Defining phishing is simple, right? Not exactly. With more than 18,400,000 results appearing on Google when trying to find the definition there is a lot for you to choose from. Even Wikipedia has its own version, which may be more accurate, but still misses a few key elements. As a company, PhishLabs has seen the scope of how phishing is changing since first being named, which is why it's time...

The risk of a user receiving a phishing attack is higher than ever, and technological solutions often miss the most devastating of them. Though technology is both an important and required component in protecting the enterprise, security teams need to remain vigilant and educated on quickly identifying threats which make it past technology. This includes the latest social engineering...

In this year's annual Phishing Trends and Intelligence report we identified phishing sites targeting more than 1,200 different brands belonging to 773 parent institutions. Of the top five targeted industries, they accounted for 83.9% of total phishing volume. There are two big takeaways from this finding: financial institutions are back on top, and each industry is still at risk. Through our...

There are all sorts of things that end up in your inbox, but among those that are reported to a SOC or security team, malicious content only makes up a small percent. Among the analysis provided in this year's annual Phishing Trends and Intelligence (PTI) report, we added a new section based on data from our Phishing Incident Response team. The data analysis resulted in a detailed breakdown of...

Phishing has and will continue to be a threat to anyone connected to the web. This is a fact set in stone, and regardless of advancements in technology, social engineering will allow these attacks to continue to be successful. Today, we are releasing our latest version of the annual Phishing Trends and Intelligence report. Using data collected from millions of social engineering attacks...

Phishing attacks are supposed to be visible. If you can't see them, how could anyone possibly fall for them? Since the dawning of time for phishing attacks there has been a constant struggle between the threat actors creating phishing sites and the individuals and organizations combating them. This has caused phishing attacks to evolve in to more complicated and stealthy traps over time....

Healthcare data breaches are among the most costly of any industry, and phishing attacks are the number one cause. Security technologies, while essential, are not enough to mitigate the threat posed by phishing. Over 90 percent of data breaches contain a phishing component, and the average cost to remediate a data breach is $3.86 million. However, the silver lining is that with an effective...

We've recently noticed two significant changes in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of Chinese characters to encode the C2 strings (in addition to base64 encoding). The second is the use of Telegram Messenger in addition to Twitter for communicating C2 URLs. Previously reported by PhishLabs, the criminals behind BankBot...

This month the largest recorded data dump in history, 87GB filled with passwords and user credentials, was made available. Dubbed Collection #1 consists of 1,160,253,228 unique combinations of email addresses and passwords. Though historic, there are two positive notes regarding this information: The first is that this data set was circulated on hacking forums back in December of 2018 and is...

Phishing simulations come with a range of emotions for the users who interact with them. Some will simply ignore them, others may fail by clicking on a link or attachment, and for the well-trained, they may even report them. Even if there is a negative outcome, training leads and organizations should not be worried, yet. Just like in school, these simulations are just that, simulations or...

The most likely way that you will be compromised online is through a simple phish or a socially engineered attack. Today, these two techniques are often combined to create an even more threatening attack, an intelligently targeted phish. Thanks to the wealth of information that we all leave behind us as we use the Internet, it is easier than ever for a social engineer to learn our name,...

In the Oscar-winning movie The Sting, Harry Gondorff (played by Paul Newman) explains to his apprentice Johnny Hooker (Robert Redford) that the con that they set up must be so convincing that their mark, Doyle Lonnegan (Robert Shaw) won't even realize that he's been taken. Today, Gondorff and Hooker might not have needed to use a past-posting scheme to con Lonnegan. Instead they might have...

Let's be honest, employees make mistakes. And sometimes those mistakes have catastrophic consequences. Everybody has heard stories about people accidentally leaving an unencrypted work laptop on the train, or on the seat of their car. Heck, on a busy day we could even imagine ourselves doing it. But with industry regulators finally starting to find their teeth — and the GDPR is now in full...