Blog

Blog

Active Phishing Campaign: Tax Extension Help Lure

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure Sender VerificationSender’s Email: ogawa@kidscorp[.]jp Sender’s Name: Beth KolcunReply-To Address: beth...
Blog

From Secure Email Gateway to Next-Gen Secure Email

The secure email gateway (SEG) worked for decades, no doubt. It was truly the first line of defense against email-based threats that took advantage of people and technology to enable fraud. Those of us who have dedicated our lives to improving this industry are grateful for the work of companies like Symantec and Proofpoint, which have spent years protecting people and organizations from viruses...
Blog

Active Phishing Campaign: Yousign HR Lure

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure Sender VerificationSender’s Email: [email protected] Sender’s Name: Yousign for HR...
Blog

Active Phishing Campaign: Meta Business Support Chat

Active Phishing Campaigns are concerted, coordinated attacks that Fortra has observed bypassing email security gateways, like SEGs, and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. As of this posting, Fortra has automatically detected and removed 53 instances of this threat across multiple customer email environments. Sample...
Blog

DMARC: The Next Step in Email Hygiene and Security

In 1971, Ray Tomlison developed the first email service while working at The Defense Advanced Research Projects Agency (DARPA). This development changed how we communicated. However, even though this was an exceptional tool, it was not very user-friendly, requiring users to have specific software installed on their computers.In 1996, Sabeer Bhatia...
Blog

How to Protect Against BEC from Inception to Inbox

What Is Business Email Compromise (BEC)? Business email compromise (BEC) is a dangerous and pervasive type of email spoofing that targets businesses, aiming to damage them in some financial or reputation-based way. It does so via deceptive tactics, such as CEO or executive impersonation, allowing BEC attacks to evade security filters, leading to fraud, compromised accounts, and data leakage. ...
Blog

Fortra Named Top Player in Radicati's 2024 Secure Email Market Quadrant Report

Fortra has been recognized as a “Top Player” in The Radicati Group’s Secure Email Market Quadrant, 2024. The Radicati Group’s analysis found that Fortra provides both breadth and depth of functionality, while shaping the market with innovative technology and a compelling strategic vision. As the report illustrated: "Fortra’s Cloud Email Protection brings together an impressive set of solutions...
Blog

O365 Active Phishing Campaign with Verizon Invoice Lure

Recent O365 Active Phishing Campaign Active Phishing Campaigns are concerted, coordinated attacks that Fortra has observed bypassing email security gateways, like SEGs, and default filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. As of this posting, Fortra has automatically detected and removed 46 instances of this threat across...
Blog

The Email Security Gaps in Your Cloud

According to Gartner, Microsoft lacks the ability to detect and eradicate 20% of the advanced email threats. Email security expert, Ravisha Chugh, shares why current cloud email security solutions are insufficient against advanced email threats, and why she's excited to be a part of Fortra's Cloud Email Protection.
Blog

How Banks are Adapting to Digital Disruption and Data Privacy Regulations

Digital disruption, changing consumer demographics and preferences on how they engage with their banks, along with burgeoning regulatory requirements are having far-reaching repercussions on banking. And banking executives are feeling the pressure!Digital DisruptionBanks that resist digital transformation will be punished by their customers, experiencing a marked erosion in profit margins. In...
Blog

How Fortra's Clearswift Secure Email Gateway Aligns to NCSC's Email Security Guidelines

Working in cybersecurity is one of the most challenging roles in the organisation. Not only are you tasked with keeping the business and its data safe and secure, but you must do so in the face of ever-increasing professionalism and sophistication on the part of cybercriminals.There are more threats than ever before, and the consequences of a data breach are more significant too. In recent Fortra...
Blog

March Madness Challenge for Cybersecurity Professionals

Let the "madness" begin! The NCAA Basketball tournament is different for everyone. Some experience madness after a gut-wrenching triple overtime victory by their alma mater, while others after a buzzer-beater shot from half-court by a 16th-ranked Cinderella underdog that instantly knocks out one of your final four selections. However, to me there is nothing more maddening, in the delightful sense...
Blog

Social Media Attacks Focus on Financials, Executives in Q4

In Q4, impersonation threats made up more than 45% of total attacks on social media, with the vast majority targeting banking and financial services. Impersonation on social media continues to grow, with threats specifically targeting corporate executives responsible for driving the majority of volume for three consecutive quarters. The average number of social media attacks per business has...
Blog

What is a DMARC Policy?: The 3 Types, Which to Implement & Other Requirements

In this post, we’ll briefly explain what a DMARC policy is, how to set up your DMARC email record, what the three types of DMARC policies are and when to implement each one, and how to diagnose and fix any issues associated with it. Basically, your DMARC policy tells email receivers what to do with illegitimate or possibly fraudulent emails—whether to reject, quarantine, or accept them. Overall,...
Blog

O365 Volume Up in Q4 as Cybercriminals Target Brands in Credential Theft Attacks

The majority of malicious emails reported in user inboxes contained a link to a phishing site, making credential theft emails the attack method of choice for cybercriminals in Q4. Credential theft made up nearly 60% of all reported incidents, with more than half of the volume attributed to O365 attacks. Despite the threat actor preference toward this threat type, credential theft attacks declined...
Blog

Phishing-as-a-Service Profile: LabHost Threat Actor Group

Fortra is monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service (PhaaS) groups grow as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms boast features such as access...