Blog

Users Failing Phishing Simulations? That's ok
Blog

Users Failing Phishing Simulations? That's ok

Thu, 11/29/2018
Phishing simulations come with a range of emotions for the users who interact with them. Some will simply ignore them, others may fail by clicking on a link or attachment, and for the well-trained, they may even report them. Even if there is a negative outcome, training leads and organizations should not be worried, yet. Just like in school, these simulations are just that, simulations or...
Phishing 101: Targeted Phishing Attacks
Blog

Phishing 101: Targeted Phishing Attacks

Wed, 09/05/2018
The most likely way that you will be compromised online is through a simple phish or a socially engineered attack. Today, these two techniques are often combined to create an even more threatening attack, an intelligently targeted phish. Thanks to the wealth of information that we all leave behind us as we use the Internet, it is easier than ever for a social engineer to learn our name,...
Geolocation Tracking Poses Risks to Your Employees
Blog

Geolocation Tracking Poses Risks to Your Employees

Tue, 08/21/2018
Exposing your geolocation information publicly can lead to increased personal and business risk. This is particularly important to note in the wake of Google's location tracking, even if you explicitly told them not to. It is remarkable how freely we tell the world one of the most important things about ourselves: where we are. The everyday use of geotagging and geolocation data has enabled many...
Adwind Remote Access Trojan Still Going Strong
Blog

Using Reported Phish to Hunt Threats

Tue, 07/10/2018
Reported phishing emails are useful for plenty of reasons. They help you measure cyber risk, study common attack trends, and even provide inspiration for your own phishing simulations. One of the security functions that benefit most from reported phishing emails is threat hunting, the process of identifying threats quickly so they can be contained before any major damage is done. Reported...
How To Change Security Behaviors: Information Security
Blog

How To Change Security Behaviors: Information Security

Thu, 06/28/2018
Let's be honest, employees make mistakes. And sometimes those mistakes have catastrophic consequences. Everybody has heard stories about people accidentally leaving an unencrypted work laptop on the train, or on the seat of their car. Heck, on a busy day we could even imagine ourselves doing it. But with industry regulators finally starting to find their teeth — and the GDPR is now in full...
WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017
Blog

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Tue, 05/08/2018
Ransomware. The word strikes fear into the hearts of hospital administrators, local government officers, and small business owners everywhere. After exploding in 2016, ransomware has been covered extensively by media outlets and security experts, to the point where most organizations have started to take at least some action to mitigate their exposure. But have these efforts had any impact?...
6 Steps to Quickly Defang Reported Phishing Emails
Blog

6 Steps to Quickly Defang Reported Phishing Emails

Thu, 05/03/2018
So here it is… the first one you've received. Everything has been building up to this. You spent days preparing the business case, weeks designing the training program… and it's finally paid off. The first user-reported phishing email has hit your inbox. Now… what should you do with it? Time is of the Essence Reported phishing emails are good for a lot of reasons. For starters, they can...
Blog

Silent Librarian: More to the Story of the IranianMabna Institute Indictment

By Jessica Ryan on Mon, 03/26/2018
Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The...
Blog

How To Make Reporting a Phish So Easy Even Your Busiest Execs Will Do It

Tue, 02/13/2018
Frustrating, isn't it? You design a powerful anti-phishing program, secure funding from your executive board, provide world-class training. You do everything right… Oh, your users are probably spotting phishing emails. After all, they've engaged with the training, and seem to be taking it seriously. But no matter how many times you remind them, they just won't report those phishing emails. ...
The 11 Types of Reported Emails
Blog

The 11 Types of Reported Emails

Thu, 01/18/2018
You receive an email, you are unfamiliar with the sender's name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back. Malicious Versus Benign According to Symantec, 55.5 percent of business emails are considered spam emails, with the average business account getting...
A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
Blog

A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?

Tue, 12/05/2017
The push for more widespread adoption of HTTPS has been in full-force this year as a way to increase the number of websites that securely transmit information on the Internet. In January, both Chrome and Firefox browsers began alerting users whenever sensitive information, such as passwords or credit card information, was entered on a non-HTTPS web page. In October, Google took this a step...
Holiday Phishing Scams Target Job Seekers
Blog

Holiday Phishing Scams Target Job Seekers

Tue, 11/21/2017
'Tis the season for shopping, time spent with friends and family, and preparations to celebrate the holidays. As most of us plan for the coming season, cyber criminals are looking for opportunities to catch victims off guard and steal valuable personal information. People looking to supplement their gift-giving budget with a seasonal holiday job should take a close look at job listings before...
The Impact of Phishing, and Why it Should be Your #1 Priority
Blog

The Impact of Phishing, and Why it Should be Your #1 Priority

Wed, 10/04/2017
Nation states. Hacktivists. Cyber criminals. There are so many players in the modern threat landscape it can be hard to keep up. And the number of threats? Practically too many to count. By the time you’ve secured your organization against password reuse, DDoS, and crimeware attacks, your resources are likely so diminished there’s no point even thinking about what else could be out there. ...
The Mobile Phishing Threat You'll See Very Soon: URL Padding
Blog

The Mobile Phishing Threat You'll See Very Soon: URL Padding

Thu, 06/15/2017
The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret. And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day. An SMS arrived? Better read it straight away. New email? Let me at it. Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to. The...
How to Use URL Pattern Analysis for Phishing Detection Mitigation
Blog

How to Use URL Pattern Analysis for Phishing Detection Mitigation

Fri, 05/05/2017
When you’re attempting to mitigate the risk of phishing, threat intelligence plays a vital role. After all, what better way to predict and intercept future phishing attacks than by analyzing past attacks for patterns and indicators? This post is the second in a series breaking down lessons learned from our recent consumer-focused phishing webinar. In the first post we covered the value of...
How To Build a Powerful Security Operations Center, Part 2: Technical Requirements
Blog

How To Build a Powerful Security Operations Center, Part 2: Technical Requirements

Wed, 04/19/2017
In the last post, we took a look at the logistical and human issues surrounding the setup of a new security operations center (SOC). And while having a mission, the right people, and a physically secure location are all vital to the success of a new SOC, there are many more things to consider before you can jump in and get started. In this post, we’re going to take a closer look at the...
How To Build a Powerful Security Operations Center, Part 1: Motivation Logistics
Blog

How To Build a Powerful Security Operations Center, Part 1: Motivation Logistics

Fri, 04/14/2017
There’s a certain mystique and excitement surrounding the idea of a security operations center. It puts your in mind of a mission control style room, possibly in an underground bunker, where people in uniforms shout orders and spend all their time responding to imminent threats. And in a world where cyber attacks have become a daily reality, and even midsize organizations are forced to...
The Phishing Email that Fooled Thousands of Trained Users
Blog

The Phishing Email that Fooled Thousands of Trained Users

Thu, 03/09/2017
It’s a sobering moment. You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results. But then it happens. Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it. Of course, this isn’t a new story. Threat actors constantly update their...
Phishing with Wildcard DNS Attacks and Pharming
Blog

Phishing with Wildcard DNS Attacks and Pharming

By Jessica Ryan on Fri, 03/03/2017
The cyclical relationship between threat actors and security professionals begins with the creation of a new attack technique, followed by the discovery of that technique by the security community, and then a refashioning of the manner of attack or creation of another novel approach by threat actors. Phishers are always seeking better ways to entice victims into providing their personal and...
Security Awareness Training: A Recipe for Success
Blog

Security Awareness Training: A Recipe for Success

Wed, 01/04/2017
In recent months we’ve written a lot about security awareness and phishing awareness training. It’s an involved topic, clearly, and if you’ve taken away anything we hope it will be this: If you want real, measurable improvements you must test your employees. And when it comes to email security, that means phishing your employees on a regular basis. In this post, we’ll take a deep dive into a...