Threat actors routinely impersonate brands as part of their attacks. Brand abuse can occur anywhere online, and impersonating a reputable company automatically gives credibility to a threat that might otherwise be instantly identified as suspicious. Because brand impersonation is so broadly used across the threat landscape, security teams need to have complete visibility into the top brand...

PhishLabs is monitoring the increasing number of mobile applications targeted by the relatively new Alien Mobile Banking Trojan. Alien, a fork of Cerberus, continues to evade Google's malware detection and is targeting a broad spectrum of both financial and non-financial apps. So far, Alien has been connected with 87 new brands previously not targeted by Cerberus. Cerberus versus Alien...

A threatening social media post targeting an executive, employee, brand, or any other asset often has merit to it, and investigating the online accounts associated with the threat actor is imperative in the process of assessing risk. By mapping social media accounts operated by the threat actor, as well as general social media risk monitoring, you can build a more comprehensive profile of the...

Recently, PhishLabs mitigated an attack using a fake social media page to steal the credentials of a credit union (CU) customer. Social media is increasingly used as a vehicle for attacks, and organizations should adopt social media protection measures to stay ahead of threats. The below demonstrates how the attack was executed. The Scam Initially, the threat actor sends the victim a text...

Obtaining the location of a social media threat actor can provide important information in the process of assessing risk. Verifying a geographical region of a user is vital in determining the credibility and risk level of the posted threatening content. Investigating true locations of threat actors can evidently turn a seemingly baseless low risk social media threat into something that may be...

Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of its diverse range of...

App downloads fueled by COVID-19 lockdowns leapt to 37.5 billion in Q2 of this year, and collective global app usage is surging. Android users' screen time stands out significantly, with an increase of 25% above the weekly average from the previous year. As apps continue to be an integral part of how we conduct business and perform sensitive tasks, bad actors are using fake and unethical apps...

Threat actors increasingly use social media to attack brands, VIPs, and customers. The types of threats on these platforms are diverse and each social network has different policies in place for how they respond to reported attacks. As a result, mitigating threats on social media can be a frustrating and time-consuming process for security teams. In this post, we break down some common social...

Social media is rapidly becoming the preferred online channel for threat actors. Almost four billion people use some form of social media, and organizations are increasingly reliant on company pages, executive presence, and positive customer interaction to build a strong brand. As a result, a malicious post or tweet can cause irreversible damage to an enterprise. Last year, 53% of all...

Threat actors are masquerading as executives on social media for purposes of stealing credentials and damaging popular brands. Today, many executives have accounts on these platforms to network as well as post content promoting their companies. Unfortunately, it is easy for bad actors to create fake accounts and reach massive audiences by impersonating well-known individuals. These types of...

When the term data leak comes to mind, most enterprises think of the dark web. Although compromised information can damage an organization when distributed through gated and anonymous platforms, we are seeing social channels being used to allow for a more rapid and potentially destructive outcome. These platforms have an overwhelming number of global participants, with almost half of the world...

Threat actors are using social media accounts to expose and sell data that has been compromised. While information found on many of these platforms has traditionally been disclosed by enterprises and individuals with intent, cyber criminals are taking information acquired by means of scams and data breaches and promoting their sale on various social platforms not always monitored by security...

With more than 2.95 billion people now estimated to use social media, an organization's online presence directly relates to the satisfaction of its customers, as well as its profits. False or misleading images or comments connected with a brand on online platforms can swiftly impact the reputation or even financials of an otherwise successful company. While most individuals have been...

Threat actors are using the novel coronavirus to add credibility in recent Business Email Compromise (BEC) attacks. Below are three examples of how they are doing it. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. ...

Threat actors are using social media to engage in money-flipping scams abusing the novel coronavirus. The two examples below demonstrate how they are doing it. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. The...

Threat actors continue using COVID-19 fears to exploit individuals on a variety of channels. Today we are taking a look at two new, related SMS lures. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. The first...

Recently we highlighted one of the most common evasion techniques employed by threat actors in order to keep a phishing site online: geoblocking, or blocking by location. However, many other techniques exist, some that are more subtle and make it more difficult for unwanted visitors to view a site. One such method is used to thwart unintended parties - bots, analysts, hosting providers, etc. -...

In the past few weeks, our team highlighted how social media is abused by threat actors seeking to steal credentials and to administer phishing attacks. While these are both two of the most prominent cybersecurity threats distributed through social media, there are some other tactics in play, too. Join us on February 6 to discuss the latest social media-based financial scams. This week we're...

Every day our teams analyze millions of phish across the web, detected through emails, social media, text messages, and most other common digital vectors. Many phishing sites are easy to review and analyze. However, some threat actors that we track take steps to hide their attacks from people other than their intended victims. This is a defense mechanism that makes it harder to analyze their...

Today's marketing organization uses countless SaaS-based tools and platforms that live outside of an organization's network. As their digital footprint grows, so does their potential for digital risks targeting their enterprise, brands, and customers. Even if they don't join the latest social media platform, in most cases there are not proper online brand protections in place to ensure...