Welcome to the PhishLabs Blog
Welcome to the first installment of the PhishLabs Blog.
First a little bit about us. PhishLabs was founded by John LaCour in September 2008. Our vision is to do more to stop cybercrime than the status quo model of detecting, counting, categorizing, and (sometimes) reporting attacks. The media is full of stories with interesting statistics about the number of cyber attacks going up ‘X’ percent with attacks mostly coming from certain countries. Vendors and even free Internet community groups report cybercrime to ISPs who shutdown attacks just to have another one replace it. Measuring the number of attacks and stopping them is better than ignoring them, but ultimately does almost nothing to stop cybercrime from reoccurring.
PhishLabs aims to change that by providing our clients with information about the identity of cyber-criminals, how they operate, why and when their scams are successful, thereby providing actionable intelligence for the affected organization, and if desired, law enforcement. This is accomplished by going much deeper than detecting and shutting down individual attacks.
While we take on a variety of initiatives, our focus is within three main areas:
Advisory Services:
We help clients review their anti-fraud programs within the context of their peer group and industry leading best practices. Where appropriate we drive the implementation of program improvements (both technical and non-technical) to reduce or eliminate online fraud.
Intelligence:
We investigate specific criminal groups, actors, and fraud methods and provide recommendations to reduce or eliminate their impact. We also work with law enforcement and related groups like the NCFTA to provide information they can use to ultimately arrest and prosecute cyber criminals.
Incident Response:
While there are often day-to-day attacks which can be managed with in-house expertise or security operations vendors, responses to new types of attacks or dramatic changes in attack volume may require some outside help. Whether it is a rock-phish attack or a new type of malware, PhishLabs helps clients by rapidly assessing complex attacks and rapidly developing and implementing a cost-effective plan of action.
In addition to helping our clients with the services outlined above, we strongly believe in sharing with the security community. In the coming days and weeks, please check back with this blog to find information about hacker techniques and tools, pointers to academic research of to fighting cybercrime, as well as advice on the steps you can take to protect your organization and customers from online fraud. Of course we’ll also be sure to keep you updated on the latest developments at PhishLabs.
Thanks for reading and please keep in touch.
John LaCour, CISSP
President, PhishLabs
jal@phishlabs.com