Resources

New Quarterly Threat Trends Intelligence Report Now Available
Blog

New Quarterly Threat Trends Intelligence Report Now Available

Tue, 08/17/2021
Phishing volume in 2021 continues to outpace last year by 22%, according to PhishLabs Quarterly Threat Trends & Intelligence Report. The August 2021 report uses data from hundreds of thousands of attacks analyzed and mitigated by PhishLabs to identify the most recent top threats targeting brands and determine emerging trends throughout the threat landscape. Key Findings of the Quarterly Threat...
OSINT: How Usernames Unlock Investigations
Blog

OSINT: How Usernames Unlock Investigations

Tue, 08/10/2021
One piece of evidence that adds value to investigating social media threats is the threat actor’s chosen username. Usernames can hold meaning to the individual, and as a result provide useful information when expanding investigations to different social platforms. As we covered in our last OSINT post, connecting all known social media accounts to one user is a critical step in determining risk,...
Threat Evasion Techniques: Restricting by Interaction
Blog

Threat Evasion Techniques: Restricting by Interaction

Mon, 08/02/2021
Threat actors improve the resiliency of phishing campaigns by concealing malicious content from security teams. Avoiding detection increases an attacker’s odds of reaching more victims and achieving a more lucrative outcome. There are many types of evasion techniques that can be used individually or in tandem. In this post we discuss active evasion, restricting by interaction. Restricting by...
Account Takeover Protection
On-Demand Webinar

What Threat Actors Don’t Want You to Know: Active Evasion Techniques

Cybercriminals constantly evolve their tactics to evade detection. This is especially true for phishing campaigns. Threat actors frequently use new techniques to make phishing sites more difficult to detect, leading to more stolen credentials and greater fraud losses. In this 30-minute session, PhishLabs will detail the top techniques cybercriminals use to keep phishing sites under the radar and...
External Data Leaks
Breaking Down Phishing Site TLDs and Certificate Abuse in Q1
Blog

Breaking Down Phishing Site TLDs and Certificate Abuse in Q1

Thu, 06/24/2021
Cybercriminals continue to heavily abuse domains to launch phishing attacks. PhishLabs’ analysis of Q1 phishing attacks has found that: 96% used Legacy Generic (gTLD) or Country Code (ccTLD) Top-level Domains Almost 83% abused HTTPS Domain Validated (DV) Certificates were used 94.5% of the time For this analysis, PhishLabs looked at three categories of TLDs: Legacy gTLDs, ccTLDs,...
62% of Phishing Sites Abuse Free Tools or Services
Blog

62% of Phishing Sites Abuse Free Tools or Services

Thu, 06/17/2021
In Q1, PhishLabs analyzed hundreds of thousands of phishing attacks and found more than 62% abused legitimate no-cost tools or services. >> Access the Report In this post, we take a look at findings from our Q1 Threat Trends and Intelligence Report and review the free services that were most commonly abused to stage phishing sites. Methods of Staging Phishing Sites ...
Press Release

PhishLabs Releases Q1 Threat Trends & Intelligence Report

Phishing Attacks Increase 47% in Q1 May 26, 2021, Charleston, SC – PhishLabs, the leading provider of Digital Risk Protection solutions, today released their Q1 Threat Trends & Intelligence Report. PhishLabs analyzed and mitigated hundreds of thousands of attacks targeting enterprise brands and employees in the first quarter of 2021. The report uses data from those attacks to determine key trends...
Q1 2021 Threat Trends Intelligence Report
Blog

Q1 2021 Threat Trends Intelligence Report

By Jessica Ryan on Wed, 05/26/2021
Phishing attacks in Q1 have increased 47% compared to last year, according to PhishLabs newly released Q1 2021 Threat Trends & Intelligence Report. The report uses data collected from hundreds of thousands of attacks analyzed and mitigated by PhishLabs in Q1 to identify top threats targeting enterprise brands, and determine emerging trends throughout the threat landscape. Key findings of...
Top 4 Digital Brand Threats
Blog

Top 4 Digital Brand Threats

By Jessica Ryan on Fri, 05/21/2021
Threat actors routinely impersonate brands as part of their attacks. Brand abuse can occur anywhere online, and impersonating a reputable company automatically gives credibility to a threat that might otherwise be instantly identified as suspicious. Because brand impersonation is so broadly used across the threat landscape, security teams need to have complete visibility into the top brand...
Most Phishing Attacks Use Compromised Domains and Free Hosting
Blog

Most Phishing Attacks Use Compromised Domains and Free Hosting

By Jessica Ryan on Wed, 03/24/2021
To stage a phishing site, cybercriminals have several options. They can use a legitimate domain that has been compromised, they can abuse free hosting services, or they can register their own domain. Understanding the prevalence of each scenario is fundamental to detecting and mitigating these threats as early in the attack process as possible (including before they've been launched). PhishLabs...
Look-alike Domain Mitigation: Breaking Down the Steps
Blog

Look-alike Domain Mitigation: Breaking Down the Steps

By Jessica Ryan on Mon, 12/21/2020
Look-alike domains remain some of the most consistent elements of cyber attacks targeting organizations. At a high-level, there are two ways to mitigate the threat of a look-alike domain: remove the threat completely by taking it offline, or block attacks on your users by implementing IT security controls. If we dissect the construction of a look-alike domain, we see where each step in its...
The Anatomy of a Look-alike Domain Attack
Blog

The Anatomy of a Look-alike Domain Attack

By Jessica Ryan on Fri, 12/11/2020
Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable brands and make a profit. These domains are used for a variety of attacks including phishing emails, fraudulent websites, web traffic diversion, and malware delivery. Look-alike domains are intentionally misleading to give customers the false impression that they're interacting with trusted...
The Year In Review: How COVID-19 Has Changed Cyber Security
Blog

The Year In Review: How COVID-19 Has Changed Cyber Security

By Jessica Ryan on Tue, 12/08/2020
The novel coronavirus has dominated 2020, and in the cyber community, threat actors have capitalized on its impact from the beginning. In early March we saw the first of what would be an onslaught of criminal activity using the pandemic to manipulate users, and over the course of the year these attacks have been modified to reflect local and global fallout. The coronavirus has not only...
APWG Q3 Report:Four Out of Five Criminals Prefer HTTPS
Blog

APWG Q3 Report:Four Out of Five Criminals Prefer HTTPS

Thu, 12/03/2020
The Anti-Phishing Working Group (APWG), known for its collaborative analysis of phishing attacks and identify theft techniques, has released its Phishing Activity Trends Report for Q3 of 2020. Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general...
Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks
Blog

Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

By Jessica Ryan on Tue, 12/01/2020
Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of its diverse range of...
What is a Look-alike Domain?
Blog

What is a Look-alike Domain?

By Jessica Ryan on Wed, 11/25/2020
By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. Cybercriminals register hundreds of thousands of look-alike domains each year with the goal of impersonating legitimate brands and making money, usually by committing fraud. In this post, we'll describe how domains help us communicate on the Internet, the anatomy of a look...
Phishing Campaign Uses Malicious Office 365 App
Blog

Phishing Campaign Uses Malicious Office 365 App

By Jessica Ryan on Wed, 11/25/2020
Most phishing campaigns use social engineering and brand impersonation to attempt to take over accounts and trick the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim's account without requiring them to give up their credentials to the attackers. In this technique,...
Top 7 Use Cases for Digital Risk Protection
Blog

Top 7 Use Cases for Digital Risk Protection

By Jessica Ryan on Wed, 11/25/2020
Today's enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces and transition to new platforms. The external digital landscape is also rapidly expanding, and organizations are being required to conduct business more frequently through non-traditional...
How to Detect Look-alike Domain Registrations
Blog

How to Detect Look-alike Domain Registrations

By Jessica Ryan on Wed, 11/25/2020
Malicious domains are attributed to a wide variety of cyber attacks capable of undermining a brand's credibility. A spoofed domain is easy and quick to create, and can act as the catalyst for malicious email campaigns and phishing sites. In order to detect and action domain threats targeting your organization, security teams need to implement mature and progressive processes for collection and...
Limited Impact of Phishing Site Blocklists and Browser Warnings
Blog

Limited Impact of Phishing Site Blocklists and Browser Warnings

Fri, 11/06/2020
The life of a phishing site is brief, but impactful. A study published earlier this year found the average time span between the first and last victim of a phishing attack is just 21 hours. The same study observed the average phishing site shows up in industry blocklist feeds nearly 9 hours after the first victim visit. By that time, most of the damage is done. Blocklists are an important...