PhishFort

PhishFort Brand Protection Solutions to combat phishing, fake content, and IP infringements.

Did you know someone's home router could be used to attack corporate networks, without anyone knowing?That's how IoT bot...
07/03/2026

Did you know someone's home router could be used to attack corporate networks, without anyone knowing?

That's how IoT botnets combined with residential proxy pools work: attack traffic from IPs that look completely normal.

We published the breakdown on the blog ๐Ÿ‘‡

Compromised smart home devices route attack traffic through legitimate residential IPs โ€” bypassing your perimeter controls. Here's how it works and what stops it.

In the gambling industry, a fake site using your brand isn't just a fraud problem โ€” it's a compliance one.We recently he...
07/02/2026

In the gambling industry, a fake site using your brand isn't just a fraud problem โ€” it's a compliance one.

We recently helped a global sportsbook operator neutralise 1,400+ threats, including infrastructure designed to bypass geofencing controls.

Full case โ†’

How a global sportsbook operator dismantled geofence-bypass attack infrastructure and neutralised 1,400+ threats with PhishFort.

07/01/2026

๐Ÿ“ IGB Live London โ€” today.

Monday we published the case: 4,700+ threats, 98.9% takedown rate.

Today we're at the event to talk about what's behind those numbers.

Attackers are hosting phishing on sites.google.com.Valid HTTPS. High-reputation domain. Bypasses most filters.LotL using...
06/30/2026

Attackers are hosting phishing on sites.google.com.

Valid HTTPS. High-reputation domain. Bypasses most filters.

LotL using Google's own infrastructure โ†’ infostealers + crypto drainers.

Breakdown: https://phishfort.com/google-sites-phishing-lotl-attacks/

Threat actors are using sites.google.com to host fake Workspace portals that deploy infostealers and crypto drainers. Here's how the attack works.

800 threats a year, managed manually. ๐Ÿ˜ตโ€๐Ÿ’ซNot to brag, but... after twelve months with PhishFort: 4,700+ detected and act...
06/29/2026

800 threats a year, managed manually. ๐Ÿ˜ตโ€๐Ÿ’ซ

Not to brag, but... after twelve months with PhishFort: 4,700+ detected and actioned. 98.9% takedown success rate. 38 average hours from detection to offline.

The problem wasn't the team. It was visibility.

A global iGaming operator with millions of active players had no idea what was happening out there. Fake casinos, cloned login pages, typosquatted domains active across Europe and LATAM โ€” all invisible until we mapped them.

We're proud to share the full case today: https://phishfort.com/success-cases/igaming/

P.S. If you're chasing threats like these and you're at IGB Live London this week โ€” we'll be there Wednesday. Come find the team.

How a global iGaming operator went from handling ~800 threats a year manually to detecting and actioning 4,700+ in twelve months with PhishFort.

06/19/2026

Friday thought before you close the laptop:
"A takedown closes one incident. It doesn't stop the campaign".

In most persistent phishing operations targeting fintech and crypto firms, a taken-down domain is replaced within 24โ€“72 hours. Malicious apps pulled from app stores reappear under a new developer account within days.

Here's why:

๐Ÿ” Attackers pre-register domain inventories โ€” 10, 20, sometimes 50 variants across TLDs and ccTLDs. Reactive takedowns typically catch 20โ€“30% of a campaign's total inventory.

โšก Fast flux infrastructure means a domain can keep resolving even after the hosting provider acts. Only a registrar-level suspension stops it, and many teams are targeting the wrong layer.

๐ŸŽญ Content cloaking lets fake domains sit dormant (serving benign content) until they age past automated risk scoring thresholds. Then the malicious content goes live.

๐Ÿ“ฑ App store removals don't stop repackaged re-submissions. A $25 developer account and a new icon is enough to get back in the store within 48โ€“72 hours.

The common thread? Every re-emergence pattern exploits the gap between a takedown event and the next monitoring cycle.

Reactive monitoring creates windows measured in days. 24/7 continuous monitoring โ€” flagging new registrations by brand pattern before content is served โ€” closes that window before the replacement domain establishes itself.

A takedown without continuous monitoring is just a delay.

Already watching the World Cup? ๐Ÿ†So are the scammers. ๐Ÿ‘๏ธ Last week we covered how the hashtag  was already a brand threa...
06/18/2026

Already watching the World Cup? ๐Ÿ†
So are the scammers. ๐Ÿ‘๏ธ

Last week we covered how the hashtag was already a brand threat for gambling platforms. This week, our researchers went deeper, and what they found is worth flagging before the weekend.

We published the full breakdown of how the attack chain works โ€” stages, data collected at each step, and what teams should be tracking now.

PhishFort researchers identified multi-stage fake FIFA ticketing sites harvesting credentials, PII, and payment data. Here's how the infrastructure works and what to monitor.

๐Ÿ“ข ๐Ÿšจ UPCOMING LIVE WEBINAR โ€” June 25 ยท 11:00 AM ESTFraud has nearly tripled in a decade.It's now your CEO's  #1 cyber con...
06/16/2026

๐Ÿ“ข ๐Ÿšจ UPCOMING LIVE WEBINAR โ€” June 25 ยท 11:00 AM EST

Fraud has nearly tripled in a decade.

It's now your CEO's #1 cyber concern โ€” ahead of ransomware.

And most security teams still don't have a number for it.

Join Julian Drangosch for a live, data-driven briefing on the real economic impact of phishing in 2026.

โ†’ Why fraud has overtaken ransomware on the board agenda

โ†’ The double-edged role of AI in today's attacks

โ†’ Where legacy systems and third-party risk are creating your biggest exposure

โ†’ What the global skills shortage means for your supply chain

SAVE THE DATE!

๐Ÿ“… Thursday, June 25 ยท 11:00 AM EST / 8:00 AM PT

CISOs, brand protection leads, and SOC managers โ€” this one's built for you.

๐Ÿ”— Register here!

Fraud has nearly tripled in a decade and is now the #1 CEO cyber concern. Join PhishFort for a live, data-driven briefing on what the numbers mean for your organization.

Here's something worth thinking about over the weekend.A couple of days ago, an attacker took over the White House Insta...
06/16/2026

Here's something worth thinking about over the weekend.

A couple of days ago, an attacker took over the White House Instagram account. No zero-day. No phishing kit. They just sent a polite message to Meta's AI support system โ€” and it complied.

The AI wasn't broken. It was doing exactly what it was designed to do: be helpful.

That's the problem.

We wrote about the gap between AI as a tool and AI as a gatekeeper โ€” and what adequate controls actually look like.

How attackers bypassed Meta's AI support with a 30-word prompt and took over the White House Instagram, and what it means for your security architecture.

Most banks and fintechs evaluate phishing domain takedown services by comparing price tiers.They rarely ask the question...
06/15/2026

Most banks and fintechs evaluate phishing domain takedown services by comparing price tiers.

They rarely ask the questions that actually matter when a campaign hits 40 domains at 2 am on a Friday ๐Ÿ˜ตโ€๐Ÿ’ซ

We put together 10 non-negotiable features security teams should require before signing with any vendor:

โœ… Sub-24h SLA โ€” per domain, not per campaign
โœ… ccTLD coverage with real registrar relationships
โœ… Structured evidence kits โ€” not just screenshots
โœ… 24/7 monitoring + human analyst validation
โœ… Zero-integration deployment
โœ… Parallel processing for multi-domain campaigns
โœ… Transparent SLA tracking per incident
โœ… Escalation paths beyond registrar abuse
โœ… Evidence output compatible with compliance workflows
โœ… Per-incident option for low or irregular volume

Most services check 3 or 4 of these.
Few check all 10.

Full breakdown in our latest article ๐Ÿ‘‡

Most banks and fintechs evaluate phishing domain takedown services the wrong way. They compare price tiers and sales decks.

Address

166 Geary Street STE 1500 # 569
San Francisco, CA
94108

Alerts

Be the first to know and let us send you an email when PhishFort posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Share