In order to increase the lifespan of their campaigns, most threat actors implement evasion techniques to keep their activity from being detected by defenders and their intelligence tools. In this blog post, we'll take a look at how geoblocking by IP is used. Geoblocking by IP takes advantage of the victim's location. It is often used on sites hosting malicious content to limit the exposure...

Social media account compromise is nothing new. If you haven't had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix, almost two-thirds of US adults have had at least one social media account hacked. Another report found that 53% of social media logins are fraudulent. But what's the big deal? Your account gets hacked, you...

On August 30, Twitter CEO Jack Dorsey became the most notable victim of one of the fastest-growing cyber threats: SIM Swapping. SIM Swap Attacks are increasing because they only require social engineering and access to a SIM card, which makes it another form of phishing. You can find our definition of phishing here. In a few words, it isn't that difficult. What is SIM Swapping? SIM...

On a daily basis, most people will use some form of social media. From checking photos of your friends and pets, to communicating with coworkers and loved ones, social media is a large part of the connected world. Unfortunately, this also means that the more social media is used, the more likely that threat actors will try to exploit it. Join us on February 6, at 3 PM ET, as we discuss how...

Every day our teams analyze millions of phish across the web, detected through emails, social media, text messages, and most other common digital vectors. Many phishing sites are easy to review and analyze. However, some threat actors that we track take steps to hide their attacks from people other than their intended victims. This is a defense mechanism that makes it harder to analyze their...

Every second, 5,787 tweets are published. Every minute, 300 hours of video are uploaded to YouTube. These are just two of the more popular social networks, and among these data points are the occasional references to a specific organization, its brands, and even customers or employees. For many, these brands have a marketing, communications, or even customer service team dedicated to...

PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign. In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains - an educational institution for example - not belonging to Microsoft. If the victim clicked the link, they...

This week, APWG released its findings from Q3 that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show that phishing attacks continued to rise throughout the year, 40% of BEC attacks involve domains registered by the threat actor, and now more than two-thirds of all phishing sites are using SSL certs or...

At the height of social media adoption, users willingly shared everything from the lunch they just ate to the exact places they visited throughout the day. While some of this has been reduced as consumers learned how sharing private information could impact their privacy, many people still hide these kinds of updates behind basic security controls. This is just one of the reasons that a flurry of...

This year organizations are estimated to have spent more than $124 billion on security, yet phishing attacks continue to bypass email security technology. Is it possible to proactively stop threats that would otherwise make it past your infrastructure? If you attended our most recent webinar, you know the answer is yes. Before we get into the how, our host and Director of Product Management,...

In the past 48 hours, PhishLabs has identified and successfully thwarted a sophisticated phishing campaign targeting the Office 365 credentials of high-value targets. This campaign is still active, and security teams should familiarize themselves with the tactics, indicators, and remain vigilant. In these attacks, the threat actor(s) is posing as private equity firms submitting non-disclosure...

This week APWG released its findings from Q2 of this year that compiles insights from their member companies and provides an analysis of how phishing is changing. This quarter's report shows that phishing attacks continue to increase, both SaaS and email service providers are prime targets, BEC attacks are focused on getting gift cards, and more than half of phishing sites continue to abuse...

This week, the Department of Justice for the U.S. Attorney's Office for the Northern District of Georgia announced the final of three sentences to be carried out by cybercriminals that plead guilty to carrying out phishing campaigns involving vishing and SMiShing. I'm proud to say that the apprehension and conviction of these criminals was supported in part by intelligence PhishLabs provided in...

Defining phishing is simple, right? Not exactly. With more than 18,400,000 results appearing on Google when trying to find the definition there is a lot for you to choose from. Even Wikipedia has its own version, which may be more accurate, but still misses a few key elements. As a company, PhishLabs has seen the scope of how phishing is changing since first being named, which is why it's time...

Each year new phishing techniques result in more attacks successfully landing in user inboxes. In most cases, threat actors are no different than anyone else, and follow the hottest trends in an effort to be more relevant. During tax season they may push out tax scams, during elections they may push bogus political-inspired healthcare emails, and there are even Game of Thrones inspired...

In this year's annual Phishing Trends and Intelligence report we identified phishing sites targeting more than 1,200 different brands belonging to 773 parent institutions. Of the top five targeted industries, they accounted for 83.9% of total phishing volume. There are two big takeaways from this finding: financial institutions are back on top, and each industry is still at risk. Through our...

Phishing has and will continue to be a threat to anyone connected to the web. This is a fact set in stone, and regardless of advancements in technology, social engineering will allow these attacks to continue to be successful. Today, we are releasing our latest version of the annual Phishing Trends and Intelligence report. Using data collected from millions of social engineering attacks...

We've recently noticed two significant changes in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of Chinese characters to encode the C2 strings (in addition to base64 encoding). The second is the use of Telegram Messenger in addition to Twitter for communicating C2 URLs. Previously reported by PhishLabs, the criminals behind BankBot...