Resources

COVID-19 Phishing Update: BEC Lures use Pandemic to Enhance Attacks
Blog

COVID-19 Phishing Update: BEC Lures use Pandemic to Enhance Attacks

Fri, 05/08/2020
  Threat actors are using the novel coronavirus to add credibility in recent Business Email Compromise (BEC) attacks. Below are three examples of how they are doing it.    We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are...
COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims
Blog

COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims

By Jessica Ryan on Tue, 05/05/2020
  As job losses grow due to the coronavirus pandemic, cybercriminals are taking advantage of the situation to recruit individuals into money mule scams. Below are two examples that reference work-from-home opportunities.    We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security...
On-Demand Webinar

Domains and Surface Web: Defending Against Ever-Evolving Threats Webinar

Big or small, enterprise or startup, in today’s world nearly every business across the globe has some form of digital presence. In most cases this is a website, in others, this may include social media or apps. This is due in part to the ease in establishing these properties, which makes it more accessible than ever before. However, as easy as it is to establish a brand online,...
Online Impersonation
How Threat Actors are Abusing Coronavirus Uncertainty
Blog

How Threat Actors are Abusing Coronavirus Uncertainty

By Jessica Ryan on Fri, 03/06/2020
  By this time, most everyone in the world has heard about COVID-19, a global outbreak that is commonly referred to as the Coronavirus. With growing fear and a lack of information, the stock markets have dropped to lows we haven't seen in years, and organizations everywhere are putting together contingency plans. Like most global events, this scenario creates a perfect...
Beware of Account Takeover
Blog

Beware of Account Takeover

Tue, 10/15/2019
  One way to verify if an email is legitimate is to look at the sender's address, the actual sender's address, not just the sender's name. One tactic cyber criminals employ is using the sender's name to trick the recipients. The cyber criminal may use a known acquaintance's name or the name of a legitimate company they are trying to spoof. This sounds sophisticated, but it is...
Account Takeover Protection
Blog

Threat Actors are Increasing Their Use of Free Hosts

Thu, 07/11/2019
  In our continued expansion and exploration of data from this year's annual Phishing Trends and Intelligence report it's time to take a closer look into free hosts. More specifically, the free hosts and domains that threat actors abuse in order to further distribute phishing attacks. While phishing sites that abuse free hosts don't make up the majority, the use of them is...
Should User Passwords Expire? Microsoft Ends its Policy
Blog

Should User Passwords Expire? Microsoft Ends its Policy

Thu, 06/06/2019
  If you have ever worked for an organization that uses Microsoft-based systems, there is a high likelihood that your IT or security team has implemented a policy that occasionally forces you to create a new password. Years ago it was every three months, then every two, and so on. This policy was heavily encouraged by Microsoft, but as of May of this year, they have reversed...
5 Tips for Smarter Detection and Collection of Digital Risks
Blog

5 Tips for Smarter Detection and Collection of Digital Risks

Tue, 03/26/2019
  Recently, our Director of Product Management, Cary Hudgins, discussed how to develop a digital risk protection plan for the modern enterprise. One of the many reasons why such a plan should be created is because, in today's world, an enterprise organization's digital footprint can be vast and will continue to grow.  Take for example the average employee who receives an...
This message is from a trusted sender, or is it?
Blog

Brain-Hacking Part 2: Ain't Nobody Got Time for That!

Tue, 03/19/2019
  Taking Advantage of Our Tendency to Simplify There's an old joke floating around the Internet that claims NASA, upon discovering that standard ballpoint pens would not work in space, invested millions of dollars and years of R&D. The resulting pen was supposedly capable of writing in zero-G, on any surface, and in temperatures that would surely kill any astronaut. When...
Romanian Vishing/SMiShing Threat Actors Plead Guilty
Blog

Romanian Vishing/SMiShing Threat Actors Plead Guilty

Fri, 03/15/2019
  In May of 2018, we reported on three Romanian threat actors who were extradited to the U.S. for their involvement in a SMiShing and Vishing fraud scheme. At the time of reporting, the expected losses were listed around $18 million but have since risen to more than $21 million. Between July 12 and October 31, 2011, PhishLabs' analysts detected a number of telephone phishing ...
It Only Takes One to Detect or Infect
Blog

It Only Takes One to Detect or Infect

Tue, 03/05/2019
  It's time to take action against phish! Phishing attacks are no longer few and far between, they are the norm. Regardless of your company's investments in filtering technologies and countermeasures, suspicious and malicious emails make it into employee inboxes. It only takes one to cost your company time, money, and lost reputation. Unfortunately, even with traditional...
This message is from a trusted sender, or is it?
Blog

This message is from a trusted sender, or is it?

Tue, 02/26/2019
  We've previously reported on how, due to the rise in phishing attempts leveraging SSL certificates, the  icon in your web browser gives your users a false sense of security. The threat, however, doesn't end with your web browser. Although first observed as early as 2016, PhishLabs analysts have observed a dramatic uptick in the imitation of flags, banners, and other markup...
Brain-hacking: Why Social Engineering Is So Effective
Blog

Brain-hacking: Why Social Engineering Is So Effective

By Jessica Ryan on Tue, 02/19/2019
  You are affected by social engineering tactics every day. Okay, let me explain. From an information security standpoint, Wikipedia says that social engineering is the psychological manipulation of people into performing actions or divulging confidential information[1]. That's true, but social engineering isn't limited to information security; it's something we all...
Social Risk Monitoring: All Press Good Press?
Blog

Social Risk Monitoring: All Press Good Press?

Fri, 01/04/2019
  It happens on a daily basis, it's even likely that at some point it happened to you: social media account takeovers. A quick Google search shows a new batch of celebrities, politicians, companies, and other high profile users becoming the victim of account takeovers on a weekly basis. It's concerning, it can cause a ruckus, and depending on what happened after the fact it...
Geolocation Tracking Poses Risks to Your Employees
Blog

Geolocation Tracking Poses Risks to Your Employees

Tue, 08/21/2018
Exposing your geolocation information publicly can lead to increased personal and business risk. This is particularly important to note in the wake of Google's location tracking, even if you explicitly told them not to. It is remarkable how freely we tell the world one of the most important things about ourselves: where we are. The everyday use of geotagging and geolocation...
Adwind Remote Access Trojan Still Going Strong
Blog

Using Reported Phish to Hunt Threats

Tue, 07/10/2018
  Reported phishing emails are useful for plenty of reasons. They help you measure cyber risk, study common attack trends, and even provide inspiration for your own phishing simulations. One of the security functions that benefit most from reported phishing emails is threat hunting, the process of identifying threats quickly so they can be contained before any major damage...
WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017
Blog

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Tue, 05/08/2018
  Ransomware. The word strikes fear into the hearts of hospital administrators, local government officers, and small business owners everywhere. After exploding in 2016, ransomware has been covered extensively by media outlets and security experts, to the point where most organizations have started to take at least some action to mitigate their exposure. But have these...
Blog

Silent Librarian: More to the Story of the IranianMabna Institute Indictment

By Jessica Ryan on Mon, 03/26/2018
  Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3...
Press Release

PhishLabs Ranked Highest for Cybercrime Threat Intelligence

Winners announced at InfoSec World 2017 in Orlando. Charleston, S.C., April 20, 2017 – PhishLabs, the leading provider of 24/7 phishing defense and intelligence solutions, today announced it was recently ranked highest in cybersecurity client experience in the category of Cybercrime Threat Intelligence by Black BookTM of Cybersecurity LLC, a division of Brown-Wilson Group, Inc...
How To Build a Powerful Security Operations Center, Part 2: Technical Requirements
Blog

How To Build a Powerful Security Operations Center, Part 2: Technical Requirements

Wed, 04/19/2017
  In the last post, we took a look at the logistical and human issues surrounding the setup of a new security operations center (SOC). And while having a mission, the right people, and a physically secure location are all vital to the success of a new SOC, there are many more things to consider before you can jump in and get started. In this post, we’re going to take a...