Phishing volume continues to outpace 2020 by 22%, according to PhishLabs’ Quarterly Threat Trends & Intelligence Report.
PhishLabs is monitoring payload families reported in user inboxes. In this piece, we break down the top malware targeting enterprises in Q2.
Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general websites, and a 10 percent increase in BEC attacks originating from free webmail accounts.
The life of a phishing site is brief, but impactful. A recent study found that by the time phishing URLs show up in blocklists, most damage is done.
Key highlights of the report include a significant increase in wire transfer loss attributed to business email compromise (BEC) attacks from the first quarter and a 20% increase in BEC attacks targeting the social media sector.
As Phishing attacks get more sophisticated on the social engineering front, so to does the technology and techniques behind keeping them online longer.
As the coronavirus becomes a global pandemic, threat actors have begun abusing the fear surrounding it. One lure we have spotted even mimics the CDC.
Attend our upcoming webinar to learn about the latest techniques threat actors use to abuse social media for phishing attacks.
APWG's Q2 report shows phishing increasing, SaaS industry prime target, and threat actors are after gift cards.
Verizon's annual Data Breach Investigations Report has just been released. What does it have to say about Phishing?
Phishing: Social engineering using digital methods for malicious purposes.
Everybody knows that reported phishing emails are a valuable resource. But are you making maximum use of yours? This is how you can use reported phish to aid your threat hunting capability.
Following the formal indictment of nine Iranian threat actors on March 23, 'Silent Librarian' attacks against universities and other research organizations have continued unabated.
BankBot Anubis takes mobile threats to the next level incorporating ransomware, keylogger abilities, remote access trojan functions, SMS interception, call forwarding, and lock screen functionality.
Reporting an email to your IT team is incredibly important, and it's because these 11 email types each have different impacts.
Job scams represent only one of the many techniques deployed by criminals, who are growing increasingly creative and sophisticated in luring their victims.
Find out how URL pattern analysis can dramatically reduce the time and energy required to produce actionable phishing intelligence
It's notoriously hard to evidence the need for investment in security awareness. But with a concrete ROI forecast, the task becomes must easier.
With so many variables and conflicting claims calculating the cost of phishing can be difficult. Let us make it easy for you.
If you've ever configured a spam filter, you know how frustrating it can be. Here's why some phishing emails always get through.
Phishing has become a huge concern in recent years, and it can be frustrating when users continue to fall for them. Here's why it happens.
Compromised websites are an integral part of the cybercrime ecosystem. PhishLabs recommends these steps to help prevent this kind of exploit.
Hackers targeting bitcoin wallet users are leveraging Google's AdWords. Phishlabs has previously seen similar attacks over the past year.
PhishLabs' phishing research and analysis have shown that phishers are continually developing new methods to facilitate their malicious activities.
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source). Think community financial institutions aren’t in the crosshairs for account takeover? Think again. (PhishLabs) There is clear evidence that account takeover (ATO) is a big problem and growing worse. The Federal Reserve Bank of Atlanta […]
Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
Last week, researchers at Proofpoint reported an attack campaign, which was dubbed “Smash & Grab," targeting customers of JP Morgan Chase. Based on intelligence from the Phishlabs R.A.I.D. (Research, Analysis, and Intelligence Division), the “Smash & Grab" operations have been active since at least mid-June. The attacks use email messages to direct potential victims to a phishing page. Visitors to the phishing page are also exposed to an exploit kit that abuses software vulnerabilities to infect victims with malware.
Phishing takedown services, anti-phishing services, phishing protection. What's best for stopping phishing attacks? Learn the key distinctions and how they make a big difference.
PhishLabs has detected a new phishing attack targeting users of the Mt. Gox bitcoin exchange: While most phishing attacks used hacked legitimate web sites to host phishing pages, this particular attack is using a registered domain name of RAA.CN.COM. CN.COM isn’t a real top-level domain name, but CentralNic allows registrars to sell third-level domains within […]
Almost every day I speak with a bank somewhere about phishing. I ask them how much of a threat is it, what are they doing about it, and how does it affect their business. Surprisingly, the answers I get vary quite a bit from one organization to another. Most are concerned about the costs of […]
PhishLabs has discovered a new variant of a common phishing page that prompts users to upload a scanned copy of their driver’s license and telephone bill. The scam detected targets customers of a large US bank. Most likely the phisher is attempting to circumvent additional security measures by the bank such as telephone based authentication […]
PhishLabs has discovered a phishing site targeting Instagram users: It is not clear if the intention of the responsible miscreants is to steal photos, email credentials, or Facebook credentials. It is probably the latter given the phishing site redirects to Facebook after stealing an email address and password. However, it does seem clear that […]
Xfire “is a free tool that automatically keeps track of when and where gamers are playing PC games online and lets their friends join them easily.” PhishLabs recently discovered a phishing page targeting Xfire users that used a clever trick to warn potential victims. By using cascading style sheets (.css) files that are generated on […]
Almost since the beginning of phishing, attackers have created simple webpages that redirect users to another URL that contains the actual phishing form. They do this for several reasons. In case their phishing site is shutdown, they can simply change the destination of the redirect to point to another phishing site. This means that everyone […]
For over a year, the Rock Phish Gang was using the Avalanche botnet to host their various phishing scams and malware distribution sites. Fortunately, the botnet was shutdown last week – how long remains to be seen. Unfortunately, the Rock Phish Gang have not gone away. These criminals continue to distribute their Zeus trojans and […]
The Avalanche botnet, also known as “MS-Redirect”, has been responsible for hosting phishing pages and malware distribution attacks on over 35 organizations, including the IRS, Facebook, MySpace, most recently NACHA, and many more. Unfortunately, there’s a great deal of confusion over how this botnet works and how it’s related to other malware. Let’s clear it […]
Some security problems just never seem to go away. I’m not sure if its because there’s a steady stream of new web developers that have to learn things the hard way, if people forget, or they think that their open programs won’t be found by the bad guys. Unfortunately for those of us that fight […]
There are numerous sites on the Internet where aspiring cybercriminals can download free phishing kits. Despite it being relatively well known that most kits have backdoors in them that cause stolen information to be sent to the kit authors, they’re still used quite frequently. Interestingly, one such free phish kit distribution site added flag counter […]
Nearly a year ago I asserted in a Dark Reading interview that phishers were using Google and other search engines to find vulnerable web sites which they used to launch their scams. By a simple analysis of the web hosts and URLs used in phishing, I estimated that the vast majority of phishing web sites […]
You may have heard about a recently discovered 0-day vulnerability in Adobe Acrobat that has been used in targeted attacks. While this isn’t anything like a traditional phishing or malware attack, it could be considered a type of ‘spear’ phishing. In case you haven’t heard the details yet, there’s a vulnerability in Adobe Acrobat Reader […]
How do phishers choose their targets? Usually, it is relatively random. Occasionally, phishers will be able to hack into some online web application or ecommerce site and create a dump of the database along with victim email addresses and locations, but that’s not a common scenario. Most of the time, they use tools to extract […]
Over on the Symantec Security Response Online Fraud blog, Antonio Forzieri, follows up to his previous post about reactive phishing defenses. In his post, Antonio discusses the merits and pitfalls of diluting phishing sites with different types of bogus data. The last case, where phishers automatically validate the data from within the phishing site itself […]