Resources

Low Appetite for Long Security Training? Use a Bite Sized Approach
Blog

Low Appetite for Long Security Training? Use a Bite Sized Approach

Tue, 08/13/2019
Although computer-based training has been on the scene for over two decades, it is only recently that learning professionals have begun to optimize it. Often these courses present hours of content in a single learning experience. While the flexibility of computer-based training offers convenience, learners are often overloaded and overwhelmed by the amount of information presented to them. ...
Account Takeover Protection
Press Release

PhishLabs Recognized in 2019 Gartner Magic Quadrant for Security Awareness Computer-Based Training

Charleston, S.C., July 25, 2019 — Today, PhishLabs announced it has been recognized by Gartner in the July 2019 Magic Quadrant for Security Awareness Computer-Based Training. PhishLabs is the only vendor in Gartner’s current Magic Quadrant for Security Awareness Computer-Based Training evaluation that delivers security awareness training exclusively as a managed service. “We believe being...
Phishing Number One Cause of Data Breaches: Lessons from Verizon DBIR
Blog

Phishing Number One Cause of Data Breaches: Lessons from Verizon DBIR

By Jessica Ryan on Thu, 06/27/2019
In the cyber security world, few research reports are more widely respected than Verizon's annual Data Breach Investigations Report (DBIR). The DBIR—which is based on data from publicly disclosed security incidents, Verizon's Threat Research Advisory Center, and dozens of industry contributors—is one of the most detailed and comprehensive reports available to the security community. So when...
Blog

More Than Half of Phishing Sites Now Use HTTPS

By Jessica Ryan on Thu, 06/20/2019
As more of the web further embrace HTTPS and SSL certs, it's becoming a requirement that threat actors use it, too. By the end of Q1 2019, more than half of all phishing sites have employed the use of HTTPS, now up to 58%. This is a major milestone and shows that threat actors actions often mirror that of the majority of users. “In Q1 2019, 58 percent of phishing sites were using SSL...
6/13 Webinar: Handling Threats That Land in User Inboxes
Blog

6/13 Webinar: Handling Threats That Land in User Inboxes

Tue, 06/04/2019
The risk of a user receiving a phishing attack is higher than ever, and technological solutions often miss the most devastating of them. Though technology is both an important and required component in protecting the enterprise, security teams need to remain vigilant and educated on quickly identifying threats which make it past technology. This includes the latest social engineering...
Blog

These Are the Top Most Targeted Countries by Phishing Attacks

By Jessica Ryan on Thu, 05/23/2019
The United States is once again, and for the foreseeable future, the most targeted country by threat actors' phishing attacks. Making up an astonishing 84% of all phishing volume, the U.S. saw a single percent decline from 85% last year. But... While this sounds like a positive, the number of attacks went up by more than 60,000 in 2018. By comparison, the number of attacks in 2017 only went up...
The Most Common Types of Reported Emails
Blog

The Most Common Types of Reported Emails

Thu, 04/25/2019
There are all sorts of things that end up in your inbox, but among those that are reported to a SOC or security team, malicious content only makes up a small percent. Among the analysis provided in this year's annual Phishing Trends and Intelligence (PTI) report, we added a new section based on data from our Phishing Incident Response team. The data analysis resulted in a detailed breakdown of...
Press Release

Over 80% of All Phishing Attacks Targeted U.S. Organizations

Originally published in BLEEPINGCOMPUTER Excerpt: "U.S. entities remained the most attractive targets of phishing attacks throughout 2018, with an estimated 84% of the total volume of millions of incidents analyzed during the last year by threat intelligence company PhishLabs." Read the full article here. ...
Hiding in Plain Sight: How Phishing Attacks are Evolving
Blog

Hiding in Plain Sight: How Phishing Attacks are Evolving

Thu, 02/07/2019
Phishing attacks are supposed to be visible. If you can't see them, how could anyone possibly fall for them? Since the dawning of time for phishing attacks there has been a constant struggle between the threat actors creating phishing sites and the individuals and organizations combating them. This has caused phishing attacks to evolve in to more complicated and stealthy traps over time....
How to Cut Healthcare Cyber Incidents by 80 Percent
Blog

How to Cut Healthcare Cyber Incidents by 80 Percent

Thu, 01/31/2019
Healthcare data breaches are among the most costly of any industry, and phishing attacks are the number one cause. Security technologies, while essential, are not enough to mitigate the threat posed by phishing. Over 90 percent of data breaches contain a phishing component, and the average cost to remediate a data breach is $3.86 million. However, the silver lining is that with an effective...
Less Than 3 Percent of ‘Collection #1' Data Dump Passwords are Unique
Blog

Less Than 3 Percent of ‘Collection #1' Data Dump Passwords are Unique

Wed, 01/23/2019
This month the largest recorded data dump in history, 87GB filled with passwords and user credentials, was made available. Dubbed Collection #1 consists of 1,160,253,228 unique combinations of email addresses and passwords. Though historic, there are two positive notes regarding this information: The first is that this data set was circulated on hacking forums back in December of 2018 and is...
Users Failing Phishing Simulations? That's ok
Blog

Users Failing Phishing Simulations? That's ok

Thu, 11/29/2018
Phishing simulations come with a range of emotions for the users who interact with them. Some will simply ignore them, others may fail by clicking on a link or attachment, and for the well-trained, they may even report them. Even if there is a negative outcome, training leads and organizations should not be worried, yet. Just like in school, these simulations are just that, simulations or...
Phishing 101: Targeted Phishing Attacks
Blog

Phishing 101: Targeted Phishing Attacks

Wed, 09/05/2018
The most likely way that you will be compromised online is through a simple phish or a socially engineered attack. Today, these two techniques are often combined to create an even more threatening attack, an intelligently targeted phish. Thanks to the wealth of information that we all leave behind us as we use the Internet, it is easier than ever for a social engineer to learn our name,...
How To Change Security Behaviors: Information Security
Blog

How To Change Security Behaviors: Information Security

Thu, 06/28/2018
Let's be honest, employees make mistakes. And sometimes those mistakes have catastrophic consequences. Everybody has heard stories about people accidentally leaving an unencrypted work laptop on the train, or on the seat of their car. Heck, on a busy day we could even imagine ourselves doing it. But with industry regulators finally starting to find their teeth — and the GDPR is now in full...
WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017
Blog

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Tue, 05/08/2018
Ransomware. The word strikes fear into the hearts of hospital administrators, local government officers, and small business owners everywhere. After exploding in 2016, ransomware has been covered extensively by media outlets and security experts, to the point where most organizations have started to take at least some action to mitigate their exposure. But have these efforts had any impact?...
6 Steps to Quickly Defang Reported Phishing Emails
Blog

6 Steps to Quickly Defang Reported Phishing Emails

Thu, 05/03/2018
So here it is… the first one you've received. Everything has been building up to this. You spent days preparing the business case, weeks designing the training program… and it's finally paid off. The first user-reported phishing email has hit your inbox. Now… what should you do with it? Time is of the Essence Reported phishing emails are good for a lot of reasons. For starters, they can...
Blog

How To Make Reporting a Phish So Easy Even Your Busiest Execs Will Do It

Tue, 02/13/2018
Frustrating, isn't it? You design a powerful anti-phishing program, secure funding from your executive board, provide world-class training. You do everything right… Oh, your users are probably spotting phishing emails. After all, they've engaged with the training, and seem to be taking it seriously. But no matter how many times you remind them, they just won't report those phishing emails. ...
The 11 Types of Reported Emails
Blog

The 11 Types of Reported Emails

Thu, 01/18/2018
You receive an email, you are unfamiliar with the sender's name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back. Malicious Versus Benign According to Symantec, 55.5 percent of business emails are considered spam emails, with the average business account getting...
A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
Blog

A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?

Tue, 12/05/2017
The push for more widespread adoption of HTTPS has been in full-force this year as a way to increase the number of websites that securely transmit information on the Internet. In January, both Chrome and Firefox browsers began alerting users whenever sensitive information, such as passwords or credit card information, was entered on a non-HTTPS web page. In October, Google took this a step...
Holiday Phishing Scams Target Job Seekers
Blog

Holiday Phishing Scams Target Job Seekers

Tue, 11/21/2017
'Tis the season for shopping, time spent with friends and family, and preparations to celebrate the holidays. As most of us plan for the coming season, cyber criminals are looking for opportunities to catch victims off guard and steal valuable personal information. People looking to supplement their gift-giving budget with a seasonal holiday job should take a close look at job listings before...