Based attacks targeting corporate inboxes climbed to their highest volume since 2020, according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.
Attackers continue to find clever new ways to disguise phishing emails. Here are 10 different ways you can identify a phishing email.
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.
Billy Smith, Managing Director at PhishLabs by Fortra, and Mike Jones, Senior Director of Product Management at Agari by Fortra, discuss the evolution of social engineering attacks, and how organizations can proactively fight back against phishing.
Email spoofing is one of the most common forms of cybercriminal activity, specifically a form of identity deception that’s widely used in phishing and spam attacks.
Despite billions having been invested into perimeter and endpoint security since the onset of the pandemic and the birth of remote or hybrid work environments, phishing and business email compromise (BEC) scams have become primary attack vectors into organizations, often giving threat actors the toehold they need to wreak havoc on companies and their customers.
Despite paying significant attention to security, many organizations continue to be the targets of advanced persistent threats, fraud, sophisticated phishing campaigns, and other bold efforts to access the personally identifiable information (PII) and other sensitive IP they maintain.
In Q1, more than 51% of phishing sites abused paid services, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report.
PhishLabs has identified a Browser-in-the-Browser (BitB) campaign targeting financial institutions with a fake Office 365 (O365) authorization protocol.
In this guest blog, Dr Ed Amoroso, CEO, Tag Cyber, provides a high-level overview of the Fortra cybersecurity portfolio value proposition based on a mapping of its component solution offerings to the NIST Cybersecurity Framework (CSF) phases.
The FBI's annual look at phishing, scam, and personal data breach statistics is out.
What can you do to keep your email secure, ensure only authentic emails reach your contacts’ inboxes, and keep the bad guys out? Follow the lead of companies around the world and implement DMARC.
Phishing site volume increased 28% over the course of 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report.
Phishing attacks targeting consumers during 2021 have increased nearly 32% from 2020, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.
Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.
PhishLabs is monitoring payload families reported in user inboxes. In this piece, we break down the top malware targeting enterprises in Q2.
Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general websites, and a 10 percent increase in BEC attacks originating from free webmail accounts.
The life of a phishing site is brief, but impactful. A recent study found that by the time phishing URLs show up in blocklists, most damage is done.
Key highlights of the report include a significant increase in wire transfer loss attributed to business email compromise (BEC) attacks from the first quarter and a 20% increase in BEC attacks targeting the social media sector.
As Phishing attacks get more sophisticated on the social engineering front, so to does the technology and techniques behind keeping them online longer.
As the coronavirus becomes a global pandemic, threat actors have begun abusing the fear surrounding it. One lure we have spotted even mimics the CDC.
Attend our upcoming webinar to learn about the latest techniques threat actors use to abuse social media for phishing attacks.
APWG's Q2 report shows phishing increasing, SaaS industry prime target, and threat actors are after gift cards.
Verizon's annual Data Breach Investigations Report has just been released. What does it have to say about Phishing?
Phishing: Social engineering using digital methods for malicious purposes.
Everybody knows that reported phishing emails are a valuable resource. But are you making maximum use of yours? This is how you can use reported phish to aid your threat hunting capability.
Following the formal indictment of nine Iranian threat actors on March 23, 'Silent Librarian' attacks against universities and other research organizations have continued unabated.
BankBot Anubis takes mobile threats to the next level incorporating ransomware, keylogger abilities, remote access trojan functions, SMS interception, call forwarding, and lock screen functionality.
Reporting an email to your IT team is incredibly important, and it's because these 11 email types each have different impacts.
Job scams represent only one of the many techniques deployed by criminals, who are growing increasingly creative and sophisticated in luring their victims.
Find out how URL pattern analysis can dramatically reduce the time and energy required to produce actionable phishing intelligence
It's notoriously hard to evidence the need for investment in security awareness. But with a concrete ROI forecast, the task becomes must easier.
With so many variables and conflicting claims calculating the cost of phishing can be difficult. Let us make it easy for you.
If you've ever configured a spam filter, you know how frustrating it can be. Here's why some phishing emails always get through.
Phishing has become a huge concern in recent years, and it can be frustrating when users continue to fall for them. Here's why it happens.
Compromised websites are an integral part of the cybercrime ecosystem. PhishLabs recommends these steps to help prevent this kind of exploit.
Hackers targeting bitcoin wallet users are leveraging Google's AdWords. Phishlabs has previously seen similar attacks over the past year.
PhishLabs' phishing research and analysis have shown that phishers are continually developing new methods to facilitate their malicious activities.
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source). Think community financial institutions aren’t in the crosshairs for account takeover? Think again. (PhishLabs) There is clear evidence that account takeover (ATO) is a big problem and growing worse. The Federal Reserve Bank of Atlanta […]
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab," targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab" operations have been active since at least mid-June. The attacks use email messages to direct potential victims to a phishing page. Visitors to the phishing page are also exposed to an exploit kit that abuses software vulnerabilities to infect victims with malware.
Phishing takedown services, anti-phishing services, phishing protection. What's best for stopping phishing attacks? Learn the key distinctions and how they make a big difference.
PhishLabs has detected a new phishing attack targeting users of the Mt. Gox bitcoin exchange: While most phishing attacks used hacked legitimate web sites to host phishing pages, this particular attack is using a registered domain name of RAA.CN.COM. CN.COM isn’t a real top-level domain name, but CentralNic allows registrars to sell third-level domains within […]
Almost every day I speak with a bank somewhere about phishing. I ask them how much of a threat is it, what are they doing about it, and how does it affect their business. Surprisingly, the answers I get vary quite a bit from one organization to another. Most are concerned about the costs of […]
PhishLabs has discovered a new variant of a common phishing page that prompts users to upload a scanned copy of their driver’s license and telephone bill. The scam detected targets customers of a large US bank. Most likely the phisher is attempting to circumvent additional security measures by the bank such as telephone based authentication […]
PhishLabs has discovered a phishing site targeting Instagram users: It is not clear if the intention of the responsible miscreants is to steal photos, email credentials, or Facebook credentials. It is probably the latter given the phishing site redirects to Facebook after stealing an email address and password. However, it does seem clear that […]
Xfire “is a free tool that automatically keeps track of when and where gamers are playing PC games online and lets their friends join them easily.” PhishLabs recently discovered a phishing page targeting Xfire users that used a clever trick to warn potential victims. By using cascading style sheets (.css) files that are generated on […]
Almost since the beginning of phishing, attackers have created simple webpages that redirect users to another URL that contains the actual phishing form. They do this for several reasons. In case their phishing site is shutdown, they can simply change the destination of the redirect to point to another phishing site. This means that everyone […]
For over a year, the Rock Phish Gang was using the Avalanche botnet to host their various phishing scams and malware distribution sites. Fortunately, the botnet was shutdown last week – how long remains to be seen. Unfortunately, the Rock Phish Gang have not gone away. These criminals continue to distribute their Zeus trojans and […]
The Avalanche botnet, also known as “MS-Redirect”, has been responsible for hosting phishing pages and malware distribution attacks on over 35 organizations, including the IRS, Facebook, MySpace, most recently NACHA, and many more. Unfortunately, there’s a great deal of confusion over how this botnet works and how it’s related to other malware. Let’s clear it […]
Some security problems just never seem to go away. I’m not sure if its because there’s a steady stream of new web developers that have to learn things the hard way, if people forget, or they think that their open programs won’t be found by the bad guys. Unfortunately for those of us that fight […]
There are numerous sites on the Internet where aspiring cybercriminals can download free phishing kits. Despite it being relatively well known that most kits have backdoors in them that cause stolen information to be sent to the kit authors, they’re still used quite frequently. Interestingly, one such free phish kit distribution site added flag counter […]
Nearly a year ago I asserted in a Dark Reading interview that phishers were using Google and other search engines to find vulnerable web sites which they used to launch their scams. By a simple analysis of the web hosts and URLs used in phishing, I estimated that the vast majority of phishing web sites […]
You may have heard about a recently discovered 0-day vulnerability in Adobe Acrobat that has been used in targeted attacks. While this isn’t anything like a traditional phishing or malware attack, it could be considered a type of ‘spear’ phishing. In case you haven’t heard the details yet, there’s a vulnerability in Adobe Acrobat Reader […]
How do phishers choose their targets? Usually, it is relatively random. Occasionally, phishers will be able to hack into some online web application or ecommerce site and create a dump of the database along with victim email addresses and locations, but that’s not a common scenario. Most of the time, they use tools to extract […]
Over on the Symantec Security Response Online Fraud blog, Antonio Forzieri, follows up to his previous post about reactive phishing defenses. In his post, Antonio discusses the merits and pitfalls of diluting phishing sites with different types of bogus data. The last case, where phishers automatically validate the data from within the phishing site itself […]