Blog

Blog

The Rise in Hybrid Vishing: How Spoofed Phone Numbers Are the Top Email Threat to Bypass SEGs

Email attacks using impersonation as their primary means of success are the top threats making it past Secure Email Gateways. These socially engineered messages have gradually increased in volume to overtake more malicious links or attachments typically used in payload campaigns targeting businesses.In this series, we look at the top email impersonation threats based on the reported volume in user...
Blog

Emotet Returns from Hiatus, Trails QBot in Q1 Volume

QBot and Emotet payloads contributed to more than 93% of reported payload volume in Q1, according to Fortra’s PhishLabs. While QBot represented the majority of attacks, this is the first known activity by Emotet actors since 2022 and the largest spike in Emotet reports since Q2 of last year.Email payloads remain the primary delivery method of ransomware targeting organizations. PhishLabs’...
Blog

What to Know About Business Email Compromise (BEC) Scams

Business email compromise (BEC) is a dangerous type of email spoofing that targets businesses, aiming to damage them in some way. Overall, BEC “is one of the most financially damaging online crimes,” according to a joint Cybersecurity Advisory by the Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of...
Blog

What is the Relationship Between Ransomware and Phishing?

Ransomware and phishing are usually put in two separate categories when cyberattack methodologies are discussed. However, ransomware operators are increasingly leveraging phishing tactics to deploy their malicious payloads, and the potential for compromise is exponentiating as a result. Ransomware and Phishing - a match made in heaven Phishing is the number one delivery vehicle for ransomware...
Blog

DRP Solutions Market Guide

The demand for Digital Risk Protection (DRP) is on the rise as cybercriminals are increasingly targeting businesses on channels outside the corporate firewall. According to Frost & Sullivan’s latest Frost Radar Global DRP Report, the traditional security perimeter has changed, and unlike phishing attacks that can be managed and mitigated through internal controls, these threats live on spaces not...
Blog

Stolen Credit Union Data on Dark Web Hits High in Q4

In Q4, Dark Web activity targeting Credit Unions reached its highest count in five consecutive quarters, according to Fortra’s PhishLabs. Attacks on Credit Unions jumped significantly during the second half of 2022, with threat actors advertising stolen card data from these institutions almost as frequently as National/Regional Banks. Data tied to financial institutions is considered especially...
Blog

Impersonation Represents the Top Social Media Threat in Q4

Social media attacks targeting organizations closed out 2022 nearly 19% higher than Q4 of 2021, according to Fortra’s PhishLabs. Social platforms continue to act as a hotbed for malicious activity, leaving organizations of all sizes vulnerable to impersonation and abuse. As of Q4, businesses can expect an average of 72.54 attacks on social media per month. ...
Blog

Response-Based Email Attacks Reach Inboxes More Than Any Other Threat in Q4

In Q4, Response-Based phishing attacks were the top reported threat by end users, according to Fortra’s PhishLabs. While threats categorized as Credential Theft and Malware continue to bypass even the top secure email gateways, this is the second consecutive quarter where Response-Based attacks have led all categories. Response-Based attacks typically lack malicious indicators and instead rely...
Blog

More than Half of All Phishing Sites Impersonate Financials in Q4

Phishing sites impersonating reputable organizations continue to represent the top online threat to businesses and their brands. In Q4, Financial Institutions were targeted most by credential theft phish, experiencing the largest share of malicious sites recorded since 2021, according to Fortra’s PhishLabs. Within the group, criminals capitalized on the broad customer bases and recognizable names...
Blog

Healthcare: Top Trends Threatening the Privacy of Patient Data

The cyber-threat landscape is rapidly evolving, and it is becoming increasingly difficult to comply with new regulations and protect against the loss of patient. While the majority of news reports focus on malicious external threats and actors, 65 percent are the result of internal leaks. In addition, 73 percent of those are the result of inadvertent sharing of information.Challenges in Healthcare...
Blog

Top Tell-Tale Signs & 3 Things You Can Do to Stop Spoofed Email

Something caught my eye recently. It was an email in PMM (Personal Message Manager – a component of the Clearswift Secure Email Gateway) where you can look at what email has not been delivered to your Inbox, as the product has recognized it as being spam or (potentially) newsletters. There was one particular email that caught my eye as it appeared to have come from ‘[email protected]’. In...
Blog

Debunking Cybersecurity Jargon: Part Four – What is Optical Character Recognition?

As part of our ongoing blog series explaining some of the many acronyms and pieces of jargon that bedevil the cybersecurity industry, we turn our attention to optical character recognition technology, or OCR as it is commonly known.Clearswift added OCR functionality to all of its core email and web security products to help organizations combat the risk posed by the millions of image files that...
Blog

Are Cybersecurity and Data Protection Now Integral to Business Success?

A famous front cover of The Economist in 2017 declared that the 'world’s most valuable resource is no longer oil, but data.' The value of data has indeed increased significantly. Organizations rely on data and data analytics for almost every facet of their operations and use it to make insightful decisions to help move the business forward.Many have invested in the tools and solutions - AI, CRM,...
Blog

How Data Classification Helps Organizations Maintain a Strong Data Security Posture

The rise of globally dispersed workforces and new work from home requirements are placing extraordinary pressure on every organization’s cybersecurity. And wherever there is upheaval, so cyber criminals thrive. Alongside the devastating health and economic impacts of the coronavirus pandemic, we have also seen an escalation in cyber-attacks. A recent CISO/CIO survey, looking at cybersecurity...
Blog

Five Ways to Secure Data Within the Defense Supply Chain

Unsurprisingly the defense industry requires the most secure information sharing environment in the world, but what implications does this have for ensuring the effective mitigation of cyber risks? There is something of a paradox between the need for complete information governance in the defense sector and the rise of IoT, BYOD, cloud computing and the democratization of data in today’s blurred...
Blog

Prevent Supply Chain Cybersecurity Attacks with Safer Data Sharing

When considering cybersecurity policies and risk management, protection from phishing, ransomware, and other Advanced Persistent Threats (APTs) are usually top of mind. Data loss protection usually makes the list as well. However, one area of risk that can be overlooked is supply chain cybersecurity attacks. Trusted partners are vital to organizations but the cyber risks they pose can be just as...
Blog

Stop Cyber Attacks Before They Start: Data Harvesting and Targeting

The Greek philosopher Plato wrote that “the beginning is the most important part of the work.” The great American statesman, scientist, and philosopher Benjamin Franklin similarly emphasized the importance of planning when he stated that “by failing to prepare, you are preparing to fail.”It is unfortunate that many cybercriminals heed their advice today. The number of threats continues to increase...
Blog

Defending Against DoppelPaymer – The Latest Ransomware Incident

It’s been said that the first ransomware attack took place as far back as 1989. Delegates who’d attended the World Health Organization AIDS conference in Stockholm were sent floppy discs containing malicious code that installed itself onto MS-DOS systems.After each machine was booted up for the 90th time, the trojan hid all the directories and encrypted the names of all the files on the drive....
Blog

Cybersecurity Risks in the Supply Chain Are Leaving Organizations Vulnerable

When it comes to cybersecurity, any organization is only as strong as its weakest link. It may have invested in the best email security solutions, information security, web security solutions, and Advanced Threat Protection (ATP) on the market. It may also have trained its employees to recognize and react to cyber-attacks and put in place the processes to deal with social engineering lures.But if...