Preview the latest global phishing benchmarking results and expert security awareness recommendations from Fortra's Terranova Security 2023 Gone Phishing Tournament.
Most organisations have security controls in place to inspect URLs in emails to prevent the risk of credential phishing and business email compromise (BEC) attacks. However, threat adversaries have pivoted their tactics to bypass security stacks. And clicking these types of attacks often leads to account takeover. In fact, data from Fortra’s PhishLabs in Q2 2023 reported more...
Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used...
Traditional email security products struggle to detect email impersonation threats such as Business Email Compromise (BEC) and spear phishing campaigns. These threats consistently bypass defenses that rely on signatures and policies like Secure Email Gateways and native-cloud email filters. This guide breaks down how Fortra uses advanced data science, including machine learning models, to find and mitigate attacks that slip past traditional email defenses.
Knowing what your employees are up to, enables you to strengthen your security policies.
We all make mistakes at work from time to time. And sometimes we do things we know we shouldn’t. In the fast paced modern world, it’s easy enough to send an email to the wrong person or end up taking company information home. Often the consequences will be a bit of embarrassment, but every...
Following a multi-layered approach to phishing defense is a good idea, but using what you have close to home is best when it comes to a sensible security posture. In practice, a robust security awareness training program is key to instruct employees on what to look for when trying to spot phishing emails that may have landed in their inboxes.
Through a layered approach utilizing a comprehensive solution as the primary defense, Fortra fills major gaps in email platform security by protecting users from external threats and safeguarding your sensitive data from being leaked both inside and outside your organization.
In this IT Security Wire article, cybersecurity experts Eric George and Tom Gorup, Vice President of Security Operations at Fortra’s Alert Logic, share their 2023 cybersecurity predictions.
Originally published in IT Security Wire
"PaaS (phishing-as-a-service) platforms simplify the creation and execution of credential theft phishing attacks which target the customers or...
This white paper takes an expansive look at the hidden threats lurking around email inboxes, and how layered email security with a clear understanding of goals can keep your organization better protected.
Counterfeit activity increases every year during the pre-holiday shopping blitz -- most notably Black Friday, Cyber Monday, Christmas and Hanukkah. Arm yourself with defenses now to combat ever-evolving counterfeiting methods during peak retail shopping season.
“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible.
Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves...
It’s difficult to control your Social Security number in the wild. In his September contribution to Forbes Advisor, John Wilson discusses the most common scams involving Social Security numbers and provides 8 steps individuals can take to prevent identity fraud.
Originally published in Forbes Advisor:
“For too many of us, our SSNs are already in the hands of miscreants,...
What is Email Spoofing?
Email spoofing is one of the most common forms of cybercriminal activity, specifically a form of identity deception that's widely used in phishing and spam attacks. It underpins the mechanism required to conduct hacking activities, and it can take many forms. Unfortunately, most email users will eventually receive an email that has been spoofed—whether...
In Cyber Protection Magazine’s Crucial Tech podcast, John Wilson, Senior Fellow, Threat Research, delves into the latest research from Agari and PhishLabs by Fortra.
Here's how to run a simulated phishing campaign to test and train your employees before they receive an actual phishing email.
What is a Phishing Campaign?
To be clear, when we say “phishing campaign,” we’re not referring to malicious, black-hat phishing campaigns. A simulated phishing campaign is part of an internal training program to raise employee awareness about real...
In his guest essay for The Last Watchdog, Eric George, Director of Solutions Engineering at PhishLabs by, explains what ransomware is, who the high-stake threat actors are, and how organizations can defend themselves against ransomware attacks.
Originally published in The Last Watchdog
“Ransomware usually starts with a phishing email. An unsuspecting employee will open a...