Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now commonly exploited by cybercriminals. Today, it is considered widely used for phishing purposes ..read more

Credit unions were the top targeted industry on the Dark Web in Q4 2023, continuing its lead over the historically targeted banking industry for the third consecutive quarter. Financials as a whole continue to be a primary focus of criminal groups on underground channels, with more than 91% of malicious activity directed at either credit unions, banks, financial services, or payment services ..read more

In Q4, impersonation threats made up more than 45% of total attacks on social media, with the vast majority targeting banking and financial services. Impersonation on social media continues to grow, with threats specifically targeting corporate executives responsible for driving the majority of volume for three consecutive quarters ..read more

In Q4, three malware families represented more than 93% of all payload volume targeting end users, with Malware-as-a-Service (MaaS) DarkLoader leading all other reports. Fortra first received reports of DarkLoader in user inboxes in Q3, with attack volume picking up significantly beginning in October. The shift to criminal activity associated with DarkLoader comes after coordinated efforts by officials in Q3 to disrupt former malicious powerhouse QBot ..read more

Fortra's Terranova Security has released the 2023 Gone Phishing Tournament global results. Learn about the phishing benchmark results and get expert security awareness recommendations ..read more

The majority of malicious emails reported in user inboxes contained a link to a phishing site, making credential theft emails the attack method of choice for cybercriminals in Q4. Credential theft made up nearly 60% of all reported incidents, with more than half of the volume attributed to O365 attacks. Despite the threat actor preference toward this threat type, credential theft attacks declined as a whole in Q4, with increased reports of response-based and malware attacks reaching inboxes ..read more

Fortra is monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service (PhaaS) groups grow as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms boast features such as access to an array of stolen industry branding, monitoring tools, security bypass abilities, and more ..read more

Phishing sites impersonated the social media industry more than any other in Q2, Q3, and Q4 of 2023. In Q4 alone, social media phish leapt nearly 20%, reaching the highest volume of abuse (over 67%) since Fortra has reported on this data point ..read more

Historically, the average brand is targeted by 40 look-alike domains per month. Look-alikes are a strategic component of malicious lures and websites and used in a variety of spaces including social platforms, text messages, the open web, and email ..read more

Is your organisation ready to tackle the new challenge of QR code phishing, also known as quishing? In this TechNewsWorld article, Dr. Steve Jeffery discusses the latest carrier of choice for payloads via email.  ..read more