Social media account compromise is nothing new. If you haven't had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix, almost two-thirds of US adults have had at least one social media account hacked. Another report found that 53% of social media logins are fraudulent. But what's the big deal? Your account gets hacked, you...

On August 30, Twitter CEO Jack Dorsey became the most notable victim of one of the fastest-growing cyber threats: SIM Swapping. SIM Swap Attacks are increasing because they only require social engineering and access to a SIM card, which makes it another form of phishing. You can find our definition of phishing here. In a few words, it isn't that difficult. What is SIM Swapping? SIM...

On a daily basis, most people will use some form of social media. From checking photos of your friends and pets, to communicating with coworkers and loved ones, social media is a large part of the connected world. Unfortunately, this also means that the more social media is used, the more likely that threat actors will try to exploit it. Join us on February 6, at 3 PM ET, as we discuss how...

Today's marketing organization uses countless SaaS-based tools and platforms that live outside of an organization's network. As their digital footprint grows, so does their potential for digital risks targeting their enterprise, brands, and customers. Even if they don't join the latest social media platform, in most cases there are not proper online brand protections in place to ensure...

Social media is undoubtedly a huge asset to modern organizations. It helps them spread their message, promote their products and services, and communicate directly with customers, and users. Along with those benefits, social media also presents a unique threat. Never before has it been so easy for threat actors to abuse the trust built up by an organization, damage its reputation, profit...

PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign. In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains - an educational institution for example - not belonging to Microsoft. If the victim clicked the link, they...

This week, APWG released its findings from Q3 that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show that phishing attacks continued to rise throughout the year, 40% of BEC attacks involve domains registered by the threat actor, and now more than two-thirds of all phishing sites are using SSL certs or...

At the height of social media adoption, users willingly shared everything from the lunch they just ate to the exact places they visited throughout the day. While some of this has been reduced as consumers learned how sharing private information could impact their privacy, many people still hide these kinds of updates behind basic security controls. This is just one of the reasons that a flurry of...

This year organizations are estimated to have spent more than $124 billion on security, yet phishing attacks continue to bypass email security technology. Is it possible to proactively stop threats that would otherwise make it past your infrastructure? If you attended our most recent webinar, you know the answer is yes. Before we get into the how, our host and Director of Product Management,...

Social media-based phishing attacks have taken off in a big way. According to some estimates, social media now accounts for as much as 5% of all phishing attacks globally. When you consider that phishing volume has grown consistently every year for more than a decade (up 40% last year alone), that 5% constitutes a lot of attacks. This increase is no coincidence. Social media phishing attacks...

In the past 48 hours, PhishLabs has identified and successfully thwarted a sophisticated phishing campaign targeting the Office 365 credentials of high-value targets. This campaign is still active, and security teams should familiarize themselves with the tactics, indicators, and remain vigilant. In these attacks, the threat actor(s) is posing as private equity firms submitting non-disclosure...

This week APWG released its findings from Q2 of this year that compiles insights from their member companies and provides an analysis of how phishing is changing. This quarter's report shows that phishing attacks continue to increase, both SaaS and email service providers are prime targets, BEC attacks are focused on getting gift cards, and more than half of phishing sites continue to abuse...

On a daily basis, around 42% of the global population, or 3.2 billion people, uses some form of social media. Of that number, people spend a daily average of 2.2 hours on these networks, too. These two numbers are exactly why threat actors continue to flock to social media to abuse them for phishing purposes; however, there is far more to this story. Phishing threats extend well beyond Twitter,...

Today, social media is a daily medium for communication for much of the modern world, and adoption only continues to grow. Because of this, much like how threat actors started to target mobile users, they have begun to abuse social media, too. While marketing teams have been known to monitor social media to protect their brand and communicate on their behalf, they are not equipped to handle...

This week, the Department of Justice for the U.S. Attorney's Office for the Northern District of Georgia announced the final of three sentences to be carried out by cybercriminals that plead guilty to carrying out phishing campaigns involving vishing and SMiShing. I'm proud to say that the apprehension and conviction of these criminals was supported in part by intelligence PhishLabs provided in...

Defining phishing is simple, right? Not exactly. With more than 18,400,000 results appearing on Google when trying to find the definition there is a lot for you to choose from. Even Wikipedia has its own version, which may be more accurate, but still misses a few key elements. As a company, PhishLabs has seen the scope of how phishing is changing since first being named, which is why it's time...

In this year's annual Phishing Trends and Intelligence report we identified phishing sites targeting more than 1,200 different brands belonging to 773 parent institutions. Of the top five targeted industries, they accounted for 83.9% of total phishing volume. There are two big takeaways from this finding: financial institutions are back on top, and each industry is still at risk. Through our...

Phishing has and will continue to be a threat to anyone connected to the web. This is a fact set in stone, and regardless of advancements in technology, social engineering will allow these attacks to continue to be successful. Today, we are releasing our latest version of the annual Phishing Trends and Intelligence report. Using data collected from millions of social engineering attacks...