The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow. Additionally, bad actors are continuously modifying attack...

Retail brands are increasingly targeted with fraudulent advertisements, fake social accounts, and falsely branded websites. These multipronged counterfeit campaigns redirect sales and compromise consumer data using brand recognition, the same component critical to driving sales within the retail industry. The massive expansion of ecommerce and online consumer-to-retail interaction creates a...

Cyber attacks targeting retail brands have increased dramatically over the last year. Since Q3 2021, retail has experienced a nearly 500% increase in attacks on social media alone. Counterfeit websites and look-alike domains are also among the top threats to online retailers. Attackers incorporate stolen designs and trademarks to stand up counterfeit sites, outbid legitimate businesses with...

In Q1, more than 51% of phishing sites abused paid services, according to the Agari and PhishLabs Quarterly Threat Trends & Intelligence Report. This is the first time in five consecutive quarters where the majority of phishing sites were staged using Paid Domain Registrations or Compromised Sites. Phishing volume as a whole continues to increase in 2022 in comparison to the same time period last...

Vishing attacks have increased almost 550 percent over the last twelve months, according to Agari and PhishLabs’ Quarterly Threat Trends & Intelligence Report. The May report uses hundreds of thousands of phishing and social media threats analyzed and mitigated by Agari and PhishLabs, both of which are part of the Fortra cybersecurity portfolio. By identifying and mitigating attacks targeting...

PhishLabs has identified a Browser-in-the-Browser (BitB) campaign targeting financial institutions with a fake Office 365 (O365) authorization protocol. The attack is delivered via phishing email and redirects the victim to a website impersonating an O365 single sign-on (SSO) page. A BitB attack is a novel phishing technique that replicates pop-up windows used for SSO in an effort to steal login...

Qbot payloads targeting enterprises contributed to almost three quarters of all email-based malware since the beginning of 2022. Although reported malware activity among families continues to fluctuate dramatically from quarter to quarter, QBot reports in Q1 represent the highest volume of a single malware variety over the past 12 months. Phishing lures delivering payloads remain the primary...

Courtesy of Agari by Fortra. You probably already know this, but it bears repeating: Email by itself is NOT secure; anyone can use someone else’s identity to send emails. In fact, email is the #1 way cyberattackers can target your customers and your email ecosystem. No brand is untouchable when it comes to attackers using or spoofing email domains to send spam, phishing attempts, malware, or...

Hybrid Vishing attacks have increased 554% in volume, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Response-Based attacks such as these, combined with Credential Theft and Malware Delivery, collectively represent the top online attack vector targeting corporate users. Every quarter, PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting...

Vishing attacks have more than doubled for the second consecutive quarter, according to the PhishLabs Quarterly Threat Trends & Intelligence Report. The November 2021 report uses hundreds of thousands of attacks analyzed and mitigated by PhishLabs to identify the top threats targeting brands and determine emerging trends throughout the threat landscape. Key Findings of the Quarterly Threat Trends...

Multi-stage vishing attacks have more than doubled since Q2, overtaking BEC attacks as the second most reported response-based threat. These two-pronged attacks differ from conventional vishing by combining malicious emails and phone calls to trick victims into disclosing sensitive information. Emails associated with these campaigns are particularly adept at getting past attack controls because...

Domains are some of the most highly abused tools threat actors use to manipulate victims and execute phishing attacks. In the latest PhishLabs Quarterly Threat Trends & Intelligence report, we break down how actors are abusing Legacy Generic (gTLD) and Country Code (ccTLD) Top-level domains, HTTPS, and free security certificates to target enterprises. Top-level Domain Abuse Percent of Phish...

Brand threats have accounted for 68% of fraud attacks so far this year. Contrary to traditional cyber attacks, which are designed to compromise the infrastructure or circumvent controls, brand threats live outside of the organization’s control and compromise the reputation of your brand. Common types of brand misrepresentation include spoofed emails, social media scams, and fake mobile apps. The...

Phishing volume in 2021 continues to outpace last year by 22%, according to PhishLabs Quarterly Threat Trends & Intelligence Report. The August 2021 report uses data from hundreds of thousands of attacks analyzed and mitigated by PhishLabs to identify the most recent top threats targeting brands and determine emerging trends throughout the threat landscape. Key Findings of the Quarterly Threat...

One piece of evidence that adds value to investigating social media threats is the threat actor’s chosen username. Usernames can hold meaning to the individual, and as a result provide useful information when expanding investigations to different social platforms. As we covered in our last OSINT post, connecting all known social media accounts to one user is a critical step in determining risk,...

Threat actors improve the resiliency of phishing campaigns by concealing malicious content from security teams. Avoiding detection increases an attacker’s odds of reaching more victims and achieving a more lucrative outcome. There are many types of evasion techniques that can be used individually or in tandem. In this post we discuss active evasion, restricting by interaction. Restricting by...

Cybercriminals continue to heavily abuse domains to launch phishing attacks. PhishLabs’ analysis of Q1 phishing attacks has found that: 96% used Legacy Generic (gTLD) or Country Code (ccTLD) Top-level Domains Almost 83% abused HTTPS Domain Validated (DV) Certificates were used 94.5% of the time For this analysis, PhishLabs looked at three categories of TLDs: Legacy gTLDs, ccTLDs,...

In Q1, PhishLabs analyzed hundreds of thousands of phishing attacks and found more than 62% abused legitimate no-cost tools or services. >> Access the Report In this post, we take a look at findings from our Q1 Threat Trends and Intelligence Report and review the free services that were most commonly abused to stage phishing sites. Methods of Staging Phishing Sites ...

Phishing attacks in Q1 have increased 47% compared to last year, according to PhishLabs newly released Q1 2021 Threat Trends & Intelligence Report. The report uses data collected from hundreds of thousands of attacks analyzed and mitigated by PhishLabs in Q1 to identify top threats targeting enterprise brands, and determine emerging trends throughout the threat landscape. Key findings of...

Threat actors routinely impersonate brands as part of their attacks. Brand abuse can occur anywhere online, and impersonating a reputable company automatically gives credibility to a threat that might otherwise be instantly identified as suspicious. Because brand impersonation is so broadly used across the threat landscape, security teams need to have complete visibility into the top brand...