Resources

It Only Takes One to Detect or Infect
Blog

It Only Takes One to Detect or Infect

Tue, 03/05/2019
  It's time to take action against phish! Phishing attacks are no longer few and far between, they are the norm. Regardless of your company's investments in filtering technologies and countermeasures, suspicious and malicious emails make it into employee inboxes. It only takes one to cost your company time, money, and lost reputation. Unfortunately, even with traditional...
This message is from a trusted sender, or is it?
Blog

This message is from a trusted sender, or is it?

Tue, 02/26/2019
  We've previously reported on how, due to the rise in phishing attempts leveraging SSL certificates, the  icon in your web browser gives your users a false sense of security. The threat, however, doesn't end with your web browser. Although first observed as early as 2016, PhishLabs analysts have observed a dramatic uptick in the imitation of flags, banners, and other markup...
Brain-hacking: Why Social Engineering Is So Effective
Blog

Brain-hacking: Why Social Engineering Is So Effective

By Jessica Ryan on Tue, 02/19/2019
  You are affected by social engineering tactics every day. Okay, let me explain. From an information security standpoint, Wikipedia says that social engineering is the psychological manipulation of people into performing actions or divulging confidential information[1]. That's true, but social engineering isn't limited to information security; it's something we all...
BankBot Anubis Switches to Chinese and Adds Telegram for C2
Blog

BankBot Anubis Switches to Chinese and Adds Telegram for C2

Tue, 01/29/2019
  We've recently noticed two significant changes in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of Chinese characters to encode the C2 strings (in addition to base64 encoding). The second is the use of Telegram Messenger in addition to Twitter for communicating C2 URLs.  Previously reported by PhishLabs, the criminals...
Social Risk Monitoring: All Press Good Press?
Blog

Social Risk Monitoring: All Press Good Press?

Fri, 01/04/2019
  It happens on a daily basis, it's even likely that at some point it happened to you: social media account takeovers. A quick Google search shows a new batch of celebrities, politicians, companies, and other high profile users becoming the victim of account takeovers on a weekly basis. It's concerning, it can cause a ruckus, and depending on what happened after the fact it...
Blog

49 Percent of Phishing Sites Now Use HTTPS

Thu, 12/06/2018
  Since 2015 there has been a steady increase in threat actors' use of SSL certificates to add an air of legitimacy to malicious websites. By the end of 2017 almost a third of phishing sites had SSL certificates, meaning their URLs began with HTTPS:// and (most) browsers displayed the all-important padlock symbol.  In recent months, however, our team has observed an even more...
Press Release

Phishing sites trick users with fake HTTPS padlock

Half of all phishing sites now have padlocks, but are anything but secure Originally published in TechRadar Excerpt: "The padlock icon next to a web address used to let users know that a site is legitimate and secure but now new research from PhishLabs suggests that this is no longer the case as have of all phishing scams are now hosted on websites that have the padlock...
Geolocation Tracking Poses Risks to Your Employees
Blog

Geolocation Tracking Poses Risks to Your Employees

Tue, 08/21/2018
Exposing your geolocation information publicly can lead to increased personal and business risk. This is particularly important to note in the wake of Google's location tracking, even if you explicitly told them not to. It is remarkable how freely we tell the world one of the most important things about ourselves: where we are. The everyday use of geotagging and geolocation...
Understanding Why Spear Phish Are Highly Effective
Blog

Understanding Why Spear Phish Are Highly Effective

Thu, 07/19/2018
  In the Oscar-winning movie The Sting, Harry Gondorff (played by Paul Newman) explains to his apprentice Johnny Hooker (Robert Redford) that the con that they set up must be so convincing that their mark, Doyle Lonnegan (Robert Shaw) won't even realize that he's been taken. Today, Gondorff and Hooker might not have needed to use a past-posting scheme to con Lonnegan. Instead...
Adwind Remote Access Trojan Still Going Strong
Blog

Using Reported Phish to Hunt Threats

Tue, 07/10/2018
  Reported phishing emails are useful for plenty of reasons. They help you measure cyber risk, study common attack trends, and even provide inspiration for your own phishing simulations. One of the security functions that benefit most from reported phishing emails is threat hunting, the process of identifying threats quickly so they can be contained before any major damage...
WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017
Blog

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Tue, 05/08/2018
  Ransomware. The word strikes fear into the hearts of hospital administrators, local government officers, and small business owners everywhere. After exploding in 2016, ransomware has been covered extensively by media outlets and security experts, to the point where most organizations have started to take at least some action to mitigate their exposure. But have these...
Silent Librarian University Attacks Continue Unabated in Days Following Indictment
Blog

Silent Librarian University Attacks Continue Unabated in Days Following Indictment

Thu, 04/05/2018
  On Friday, March 23, nine Iranian threat actors were indicted for stealing massive quantities of data from universities, businesses, and governments all over the world. If you've been following our blog (or the news), you already know the actors are associated with an organization called the Mabna Institute, and are responsible for stealing more than 31 terabytes of data...
Blog

Silent Librarian: More to the Story of the IranianMabna Institute Indictment

By Jessica Ryan on Mon, 03/26/2018
  Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3...
New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users
Blog

New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users

Tue, 03/13/2018
  A newly observed variant of BankBot has been discovered masquerading as Adobe Flash Player, Avito, and an HD Video Player. This variant, now detected by PhishLabs as BankBot Anubis, was first identified on March 5, 2018.  BankBot Anubis takes mobile threats to the next level incorporating ransomware, keylogger abilities, remote access trojan functions, SMS interception,...
The 11 Types of Reported Emails
Blog

The 11 Types of Reported Emails

Thu, 01/18/2018
  You receive an email, you are unfamiliar with the sender's name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back. Malicious Versus Benign According to Symantec, 55.5 percent of business emails are considered spam emails, with the average...
Adwind Remote Access Trojan Still Going Strong
Blog

Adwind Remote Access Trojan Still Going Strong

Wed, 11/01/2017
   A Java-based Adwind Remote Access Trojan campaign has been observed sending spam emails containing a malicious JAR file under the guise of “Request For Quotation,” “Transfer Import,” “Swift Copy,” “Proforma Invoice,” “DHL Delivery Notification” and many others.  Adwind, also known as jRAT and JSocket, is a cross-platform remote access tool designed to run on Mac OS, Windows...
Nigerian 419 Scams: How to Spot a Phish
Blog

Nigerian 419 Scams: How to Spot a Phish

Wed, 10/11/2017
  All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works. Today, we’re a true phishing classic: Nigerian 419 scams. We've put the 15 best practices for spotting...
BEC Scams: How to Spot a Phish
Blog

BEC Scams: How to Spot a Phish

Tue, 10/10/2017
  All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works. Today, we’re exploring one of the most audacious phishing tactics: Business email compromise (BEC) also...
Press Release

PhishLabs Ranked Highest for Cybercrime Threat Intelligence

Winners announced at InfoSec World 2017 in Orlando. Charleston, S.C., April 20, 2017 – PhishLabs, the leading provider of 24/7 phishing defense and intelligence solutions, today announced it was recently ranked highest in cybersecurity client experience in the category of Cybercrime Threat Intelligence by Black BookTM of Cybersecurity LLC, a division of Brown-Wilson Group, Inc...
How To Build a Powerful Security Operations Center, Part 2: Technical Requirements
Blog

How To Build a Powerful Security Operations Center, Part 2: Technical Requirements

Wed, 04/19/2017
  In the last post, we took a look at the logistical and human issues surrounding the setup of a new security operations center (SOC). And while having a mission, the right people, and a physically secure location are all vital to the success of a new SOC, there are many more things to consider before you can jump in and get started. In this post, we’re going to take a...