Blog

Gartner Releases 2020 Hype Cycle for Security Operations
Blog

Gartner Releases 2020 Hype Cycle for Security Operations

By Jessica Ryan on Tue, 07/14/2020
Digital Risk Protection has emerged as a critical new capability for security teams. It protects critical digital assets and data from external threats across surface, dark, and deep web sources. In Gartner's latest Hype Cycle for Security Operations, the author writes “This technology accelerates the breadth and depth of protecting digital assets in an organization by significantly improving...
Spoofed Domains Present Multifaceted, Growing Problems for Enterprises
Blog

Spoofed Domains Present Multifaceted, Growing Problems for Enterprises

Thu, 07/09/2020
Threat actors are increasingly registering new domains to launch malicious campaigns against enterprises. Identifying suspicious domains, as well as monitoring existing ones for changes, is an overwhelming and reactive task for many organizations. In order to minimize the risk spoofed domains pose, security teams must be able to efficiently detect abuse and understand what is required to...
Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites
Blog

Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites

By Jessica Ryan on Tue, 06/16/2020
Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of legitimacy, better mimic the target site in question, and reduce being flagged or blocked from some browsers. Last year, threat actors hit a significant milestone in this usage when more than 50% of phishing sites...
COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims
Blog

COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims

By Jessica Ryan on Tue, 05/05/2020
As job losses grow due to the coronavirus pandemic, cybercriminals are taking advantage of the situation to recruit individuals into money mule scams. Below are two examples that reference work-from-home opportunities. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date...
How Threat Actors are Abusing Coronavirus Uncertainty
Blog

How Threat Actors are Abusing Coronavirus Uncertainty

By Jessica Ryan on Fri, 03/06/2020
By this time, most everyone in the world has heard about COVID-19, a global outbreak that is commonly referred to as the Coronavirus. With growing fear and a lack of information, the stock markets have dropped to lows we haven't seen in years, and organizations everywhere are putting together contingency plans. Like most global events, this scenario creates a perfect opportunity for threat...
Beware of Account Takeover
Blog

Beware of Account Takeover

Tue, 10/15/2019
One way to verify if an email is legitimate is to look at the sender's address, the actual sender's address, not just the sender's name. One tactic cyber criminals employ is using the sender's name to trick the recipients. The cyber criminal may use a known acquaintance's name or the name of a legitimate company they are trying to spoof. This sounds sophisticated, but it is easy to catch when...
Account Takeover Protection
Blog

Threat Actors are Increasing Their Use of Free Hosts

Thu, 07/11/2019
In our continued expansion and exploration of data from this year's annual Phishing Trends and Intelligence report it's time to take a closer look into free hosts. More specifically, the free hosts and domains that threat actors abuse in order to further distribute phishing attacks. While phishing sites that abuse free hosts don't make up the majority, the use of them is increasing dramatically...
Should User Passwords Expire? Microsoft Ends its Policy
Blog

Should User Passwords Expire? Microsoft Ends its Policy

Thu, 06/06/2019
If you have ever worked for an organization that uses Microsoft-based systems, there is a high likelihood that your IT or security team has implemented a policy that occasionally forces you to create a new password. Years ago it was every three months, then every two, and so on. This policy was heavily encouraged by Microsoft, but as of May of this year, they have reversed course. According to...
5 Tips for Smarter Detection and Collection of Digital Risks
Blog

5 Tips for Smarter Detection and Collection of Digital Risks

Tue, 03/26/2019
Recently, our Director of Product Management, Cary Hudgins, discussed how to develop a digital risk protection plan for the modern enterprise. One of the many reasons why such a plan should be created is because, in today's world, an enterprise organization's digital footprint can be vast and will continue to grow. Take for example the average employee who receives an average of 90 emails per...
This message is from a trusted sender, or is it?
Blog

Brain-Hacking Part 2: Ain't Nobody Got Time for That!

Tue, 03/19/2019
Taking Advantage of Our Tendency to Simplify There's an old joke floating around the Internet that claims NASA, upon discovering that standard ballpoint pens would not work in space, invested millions of dollars and years of R&D. The resulting pen was supposedly capable of writing in zero-G, on any surface, and in temperatures that would surely kill any astronaut. When confronted with the same...
Romanian Vishing/SMiShing Threat Actors Plead Guilty
Blog

Romanian Vishing/SMiShing Threat Actors Plead Guilty

Fri, 03/15/2019
In May of 2018, we reported on three Romanian threat actors who were extradited to the U.S. for their involvement in a SMiShing and Vishing fraud scheme. At the time of reporting, the expected losses were listed around $18 million but have since risen to more than $21 million. Between July 12 and October 31, 2011, PhishLabs' analysts detected a number of telephone phishing (known as vishing)...
It Only Takes One to Detect or Infect
Blog

It Only Takes One to Detect or Infect

Tue, 03/05/2019
It's time to take action against phish! Phishing attacks are no longer few and far between, they are the norm. Regardless of your company's investments in filtering technologies and countermeasures, suspicious and malicious emails make it into employee inboxes. It only takes one to cost your company time, money, and lost reputation. Unfortunately, even with traditional security awareness...
This message is from a trusted sender, or is it?
Blog

This message is from a trusted sender, or is it?

Tue, 02/26/2019
We've previously reported on how, due to the rise in phishing attempts leveraging SSL certificates, the icon in your web browser gives your users a false sense of security. The threat, however, doesn't end with your web browser. Although first observed as early as 2016, PhishLabs analysts have observed a dramatic uptick in the imitation of flags, banners, and other markup used by applications...
Brain-hacking: Why Social Engineering Is So Effective
Blog

Brain-hacking: Why Social Engineering Is So Effective

By Jessica Ryan on Tue, 02/19/2019
You are affected by social engineering tactics every day. Okay, let me explain. From an information security standpoint, Wikipedia says that social engineering is the psychological manipulation of people into performing actions or divulging confidential information[1]. That's true, but social engineering isn't limited to information security; it's something we all experience, every day. In...
Social Risk Monitoring: All Press Good Press?
Blog

Social Risk Monitoring: All Press Good Press?

Fri, 01/04/2019
It happens on a daily basis, it's even likely that at some point it happened to you: social media account takeovers. A quick Google search shows a new batch of celebrities, politicians, companies, and other high profile users becoming the victim of account takeovers on a weekly basis. It's concerning, it can cause a ruckus, and depending on what happened after the fact it can even cause damage...
The Light in the Dark: Myths and Truths about the Dark Web
Blog

The Light in the Dark: Myths and Truths about the Dark Web

Tue, 09/11/2018
There are many misconceptions about the dark web and what goes on in the digital underground. Though the dark web is usually associated with criminal activities including drug dealing, human trafficking, selling counterfeit consumer goods and many other malicious acts, not everything in the dark web is completely dark. Many questions are frequently asked about the dark web and to further...
Geolocation Tracking Poses Risks to Your Employees
Blog

Geolocation Tracking Poses Risks to Your Employees

Tue, 08/21/2018
Exposing your geolocation information publicly can lead to increased personal and business risk. This is particularly important to note in the wake of Google's location tracking, even if you explicitly told them not to. It is remarkable how freely we tell the world one of the most important things about ourselves: where we are. The everyday use of geotagging and geolocation data has enabled many...
Adwind Remote Access Trojan Still Going Strong
Blog

Using Reported Phish to Hunt Threats

Tue, 07/10/2018
Reported phishing emails are useful for plenty of reasons. They help you measure cyber risk, study common attack trends, and even provide inspiration for your own phishing simulations. One of the security functions that benefit most from reported phishing emails is threat hunting, the process of identifying threats quickly so they can be contained before any major damage is done. Reported...
WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017
Blog

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Tue, 05/08/2018
Ransomware. The word strikes fear into the hearts of hospital administrators, local government officers, and small business owners everywhere. After exploding in 2016, ransomware has been covered extensively by media outlets and security experts, to the point where most organizations have started to take at least some action to mitigate their exposure. But have these efforts had any impact?...
Blog

Silent Librarian: More to the Story of the IranianMabna Institute Indictment

By Jessica Ryan on Mon, 03/26/2018
Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The...