tag = "Phishing"

How to Gain Stakeholder Support for Email Security Investment

Investing in email protection beyond basic anti-spam is vital to protecting an organization. Persuading leadership and stakeholders of this can be complicated. We take a look at ways to obtain comprehensive email security buy-in.

What Is an Enterprise’s Secondary Line of Defense Against Phishing Emails?

Following a multi-layered approach to phishing defense is a good idea, but using what you have close to home is best when it comes to a sensible security posture. In practice, a robust security awareness training program is key to instruct employees on what to look for when trying to spot phishing emails that may have landed in their inboxes.

QBot Campaigns Overwhelmingly Lead Reported Payloads in Q4

QBot was the most reported payload targeting employee inboxes in Q4, according to Fortra’s PhishLabs. This is the fourth consecutive month QBot has led malware activity as bad actors target organizations with a steady stream of high-volume attack campaigns.

What to do with Suspicious Emails (Don’t Reply!)  

Sometimes when sending phishing simulations to our clients, we setup a reply-to address to see if people will reply to suspicious emails and many do.  Many people interpret our simulations as scams and articulate that in colorful language. Others provide information that would be dangerous in the hands of a threat actor, such as contact information for […]

A Spotlight on Cybersecurity: 2022 Trends and 2023 Predictions

Looking ahead to 2023, Fortra’s security experts anticipate new cyber challenges will emerge. In return, organizations and authorities will work more closely together to better strengthen their security posture and response to threats. In this blog, we take a look at what our cybersecurity experts predict for 2023.

Emails Reported as Malicious Reach Four-Quarter High in Q3

The volume of malicious emails reported in corporate inboxes has reached a four-quarter high, according to the latest data from Fortra’s PhishLabs.

Financials See Increase in Phishing Attacks, Compromised Sites Lead Staging Methods in Q3

In Q3, nearly 80% of threat actors opted to compromise existing websites or abuse free tools when staging phishing sites, according to the latest data from Fortra’s PhishLabs.

RedLine Stealer Leads Payloads in Q3

In Q3, Redline Stealer represented nearly half of all malware attacks targeting corporate user inboxes. This is the first quarter Redline has led payload volume since PhishLabs began reporting on malware activity.

Crucial Tech Podcast with Agari: Hybrid Vishing Attacks

Listen as Agari’s John Wilson discusses the latest research from Agari and PhishLabs by Fortra.

Q2 Phishing Volume Up, Compromised Sites Lead Staging Methods

In Q2, four out of five phishing sites were staged using infrastructure that required no investment on the part of threat actors, including Compromised Sites and Free Tools and Services, according to the Agari & PhishLabs Quarterly Threat Trends & Intelligence Report.

New Report Documents Highest Volume of Response-Based Email Threats Since 2020

In Q2, Response-Based attacks targeting corporate inboxes climbed to their highest volume since 2020, according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.

Top 10 Ways To Recognize a Phishing Email

Attackers continue to find clever new ways to disguise phishing emails. Here are 10 different ways you can identify a phishing email.

10,000 organisations targeted by phishing attack that bypasses multi-factor authentication

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.

Interview: How Organizations Can Proactively Tackle Phishing Attacks

Billy Smith, Managing Director at PhishLabs by Fortra, and Mike Jones, Senior Director of Product Management at Agari by Fortra, discuss the evolution of social engineering attacks, and how organizations can proactively fight back against phishing.

What Is Email Spoofing and How Do You Protect Against It?

Email spoofing is one of the most common forms of cybercriminal activity, specifically a form of identity deception that’s widely used in phishing and spam attacks.

Customer Phishing Protection Couldn’t Be Easier with PhishLabs

Despite billions having been invested into perimeter and endpoint security since the onset of the pandemic and the birth of remote or hybrid work environments, phishing and business email compromise (BEC) scams have become primary attack vectors into organizations, often giving threat actors the toehold they need to wreak havoc on companies and their customers.

Building Cybersecurity Resilience in Financial Services

Despite paying significant attention to security, many organizations continue to be the targets of advanced persistent threats, fraud, sophisticated phishing campaigns, and other bold efforts to access the personally identifiable information (PII) and other sensitive IP they maintain.

Q1 Phishing Volume Consistent, Up Over Q4

In Q1, more than 51% of phishing sites abused paid services, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report.

Why BitB Attacks are Concerning

PhishLabs has identified a Browser-in-the-Browser (BitB) campaign targeting financial institutions with a fake Office 365 (O365) authorization protocol.

What is the Fortra Value Proposition for Cybersecurity?

In this guest blog, Dr Ed Amoroso, CEO, Tag Cyber, provides a high-level overview of the Fortra cybersecurity portfolio value proposition based on a mapping of its component solution offerings to the NIST Cybersecurity Framework (CSF) phases.

Cybercrime Cost U.S. $6.9 Billion in 2021

The FBI's annual look at phishing, scam, and personal data breach statistics is out.

Understanding the What, How, and Why of DMARC

What can you do to keep your email secure, ensure only authentic emails reach your contacts’ inboxes, and keep the bad guys out? Follow the lead of companies around the world and implement DMARC.

Erratic Phishing Volume Increases 28% in 2021

Phishing site volume increased 28% over the course of 2021, according to PhishLabs Quarterly Threat Trends & Intelligence Report.

Phishing Increases as Industries New and Old Face a Barrage of Threats

Phishing attacks targeting consumers during 2021 have increased nearly 32% from 2020, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Free Tools and Services Fuel Phishing Increase

Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.

Qbot Leads Payload Volume in Q2

PhishLabs is monitoring payload families reported in user inboxes. In this piece, we break down the top malware targeting enterprises in Q2.

APWG Q3 Report:Four Out of Five Criminals Prefer HTTPS

Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general websites, and a 10 percent increase in BEC attacks originating from free webmail accounts.

Limited Impact of Phishing Site Blocklists and Browser Warnings

The life of a phishing site is brief, but impactful. A recent study found that by the time phishing URLs show up in blocklists, most damage is done.

APWG: SSL Certificates No Longer Indication of Safe Browsing

Key highlights of the report include a significant increase in wire transfer loss attributed to business email compromise (BEC) attacks from the first quarter and a 20% increase in BEC attacks targeting the social media sector.

Evasion Techniques: User-Agent Blocking

As Phishing attacks get more sophisticated on the social engineering front, so to does the technology and techniques behind keeping them online longer.

How Threat Actors are Abusing Coronavirus Uncertainty

As the coronavirus becomes a global pandemic, threat actors have begun abusing the fear surrounding it. One lure we have spotted even mimics the CDC.

New Webinar: Inside the World of Social Media Phishing: Financial Scams

Attend our upcoming webinar to learn about the latest techniques threat actors use to abuse social media for phishing attacks.

APWG: Phishing Continues to Rise, Threat Actors Love Gift Cards

APWG's Q2 report shows phishing increasing, SaaS industry prime target, and threat actors are after gift cards.

Phishing Number One Cause of Data Breaches: Lessons from Verizon DBIR

Verizon's annual Data Breach Investigations Report has just been released. What does it have to say about Phishing?

The Definition of Phishing

Phishing: Social engineering using digital methods for malicious purposes.

Using Reported Phish to Hunt Threats

Everybody knows that reported phishing emails are a valuable resource. But are you making maximum use of yours? This is how you can use reported phish to aid your threat hunting capability.

Silent Librarian University Attacks Continue Unabated in Days Following Indictment

Following the formal indictment of nine Iranian threat actors on March 23, 'Silent Librarian' attacks against universities and other research organizations have continued unabated.

New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users

BankBot Anubis takes mobile threats to the next level incorporating ransomware, keylogger abilities, remote access trojan functions, SMS interception, call forwarding, and lock screen functionality.

The 11 Types of Reported Emails

Reporting an email to your IT team is incredibly important, and it's because these 11 email types each have different impacts.

Holiday Phishing Scams Target Job Seekers

Job scams represent only one of the many techniques deployed by criminals, who are growing increasingly creative and sophisticated in luring their victims.

How to Use URL Pattern Analysis for Phishing Detection & Mitigation

Find out how URL pattern analysis can dramatically reduce the time and energy required to produce actionable phishing intelligence

How to Calculate ROI for Security Awareness Training

It's notoriously hard to evidence the need for investment in security awareness. But with a concrete ROI forecast, the task becomes must easier.

How and Why You Should Calculate Your Organization’s Cost of Phishing

With so many variables and conflicting claims calculating the cost of phishing can be difficult. Let us make it easy for you.

Why Some Phishing Emails Will Always Get Through Your Spam Filter

If you've ever configured a spam filter, you know how frustrating it can be. Here's why some phishing emails always get through.

Why Your Users Keep Falling for Phishing Scams

Phishing has become a huge concern in recent years, and it can be frustrating when users continue to fall for them. Here's why it happens.

When Good Websites Turn Evil: How Cybercriminals Exploit File Upload Features to Host Phishing Sites

Compromised websites are an integral part of the cybercrime ecosystem. PhishLabs recommends these steps to help prevent this kind of exploit.

Google AdWords Used in Bitcoin, Banking, and Online Gambling Phishing Campaigns

Hackers targeting bitcoin wallet users are leveraging Google's AdWords. Phishlabs has previously seen similar attacks over the past year.

Recent Phishing Campaign Uses Jabber to Exfiltrate Compromised Information

PhishLabs' phishing research and analysis have shown that phishers are continually developing new methods to facilitate their malicious activities.

Cyberespionage Phishing Attack, Backoff Malware Spreads, Retail Breach and more | TWIC – October 24, 2014

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source). Think community financial institutions aren’t in the crosshairs for account takeover? Think again. (PhishLabs) There is clear evidence that account takeover (ATO) is a big problem and growing worse. The Federal Reserve Bank of Atlanta […]

Shellshock Phishing Attacks, Windows Zero-Day Vulnerability, Dropbox Hack and More | TWIC – October 17, 2014

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Smash & Grab cybercrime attacks have been active since mid-June

Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab," targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab" operations have been active since at least mid-June. The attacks use email messages to direct potential victims to a phishing page. Visitors to the phishing page are also exposed to an exploit kit that abuses software vulnerabilities to infect victims with malware.

Phishing Takedown < Anti-Phishing < Phishing Protection

Phishing takedown services, anti-phishing services, phishing protection. What's best for stopping phishing attacks? Learn the key distinctions and how they make a big difference.

Phishing for Bitcoins

PhishLabs has detected a new phishing attack targeting users of the Mt. Gox bitcoin exchange: While most phishing attacks used hacked legitimate web sites to host phishing pages, this particular attack is using a registered domain name of RAA.CN.COM. CN.COM isn’t a real top-level domain name, but CentralNic allows registrars to sell third-level domains within […]

Why Phishing Matters

Almost every day I speak with a bank somewhere about phishing. I ask them how much of a threat is it, what are they doing about it, and how does it affect their business. Surprisingly, the answers I get vary quite a bit from one organization to another. Most are concerned about the costs of […]

Phishing Site Asks to Upload Image of Their Driver’s License and Phone Bill

PhishLabs has discovered a new variant of a common phishing page that prompts users to upload a scanned copy of their driver’s license and telephone bill. The scam detected targets customers of a large US bank. Most likely the phisher is attempting to circumvent additional security measures by the bank such as telephone based authentication […]

PhishLabs Discovers Instagram Phishing Site

PhishLabs has discovered a phishing site targeting Instagram users:   It is not clear if the intention of the responsible miscreants is to steal photos, email credentials, or Facebook credentials. It is probably the latter given the phishing site redirects to Facebook after stealing an email address and password. However, it does seem clear that […]

David Hasselhoff – Anti-Phishing Educator?

Xfire “is a free tool that automatically keeps track of when and where gamers are playing PC games online and lets their friends join them easily.” PhishLabs recently discovered a phishing page targeting Xfire users that used a clever trick to warn potential victims. By using cascading style sheets (.css) files that are generated on […]

Advancements in Phishing Redirector Scripts

Almost since the beginning of phishing, attackers have created simple webpages that redirect users to another URL that contains the actual phishing form. They do this for several reasons. In case their phishing site is shutdown, they can simply change the destination of the redirect to point to another phishing site. This means that everyone […]

Rock Moves to Email Attachments

For over a year, the Rock Phish Gang was using the Avalanche botnet to host their various phishing scams and malware distribution sites. Fortunately, the botnet was shutdown last week – how long remains to be seen. Unfortunately, the Rock Phish Gang have not gone away. These criminals continue to distribute their Zeus trojans and […]

Cleaning up from the Avalanche

The Avalanche botnet, also known as “MS-Redirect”, has been responsible for hosting phishing pages and malware distribution attacks on over 35 organizations, including the IRS, Facebook, MySpace, most recently NACHA, and many more. Unfortunately, there’s a great deal of confusion over how this botnet works and how it’s related to other malware. Let’s clear it […]

Open Formmailers Won’t Die

Some security problems just never seem to go away. I’m not sure if its because there’s a steady stream of new web developers that have to learn things the hard way, if people forget, or they think that their open programs won’t be found by the bad guys. Unfortunately for those of us that fight […]

Top 10 Free Phish Kit Users

There are numerous sites on the Internet where aspiring cybercriminals can download free phishing kits. Despite it being relatively well known that most kits have backdoors in them that cause stolen information to be sent to the kit authors, they’re still used quite frequently. Interestingly, one such free phish kit distribution site added flag counter […]

Evil Searching and Phishing

Nearly a year ago I asserted in a Dark Reading interview that phishers were using Google and other search engines to find vulnerable web sites which they used to launch their scams. By a simple analysis of the web hosts and URLs used in phishing, I estimated that the vast majority of phishing web sites […]

Acrobat 0-Day Used in Targeted Attacks

You may have heard about a recently discovered 0-day vulnerability in Adobe Acrobat that has been used in targeted attacks. While this isn’t anything like a traditional phishing or malware attack, it could be considered a type of ‘spear’ phishing. In case you haven’t heard the details yet, there’s a vulnerability in Adobe Acrobat Reader […]

Phisher Email Address Harvesting Tools

How do phishers choose their targets? Usually, it is relatively random. Occasionally, phishers will be able to hack into some online web application or ecommerce site and create a dump of the database along with victim email addresses and locations, but that’s not a common scenario. Most of the time, they use tools to extract […]

Phisher Tactics: “True Logins” Phishing Kits

Over on the Symantec Security Response Online Fraud blog, Antonio Forzieri, follows up to his previous post about reactive phishing defenses. In his post, Antonio discusses the merits and pitfalls of diluting phishing sites with different types of bogus data. The last case, where phishers automatically validate the data from within the phishing site itself […]