The financial services cybersecurity environment is extremely complex, with a dizzying number of often-overlapping regulations, ongoing threats, and understaffed teams trying to manage it all. Despite paying significant attention to security, many organizations continue to be the targets of advanced persistent threats, fraud, sophisticated phishing campaigns, and other bold efforts to access the...

Vishing reports in Q1 2022 increased nearly 550% over Q1 2021, according to Agari and PhishLabs ’ Quarterly Threat Trends & Intelligence Report . While these Response-Based attacks have recently displayed stunning numbers, malicious emails as a whole are growing steadily, and represent the top online attack vector targeting corporate users. Malicious emails are delivered primarily in the form of...

Vishing attacks targeting corporate users have more than doubled for the second consecutive quarter, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report . Response-Based attacks such as these are increasingly targeting corporate users and stand alongside email-based Credential Theft and Malware attacks to make up the top attack vector targeting enterprises. Every quarter...

Ransomware continues to grow as a thriving underground economy with limited risk and little barrier to entry. Ransomware attacks are supported by a robust ecosystem of dark web services, where many of the tasks needed to carry out an attack can be outsourced. These tasks are increasingly available and sold by threat actors who specialize in them. In this post, we take a look at Initial Access...

Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report. Every quarter, PhishLabs analyzes hundreds of thousands of phishing and social media attacks targeting enterprises to identify key trends in the threat landscape. In this piece we take a look at phishing volume, industries targeted, and how attacks are being staged. 2021...

Cybercriminals continue to heavily abuse domains to launch phishing attacks. PhishLabs’ analysis of Q1 phishing attacks has found that: 96% used Legacy Generic (gTLD) or Country Code (ccTLD) Top-level Domains Almost 83% abused HTTPS Domain Validated (DV) Certificates were used 94.5% of the time For this analysis, PhishLabs looked at three categories of TLDs: Legacy gTLDs, ccTLDs, and New gTLDs. >>...

In Q1, PhishLabs analyzed and mitigated hundreds of thousands of phishing attacks that targeted corporate users. In this post, we break down these attacks and shed light on the phishing emails that are making it into corporate inboxes. Threats Found in Corporate Inboxes Credential Theft Credential theft attacks continue to be the most prolific threats observed in corporate inboxes. In Q1, nearly...

Phishing is on the rise. PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020. This trend is continuing as Q2 attacks are also up significantly year-over-year. Last year, phishing spiked in late Q1 and Q2 as threat actors took advantage of pandemic-related fear and uncertainty. This year, we are seeing an even greater increase in attacks. Closer Look: Of the...

In 2020, ransomware attacks in the U.S. increased 139% year-over-year . Attacks are more strategic, demands are higher, and new tactics have emerged that leave victims experiencing the pressure to pay. Organizations that are affected by ransomware believe they are left with one of two choices: Refuse to meet ransom demands and risk the loss of data or, pay the ransom and hazard it released anyway...

Microsoft Office 365 phish are some of the most common threats that reach end users inboxes. Over the course of a two-year period, PhishLabs has observed that O365 phish have accounted for more than half of all reported phish by enterprises - by a significant margin. Today, we are highlighting a recent O365 campaign, and breaking down the techniques used to enhance the threat actor's odds of...

PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers. The threat actor behind the attacks has been designated Royal Ripper. The initial stage of the attack harvests personal information and the sort code of the victim's bank. It then uses the sort code to redirect the victim to a second...

On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked to promote cryptocurrency scams. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked, including those belonging to cryptocurrency companies. What does this mean for enterprises and their security teams? Threat actors...

Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of legitimacy, better mimic the target site in question, and reduce being flagged or blocked from some browsers. Last year, threat actors hit a significant milestone in this usage when more than 50% of phishing sites...

As enterprise workforces continue to transition to remote environments, online file sharing and cloud storage tools are becoming a frequent, if not necessary means of collaboration. While abusing these types of platforms is nothing new to threat actors, the lures they use are now taking advantage of the novel coronavirus. The two examples below demonstrate how. We are providing ongoing updates on...

Cyber criminals are using COVID-19 to manipulate users on Twitter and steal funds through payment applications. Our latest example demonstrates how victims are being targeted with fake credential dumps. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are...

As job losses grow due to the coronavirus pandemic, cybercriminals are taking advantage of the situation to recruit individuals into money mule scams. Below are two examples that reference work-from-home opportunities. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how...

Threat actors are using the novel coronavirus to impersonate accounts on social media. The example below targets members of a credit union. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. The threat actor created a private...

Threat actors are using social media to engage in money-flipping scams abusing the novel coronavirus. The two examples below demonstrate how they are doing it. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. The first example...

In response to the financial difficulties resulting from COVID-19, many utilities have announced policy changes to suspend disconnects and provide relief to customers. As a result, many people are uncertain about what will happen should they be unable to pay their utility bills during the pandemic. As our latest example shows, this uncertainty is being exploited by threat actors. We are providing...

With many U.S. citizens still waiting to receive their government-mandated stimulus, we are again seeing cyber criminals shift their tactics in accordance with the news cycle. Below is one example of a lure abusing access to an undeliverable stimulus payment. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the...