Blog

Blog

Cloudflare’s pages.dev and workers.dev Domains Increasingly Abused for Phishing

Fortra has observed a rising trend in legitimate service abuse, with a significant volume of attacks targeting Cloudflare Pages. Workers.dev is a domain used by Cloudflare Workers’ deployment services, while Pages.dev is used by Cloudflare’s Pages platform that facilitates the development of web pages and sites. Fortra’s Suspicious Email Analysis (SEA) team has identified different threats being...
Blog

Zero-Day Threats: How Cloud Email Security Can Mitigate Risks

By Q3 2024, organizations encountered credential theft in nearly 50% of all email security threats they handled, while malware grew by 4% which is the highest amount of volume since Q1. Learn how cloud-based solutions can help detect and prevent zero-day attacks like malware and more.
Blog

Best Practices for Using Secure Encrypted Email in Business

Attackers increasingly use sophisticated methods to spy on your emails directly, which is why the very information contained therein needs to be encrypted. This is defense in depth, not only protecting your email from without but securing it from within.
Blog

Top Threats to Cloud Email Security and How to Mitigate Them

A summary of common threats faced by cloud email systems beyond malware and data breaches, this blog provides actionable tips and best practices for businesses to protect their email systems.
Blog

Email Protection Strategies for Modern Enterprises

Modern enterprises need to be able to identify the tactics being used by cybercriminals in email attacks, especially those leveraging advanced technologies like AI. Find out what's at stake and how today's email security solutions can help mitigate these evolving attacks.
Blog

Harrowing Tales of Social Engineering Attacks from the Trenches

The social engineering attacks that businesses are seeing today – from hiding payloads in files to commit fraud, to quishing and smishing – and what can be done about them.
Blog

Active Phishing Campaign: Twilio SendGrid Abuse

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure Sample 1: Vishing Example Sample 2: Office365 Phishing Example...
Blog

Active Phishing Campaign: QR Code Attachment O365 Attack

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. Sample Email Lure Sender...
Blog

Active Phishing Campaign: Form Assembly Abuse

Active Phishing Campaigns are coordinated attacks that Fortra has observed bypassing email security gateways and filtering tools. The following analysis includes examples, high-level details, and associated threat indicators. To protect the privacy of Fortra’s clients, the brand targeted in this attack has been anonymized and is generically referred to as “Brand” whenever their name appears in the...
Blog

Harnessing Data Science and AI in Cybersecurity

In this Solutions Review article, Ravisha Chugh from Fortra explains how companies are harnessing data science and AI technologies in their cybersecurity initiatives.
Blog

Will 2024’s Presidential Election Day Be Groundhog Day When It Comes to Nation-State Email Attacks?

With 2024's presidential election around the corner, Fortra discusses the blunt-force impact of campaigns not hardening their cybersecurity, such as campaign impersonation, donation scams and fraud, and the possibility that it will be cybercriminals who decide the next President of the United States—not voters.
Blog

Understanding DMARC Reports

Why is it so important to analyze DMARC reports? Well, it makes it so organizations can detect malicious emails and prioritize source configuration, all of which is crucial for maintaining their email security.
Blog

How to Defend Against Stegomalware

Stegomalware is still a relatively unknown term but is becoming more widely leveraged in malware. So you need to know about this semi-low-tech, yet innovative tactic that is imperceptible to the human eye.
Blog

What You Need to Know About Stegomalware

It all sounds like the stuff of Sherlock Holmes or “Mission Impossible”, but steganographic malware, or stegomalware for short, is a real thing that broadly describes a host of tactics used to hide data in plain sight.
Blog

How to Set Up DMARC: Step-by-Step Guide

We'll explain how to configure DMARC for your company's email, including what you'll need and how to add DMARC to your DNS. Just follow these DMARC setup steps! But before we begin, here’s a high-level overview of how to add DMARC to your DNS.Add your DMARC record into your DNSSelect the TXT record typeAdd the host value (see details below)Add the value information (see details below)Save the...
Blog

Preventing Email Leaks in Business Environments

By understanding email data leaks, their value to attackers, and their root causes, organizations can stay savvy and set up the right tools to thwart many email-targeting attempts.