Resources
Blog

Active Phishing Campaign: Yousign HR Lure

By Meriam Senouci on Thu, 05/23/2024
A new, sophisticated active phishing campaigns focuses on malicious emails that leverage Yousign e-signature services to carry out phishing attacks. Learn more about this tactic through examples, high-level details, and associated threat indicators.
Online Impersonation
fta-identify-and-disrupt-threats-before-attackers-strike-800x454.jpg
On-Demand Webinar

Identify and Disrupt Threats Before Attackers Strike

Join us as Fortra experts detail expanded capabilities, insight, and anti-threat measures to better address blind spots, proactively disrupt threat actors, prevent fraud, and enrich security. Attendees will learn about the newly expanded capabilities, including: Compromised Credentials Monitoring enables users to proactively defend against fraud...
fta-pl-social-platform-impersonations-types-consequences-defenses-800x454.jpg
On-Demand Webinar

Social Platform Impersonations: Types, Consequences, and Defenses

Social media is bigger than ever and threats are getting more sophisticated, but gone are the days when people could simply request to have an impersonation removed. Learn how to sift through the social media threat noise and get effective mitigation of social media threats including impersonations.
Executive Attacks on Social Media Hit All-Time High as Analysts Point to AI
Blog

Executive Attacks on Social Media Hit All-Time High as Analysts Point to AI

By Jessica Ryan on Tue, 01/16/2024
Executive impersonation on social media is at an all-time high as threat actors take advantage of AI to improve and scale their attacks. In Q3, accounts pretending to belong to high-ranking executives on social media climbed to more than 54% of total impersonation volume, surpassing brand attacks for the first time since Fortra began tracking this data. The volume and composition of these attacks...
fta-pl-handling-threats-that-land-in-user-inboxes
Video

On-Demand Webinar: Handling Threats That Land in User Inboxes

The risk of a user receiving a socially engineered attack is higher than ever, and technological solutions often miss the most devastating of them. Though technology is both an important and required component in protecting the enterprise, security teams need to remain vigilant and educated on quickly identifying threats which make it past...
Account Takeover Protection
Executive Protection
Online Impersonation
External Data Leaks
fta-pl-evolving-your-cyber-threat-intel-program-into-action
Video

Digital Risk Protection: Evolving Your Cyber Threat Intel Program Into Action

Now Available On-demand Digital Risk Protection is an emerging technology that is on the rise in Gartner’s latest Hype Cycle for Security Operations. In this webinar, PhishLabs’ Manager of Solutions Engineering, Eric George, will break down Digital Risk Protection, explain how it works, and share recent use cases. You will learn how enterprises use...
External Data Leaks
cyber threat defense report thumbnail
Video

Key Insights from the 2023 Cyberthreat Defense Report

Eric George, Director of Solutions Engineering at Fortra, and Steve Piper, CEO of CyberEdge The 2023 Cyberthreat Defense Report provides deep insight into the perspectives of cybersecurity professionals. Join us to learn what your peers are thinking and doing Thursday, May 4, at 11 a.m. ET. Eric George, Director of Solutions Engineering at Fortra, and Steve Piper, CEO of CyberEdge, will present...
Account Takeover Protection
Online Impersonation
Top Brand Threats and Defense Tactics
Guide

Brand Threats Masterclass

In 2024, organizations face growing brand protection challenges with online impersonation attacks targeting their assets through non-traditional means. These attacks are spanning channels not typically protected by corporate controls and leveraging AI to generate lures, making detection increasingly broad and mitigation nuanced. To better understand the top brand risks, Fortra held a roundtable...
Account Takeover Protection
External Data Leaks
The Email Security Gaps in Your Cloud
Blog

The Email Security Gaps in Your Cloud

Thu, 12/14/2023
It’s not news that most enterprises operate in the cloud. Migration to the cloud leads to better collaboration, data storage, and lower costs compared to on-premises resources. Odds are your organization is currently enjoying the conveniences of the cloud. The cloud has reshaped the way organizations operate, but with the migration comes new obstacles in email security, and the cloud has its own...
New Cyber Security Intelligence Article Covers Fortra’s Insights, Actions Against QR Phishing
Blog

New Cyber Security Intelligence Article Covers Fortra’s Insights, Actions Against QR Phishing

By Jessica Ryan on Thu, 10/19/2023
QR phishing is currently considered a high priority risk capable of bypassing existing security controls, according to the latest article from Cyber Security Intelligence. QR Phishing, otherwise known as Quishing, is an extension of phishing attacks that is gaining popularity among threat actors who understand many email systems have difficulty reading the contents of the code. Similar to...
Threat Actor Profile: Strox Phishing-as-a-Service
Blog

Threat Actor Profile: Strox Phishing-as-a-Service

Thu, 10/12/2023
Threat Background & History Beginning in the first half of 2022, Fortra has monitored a significant ongoing upward trend in fraud activity originating from various Phishing-as-a-Service (PhaaS) operations. Some of these services have thrived, while the popularity of others has diminished. One PhaaS operation that has notably been present throughout the past two years is known as Strox (aka Strox...
Free Domain Abuse Plummets in Q1 as Staging Methods Shift
Blog

LastPass and Fortra’s PhishLabs Work Together to Protect Customers From Phishing Scams

Tue, 09/26/2023
One of our Digital Risk Protection service customers, LastPass, is committed to monitoring the cyber threat environment to keep our customers as secure as possible. To highlight this commitment, we want to call attention to recent joint efforts to disrupt a phishing campaign targeting LastPass customers and associates that began two weeks ago. We are sharing this with you not because it is a new...
Cyber Defense Magazine: New PhishLabs Research Details .ZIP Abuse
Blog

Cyber Defense Magazine: New PhishLabs Research Details .ZIP Abuse

By Jessica Ryan on Thu, 09/21/2023
Fortra’s PhishLabs has identified two separate incidents of new Google top-level domain (TLD) .zip used in phishing attacks. The attacks, detailed in the September issue of Cyber Defense Magazine, use .zip to impersonate a social media conglomerate and global technology company. Look-alike domains using common file extensions are increasingly used to enhance the perceived legitimacy of cyber...
Social Media Attacks Targeting Banks See Greatest Increase Since 2021
Blog

Social Media Attacks Targeting Banks See Greatest Increase Since 2021

By Jessica Ryan on Thu, 09/07/2023
Banks were targeted on social media more in Q2, after the largest spike in activity since 2021, according to Fortra’s PhishLabs. While cybercriminal focus on financial institutions remains high, the average number of social media attacks per business, per month in 2023 is trending lower than in 2022. In Q2 specifically, businesses experienced nearly 18 fewer attacks on social channels on average...
Phishing Sites Impersonating Social Media Jump in Q2
Blog

Phishing Sites Impersonating Social Media Jump in Q2

By Jessica Ryan on Thu, 08/10/2023
In Q2, phishing attacks targeting social media platforms increased more than 23%, according to Fortra’s PhishLabs. This is the greatest volume of attacks on social media in two years and puts the industry ahead of historically top targeted financial institutions. Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this...
Social Media Security Awareness: What you Should Know
Blog

Social Media Security Awareness: What you Should Know

Thu, 08/03/2023
The latest Verizon Data Breach Investigations report indicates that over 70% of data breaches involved the human element. Cybercriminals exploit people to trick them into clicking unsafe links, opening malicious attachments, entering their credentials into bogus login pages, sharing sensitive data, and authorizing fraudulent fund transfers. One area where many exploits take place is on social...
On-Demand Webinar

Social Media Intelligence: Real World Threats, Real World Impact

Each day, 3.5 billion people use some form of social media. This is close to half of the global population. Because of the wide spread use and adoption of these various platforms, threat actors are increasing the abuse of both the brands and their accounts faster than any other digital medium. Moreover, most platforms lack the necessary security controls to protect their users. This creates a...
The Science Behind the Scenes: How Machine Learning Combats Phishing Attacks and BEC
Blog

The Science Behind the Scenes: How Machine Learning Combats Phishing Attacks and BEC

Thu, 07/20/2023
Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used signature or reputation...
Common Social Media Scams and How to Avoid Them
Blog

Common Social Media Scams and How to Avoid Them

Thu, 07/13/2023
While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users and steal their information. While social media...