Resources

Blog

Record Number of Phishing Sites Impersonate Social Media to Target Victims in Q4

Phishing sites impersonated the social media industry more than any other in Q2, Q3, and Q4 of 2023. In Q4 alone, social media phish leapt nearly 20%, reaching the highest volume of abuse (over 67%) since Fortra has reported on this data point.Every quarter, Fortra’s PhishLabs examines hundreds of thousands of phishing attacks targeting enterprises and their brands. In this post, we break down the...
Blog

How Threat Actors will Leverage Domain Impersonation in 2024

Historically, the average brand is targeted by 40 look-alike domains per month. Look-alikes are a strategic component of malicious lures and websites and used in a variety of spaces including social platforms, text messages, the open web, and email. An attack that incorporates a look-alike domain can mean the difference between a convincing campaign and a suspicious one, with a versatility that...
Guide

Protecting Your Organization From Advanced Threats

Today’s cyber attacks appear relentless, growing in frequency and intensity, and proliferating throughout all industries. There is no ‘normal’ and the impact of each attack is felt throughout organizations--from supply chain to customers, partners, and beyond. ...
Blog

QR Codes That Don't Bode Well - The Harm That Quishing Attacks Can Do

Most organisations have security controls in place to inspect URLs in emails to prevent the risk of credential phishing and business email compromise (BEC) attacks. However, threat adversaries have pivoted their tactics to bypass security stacks. And clicking these types of attacks often leads to account takeover. In fact, data from Fortra’s PhishLabs in Q2 2023 reported more than three-quarters...
Blog

Cybercriminal Focus in the New Year – Top 2024 Threat Trends

Criminals are constantly innovating ways to enhance deliverability and increase the success of their campaigns. Email phishing remains one of the most significant threats to organizations, but a growing number of campaigns are first touching victims via non-traditional lures or through engagement on platforms where users are more susceptible to scams. Understanding how online threats are evolving...
Blog

Getting the Board on Board: Explaining Cybersecurity ROI

In this Tripwire guest blog, we break down how to best communicate the significance of a cybersecurity investment. Despite increasing data breaches, ransomware attacks, and assorted cyber threats, convincing the Board of Directors to invest in robust cybersecurity isn't always easy for many businesses. The challenge originates mainly from the need to demonstrate a quantifiable Return On...
Blog

Dark Web Threats Targeting the Airline Industry

The allure of airline status and points, along with the abundance of personally identifiable information (PII) of customers and employees, make the airline industry a prime target for threat actors on the dark web. Depending on the goal of the actor and the nature of the stolen data, criminals can find airline-specific materials for sale on a variety of markets.Nick Oram, security operations...
Datasheet

Protecting Information Across the Defense Supply Chain

Clearswift supports organisations to comply with the Defense Cyber Protection Partnership cyber risk control requirements that seek to protect UK military capability throughout the MOD supply chain.Business ProblemIn the face of cyberattacks being recognised as a Tier 1 threat within the National Security Strategy, the UK seeks to secure a truly competitive, sustainable, and globally successful...
On-Demand Webinar

Introduction to Fortra’s Cloud Email Protection Platform

Advanced email threats continue to be a stark reality for enterprises. Even with Secure Email Gateways in place, deceptive attacks like BEC, targeted social engineering ploys, and spear phishing attempts can still get into user inboxes. In this video, Fortra’s Advanced Email Security experts discuss how Fortra’s Cloud Email Protection, a new integrated cloud email security platform, delivers multi...
Datasheet

Suspicious Email Analysis

Detect, Analyze & Mitigate Advanced ThreatsEnterprises struggle to stop email threats from routinely reaching user inboxes, leading to Business Email Compromise (BEC) and ransomware attacks. While users become more adept at identifying suspicious emails and enterprises invest in increasingly sophisticated email security stacks, threat actors continue to deploy emails designed to trick employees....
Article

BEC: Why This Basic Threat Is Difficult to Detect

Revenue lost to payment fraud saw an increase in every major global region from 2021 to 2022, and odds are your organization is still seeing email impersonation threats in inboxes. But why? This article provides insights on Business Email Compromise to help you understand just why these threats are so effective for cybercriminals.
Blog

Brand Threats Masterclass: Experts Reveal Top Attacks and Defense Tactics

There is little doubt that AI-fueled impersonation campaigns and novel attacks via non-traditional channels have emerged as a primary concern for security teams. Brand impersonation is on the rise, with nearly 40 look-alike domains targeting brands each month. On social media, impersonation attacks account for almost half of all threatening content. And online counterfeit campaigns are...
Blog

How Organizations Can Use Dark Web Intelligence

The scope of intelligence on underground marketplaces is vast and navigating the dark web in search of brand mentions and potential threats can be time-consuming and complex. In order to proactively defend against attacks and mitigate the threat of leaked information, organizations should consistently monitor marketplaces and forums for data pertaining to their brand. If questionable data is...
Blog

Q3 Payload Report

QBot, the leading payload family in Q3, was disrupted as part of a coordinated, multinational operation led by the FBI on August 29, 2023. This resulted in the removal of 700,000 QBot payloads from infected devices across the globe, and interrupted the activity of one of the most active malware families since the former juggernaut Emotet, which was disrupted in 2021.While QBot led all other...
Blog

Are Broad Email Security Policies Slowing You Down?

Creating policies for your organization's email security can be complex, time consuming, and even stressful. There are nearly a thousand exceptions that make a case for why policy development and deployment cannot be a standard one-size-fits-all practice. Learn how Fortra's Clearswift can keep your organization safe without slowing you down.
Blog

Threat Actor Profile: Strox Phishing-as-a-Service

Threat Background & HistoryBeginning in the first half of 2022, Fortra has monitored a significant ongoing upward trend in fraud activity originating from various Phishing-as-a-Service (PhaaS) operations. Some of these services have thrived, while the popularity of others has diminished. One PhaaS operation that has notably been present throughout the past two years is known as Strox (aka Strox.su...