Blog

Blog

New Webinar: Inside the World of Social Media Phishing: Financial Scams

On a daily basis, most people will use some form of social media. From checking photos of your friends and pets, to communicating with coworkers and loved ones, social media is a large part of the connected world. Unfortunately, this also means that the more social media is used, the more likely that threat actors will try to exploit it. Join us on February 6, at 3 PM ET, as we discuss how...
Blog

Threat Actor Abuses Mobile Sensor to Evade Detection

Every day our teams analyze millions of phish across the web, detected through emails, social media, text messages, and most other common digital vectors. Many phishing sites are easy to review and analyze. However, some threat actors that we track take steps to hide their attacks from people other than their intended victims. This is a defense mechanism that makes it harder to analyze their...
Blog

New White Paper: BEC Attacks are the Most Costly Form of Phishing

Business Email Compromise (BEC) attacks have plagued organizations all over the world for almost a decade. In fact, the phishing threat has become so pervasive and effective for threat actors that the reported losses to date have already hit more than $26 billion. This does not even include the thousands of unreported BEC attacks that net gift cards and other small denominations. It's for...
Blog

Beyond Marketing: Getting Ahead of Brand Protection Issues

Today's marketing organization uses countless SaaS-based tools and platforms that live outside of an organization's network. As their digital footprint grows, so does their potential for digital risks targeting their enterprise, brands, and customers. Even if they don't join the latest social media platform, in most cases there are not proper online brand protections in place to ensure...
Blog

How to Handle Brand Impersonation on Social Media

Social media is undoubtedly a huge asset to modern organizations. It helps them spread their message, promote their products and services, and communicate directly with customers, and users. Along with those benefits, social media also presents a unique threat. Never before has it been so easy for threat actors to abuse the trust built up by an organization, damage its reputation, profit...
Blog

Unique Countermeasures in Active Phishing Campaign Avoids Security Tools

PhishLabs' Email Incident Response analysts recently identified a phishing campaign leveraging novel tactics in the ongoing war between threat actors and security teams. In addition to presenting a unique twist on a popular lure theme, the campaign leverages a clever combination of tactics by attackers attempting to defeat email security technologies to great effectiveness. PhishLabs observed...
Blog

Active TrickBot Campaign Observed Abusing SendGrid and Google Docs

PhishLabs has observed an active TrickBot campaign targeting the employees of multiple organizations. Trickbot is a sophisticated successor of the Dyre Banking Trojan. It uses an intricate network of command and control servers (C2), web injects, and customized redirection attacks that leverage HTML or JavaScript injections to target numerous financial institutions across many geographies and...
Blog

Marketing Teams Are Not Equipped to Monitor Social Media Threats

Every second, 5,787 tweets are published. Every minute, 300 hours of video are uploaded to YouTube. These are just two of the more popular social networks, and among these data points are the occasional references to a specific organization, its brands, and even customers or employees. For many, these brands have a marketing, communications, or even customer service team dedicated to...
Blog

Active Office 365 Credential Theft Phishing Campaign Targeting Admin Credentials

PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign. In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains - an educational institution for example - not belonging to Microsoft. If the victim clicked the link, they...
Blog

APWG: Two-Thirds of all Phishing Sites Used SSL protection in Q3

This week, APWG released its findings from Q3 that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show that phishing attacks continued to rise throughout the year, 40% of BEC attacks involve domains registered by the threat actor, and now more than two-thirds of all phishing sites are using SSL certs or...
Blog

Social Media Account Takeover is as Vicious as a BEC Attack

At the height of social media adoption, users willingly shared everything from the lunch they just ate to the exact places they visited throughout the day. While some of this has been reduced as consumers learned how sharing private information could impact their privacy, many people still hide these kinds of updates behind basic security controls. This is just one of the reasons that a flurry of...
Blog

Recap: How to Proactively Protect Users with Email Incident Response

This year organizations are estimated to have spent more than $124 billion on security, yet phishing attacks continue to bypass email security technology. Is it possible to proactively stop threats that would otherwise make it past your infrastructure? If you attended our most recent webinar, you know the answer is yes. Before we get into the how, our host and Director of Product Management,...
Blog

Best Practices for Defanging Social Media Phishing Attacks

Social media-based phishing attacks have taken off in a big way. According to some estimates, social media now accounts for as much as 5% of all phishing attacks globally. When you consider that phishing volume has grown consistently every year for more than a decade (up 40% last year alone), that 5% constitutes a lot of attacks. This increase is no coincidence. Social media phishing attacks...
Blog

More Bees with Honey? Reinforcement vs. Punishment in a Security Training Program

Ambassadors of security training programs often struggle with the most effective way to drive success. The ultimate purpose of these programs is to change employee behavior and create a more secure organization. Put simply, behavior is influenced by either reinforcement (i.e., encouraging employees to perform behaviors that we like) or punishment (i.e., discouraging employees from performing...
Blog

Beware of Account Takeover

One way to verify if an email is legitimate is to look at the sender's address, the actual sender's address, not just the sender's name. One tactic cyber criminals employ is using the sender's name to trick the recipients. The cyber criminal may use a known acquaintance's name or the name of a legitimate company they are trying to spoof. This sounds sophisticated, but it is easy to catch when...
Blog

Grease the Skids: Improve Training Successes by Optimizing the Environment

You have carefully selected a training program. Employees are completing the courses. And yet, they are not reporting suspicious emails and their passwords are made up of favorite sports teams and graduation dates. What is missing? Research shows that implementing training alone, as good as it may be, is not enough. We have learned that the transfer of new knowledge and behaviors on-the-job is...
Blog

Training Not Sinking In? Try a Programmatic Approach

In honor of National Cybersecurity Awareness Month (CSAM), Dane Boyd, PhishLabs' Security Training Manager, and I will share a series of posts covering topics from cybersecurity to organizational learning and development. We are kicking off the series by covering a topic near and dear to my heart: taking a programmatic approach to implementing a security training program. A fatal flaw...
Blog

New Spear Phishing Campaign Impersonates VCs and PE Firms

In the past 48 hours, PhishLabs has identified and successfully thwarted a sophisticated phishing campaign targeting the Office 365 credentials of high-value targets. This campaign is still active, and security teams should familiarize themselves with the tactics, indicators, and remain vigilant. In these attacks, the threat actor(s) is posing as private equity firms submitting non-disclosure...
Blog

APWG: Phishing Continues to Rise, Threat Actors Love Gift Cards

This week APWG released its findings from Q2 of this year that compiles insights from their member companies and provides an analysis of how phishing is changing. This quarter's report shows that phishing attacks continue to increase, both SaaS and email service providers are prime targets, BEC attacks are focused on getting gift cards, and more than half of phishing sites continue to abuse...
Blog

The Vast Social Media Landscape for Phishing Threats

On a daily basis, around 42% of the global population, or 3.2 billion people, uses some form of social media. Of that number, people spend a daily average of 2.2 hours on these networks, too. These two numbers are exactly why threat actors continue to flock to social media to abuse them for phishing purposes; however, there is far more to this story. Phishing threats extend well beyond Twitter,...