Brand threats have accounted for 68% of fraud attacks so far this year. Contrary to traditional cyber attacks, which are designed to compromise the infrastructure or circumvent controls, brand threats live outside of the organization’s control and compromise the reputation of your brand. Common types of brand misrepresentation include spoofed emails, social media scams, and...

One piece of evidence that adds value to investigating social media threats is the threat actor’s chosen username. Usernames can hold meaning to the individual, and as a result provide useful information when expanding investigations to different social platforms. As we covered in our last OSINT post, connecting all known social media accounts to one user is a critical step in...

Cybercriminals continue to heavily abuse domains to launch phishing attacks. PhishLabs’ analysis of Q1 phishing attacks has found that:   96% used Legacy Generic (gTLD) or Country Code (ccTLD) Top-level Domains Almost 83% abused HTTPS Domain Validated (DV) Certificates were used 94.5% of the time   For this analysis, PhishLabs looked at three categories of TLDs: Legacy...

  In Q1, PhishLabs analyzed and mitigated hundreds of thousands of phishing attacks that targeted corporate users. In this post, we break down these attacks and shed light on the phishing emails that are making it into corporate inboxes.   Threats Found in Corporate Inboxes    Credential Theft Credential theft attacks continue to be the most prolific threats observed in...

  Phishing is on the rise. PhishLabs identified 47% more phishing sites in Q1 of 2021 than there were in Q1 of 2020.  This trend is continuing as Q2 attacks are also up significantly year-over-year.   Last year, phishing spiked in late Q1 and Q2 as threat actors took advantage of pandemic-related fear and uncertainty. This year, we are seeing an even greater increase in...

  In 2020, ransomware attacks in the U.S. increased 139% year-over-year. Attacks are more strategic, demands are higher, and new tactics have emerged that leave victims experiencing the pressure to pay. Organizations that are affected by ransomware believe they are left with one of two choices: Refuse to meet ransom demands and risk the loss of data or, pay the ransom and...

Microsoft Office 365 phish are some of the most common threats that reach end users inboxes. Over the course of a two-year period, PhishLabs has observed that O365 phish have accounted for more than half of all reported phish by enterprises - by a significant margin. Today, we are highlighting a recent O365 campaign, and breaking down the techniques used to enhance the threat...

  A threatening social media post targeting an executive, employee, brand, or any other asset often has merit to it, and investigating the online accounts associated with the threat actor is imperative in the process of assessing risk. By mapping social media accounts operated by the threat actor, as well as general social media risk monitoring, you can build a more...

  Recently, PhishLabs mitigated an attack using a fake social media page to steal the credentials of a credit union (CU) customer. Social media is increasingly used as a vehicle for attacks, and organizations should adopt social media protection measures to stay ahead of threats. The below demonstrates how the attack was executed.   The Scam Initially, the threat actor...

Obtaining the location of a social media threat actor can provide important information in the process of assessing risk. Verifying a geographical region of a user is vital in determining the credibility and risk level of the posted threatening content. Investigating true locations of threat actors can evidently turn a seemingly baseless low risk social media threat into...

  Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of...

  Digital Risk Protection (DRP) continues to gain momentum and attention among CISOs and security professionals. DRP, an operational security function once classified under Threat Intelligence (TI), has been elevated by the Gartner Hype Cycle and other analyst research as an emerging security function that security teams rely on to address multiple external cyber threat use...

  Threat actors increasingly use social media to attack brands, VIPs, and customers. The types of threats on these platforms are diverse and each social network has different policies in place for how they respond to reported attacks. As a result, mitigating threats on social media can be a frustrating and time-consuming process for security teams. In this post, we break down...

  Social media is rapidly becoming the preferred online channel for threat actors. Almost four billion people use some form of social media, and organizations are increasingly reliant on company pages, executive presence, and positive customer interaction to build a strong brand. As a result, a malicious post or tweet can cause irreversible damage to an enterprise.    Last...

  PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers. The threat actor behind the attacks has been designated Royal Ripper. The initial stage of the attack harvests personal information and the sort code of the victim's bank. It then uses the sort code to redirect the...

  On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked to promote cryptocurrency scams. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked, including those belonging to cryptocurrency companies. What does this mean for enterprises and their security teams...