Blog

Beware of Account Takeover
Blog

Beware of Account Takeover

Tue, 10/15/2019
One way to verify if an email is legitimate is to look at the sender's address, the actual sender's address, not just the sender's name. One tactic cyber criminals employ is using the sender's name to trick the recipients. The cyber criminal may use a known acquaintance's name or the name of a legitimate company they are trying to spoof. This sounds sophisticated, but it is easy to catch when...
Account Takeover Protection
Blog

Threat Actors are Increasing Their Use of Free Hosts

Thu, 07/11/2019
In our continued expansion and exploration of data from this year's annual Phishing Trends and Intelligence report it's time to take a closer look into free hosts. More specifically, the free hosts and domains that threat actors abuse in order to further distribute phishing attacks. While phishing sites that abuse free hosts don't make up the majority, the use of them is increasing dramatically...
Should User Passwords Expire? Microsoft Ends its Policy
Blog

Should User Passwords Expire? Microsoft Ends its Policy

Thu, 06/06/2019
If you have ever worked for an organization that uses Microsoft-based systems, there is a high likelihood that your IT or security team has implemented a policy that occasionally forces you to create a new password. Years ago it was every three months, then every two, and so on. This policy was heavily encouraged by Microsoft, but as of May of this year, they have reversed course. According to...
5 Tips for Smarter Detection and Collection of Digital Risks
Blog

5 Tips for Smarter Detection and Collection of Digital Risks

Tue, 03/26/2019
Recently, our Director of Product Management, Cary Hudgins, discussed how to develop a digital risk protection plan for the modern enterprise. One of the many reasons why such a plan should be created is because, in today's world, an enterprise organization's digital footprint can be vast and will continue to grow. Take for example the average employee who receives an average of 90 emails per...
This message is from a trusted sender, or is it?
Blog

Brain-Hacking Part 2: Ain't Nobody Got Time for That!

Tue, 03/19/2019
Taking Advantage of Our Tendency to Simplify There's an old joke floating around the Internet that claims NASA, upon discovering that standard ballpoint pens would not work in space, invested millions of dollars and years of R&D. The resulting pen was supposedly capable of writing in zero-G, on any surface, and in temperatures that would surely kill any astronaut. When confronted with the same...
Romanian Vishing/SMiShing Threat Actors Plead Guilty
Blog

Romanian Vishing/SMiShing Threat Actors Plead Guilty

Fri, 03/15/2019
In May of 2018, we reported on three Romanian threat actors who were extradited to the U.S. for their involvement in a SMiShing and Vishing fraud scheme. At the time of reporting, the expected losses were listed around $18 million but have since risen to more than $21 million. Between July 12 and October 31, 2011, PhishLabs' analysts detected a number of telephone phishing (known as vishing)...
It Only Takes One to Detect or Infect
Blog

It Only Takes One to Detect or Infect

Tue, 03/05/2019
It's time to take action against phish! Phishing attacks are no longer few and far between, they are the norm. Regardless of your company's investments in filtering technologies and countermeasures, suspicious and malicious emails make it into employee inboxes. It only takes one to cost your company time, money, and lost reputation. Unfortunately, even with traditional security awareness...
This message is from a trusted sender, or is it?
Blog

This message is from a trusted sender, or is it?

Tue, 02/26/2019
We've previously reported on how, due to the rise in phishing attempts leveraging SSL certificates, the icon in your web browser gives your users a false sense of security. The threat, however, doesn't end with your web browser. Although first observed as early as 2016, PhishLabs analysts have observed a dramatic uptick in the imitation of flags, banners, and other markup used by applications...
Brain-hacking: Why Social Engineering Is So Effective
Blog

Brain-hacking: Why Social Engineering Is So Effective

By Jessica Ryan on Tue, 02/19/2019
You are affected by social engineering tactics every day. Okay, let me explain. From an information security standpoint, Wikipedia says that social engineering is the psychological manipulation of people into performing actions or divulging confidential information[1]. That's true, but social engineering isn't limited to information security; it's something we all experience, every day. In...
Social Risk Monitoring: All Press Good Press?
Blog

Social Risk Monitoring: All Press Good Press?

Fri, 01/04/2019
It happens on a daily basis, it's even likely that at some point it happened to you: social media account takeovers. A quick Google search shows a new batch of celebrities, politicians, companies, and other high profile users becoming the victim of account takeovers on a weekly basis. It's concerning, it can cause a ruckus, and depending on what happened after the fact it can even cause damage...
Geolocation Tracking Poses Risks to Your Employees
Blog

Geolocation Tracking Poses Risks to Your Employees

Tue, 08/21/2018
Exposing your geolocation information publicly can lead to increased personal and business risk. This is particularly important to note in the wake of Google's location tracking, even if you explicitly told them not to. It is remarkable how freely we tell the world one of the most important things about ourselves: where we are. The everyday use of geotagging and geolocation data has enabled many...
Adwind Remote Access Trojan Still Going Strong
Blog

Using Reported Phish to Hunt Threats

Tue, 07/10/2018
Reported phishing emails are useful for plenty of reasons. They help you measure cyber risk, study common attack trends, and even provide inspiration for your own phishing simulations. One of the security functions that benefit most from reported phishing emails is threat hunting, the process of identifying threats quickly so they can be contained before any major damage is done. Reported...
WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017
Blog

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Tue, 05/08/2018
Ransomware. The word strikes fear into the hearts of hospital administrators, local government officers, and small business owners everywhere. After exploding in 2016, ransomware has been covered extensively by media outlets and security experts, to the point where most organizations have started to take at least some action to mitigate their exposure. But have these efforts had any impact?...
Blog

Silent Librarian: More to the Story of the IranianMabna Institute Indictment

By Jessica Ryan on Mon, 03/26/2018
Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The...
How To Build a Powerful Security Operations Center, Part 2: Technical Requirements
Blog

How To Build a Powerful Security Operations Center, Part 2: Technical Requirements

Wed, 04/19/2017
In the last post, we took a look at the logistical and human issues surrounding the setup of a new security operations center (SOC). And while having a mission, the right people, and a physically secure location are all vital to the success of a new SOC, there are many more things to consider before you can jump in and get started. In this post, we’re going to take a closer look at the...
How To Build a Powerful Security Operations Center, Part 1: Motivation Logistics
Blog

How To Build a Powerful Security Operations Center, Part 1: Motivation Logistics

Fri, 04/14/2017
There’s a certain mystique and excitement surrounding the idea of a security operations center. It puts your in mind of a mission control style room, possibly in an underground bunker, where people in uniforms shout orders and spend all their time responding to imminent threats. And in a world where cyber attacks have become a daily reality, and even midsize organizations are forced to...
Blog

“Your ACH Transaction” Spam Leads to Malware

Thu, 02/24/2011
PhishLabs has discovered a new malware campaign which appears to be an alert from NACHA regarding a failed ACH transaction. If a vulnerable user clicks the enclosed link, they will be infected with malware. Users receive an email message which appears as follows: From: [email protected] [mailto:[email protected]] Sent: Thursday, February 24, 2011 9:47 AM To: Denise Muns Subject: Your ACH transaction The...