As enterprise workforces continue to transition to remote environments, online file sharing and cloud storage tools are becoming a frequent, if not necessary means of collaboration. While abusing these types of platforms is nothing new to threat actors, the lures they use are now taking advantage of the novel coronavirus. The two examples below demonstrate how. We are providing ongoing...

Social media account compromise is nothing new. If you haven't had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix, almost two-thirds of US adults have had at least one social media account hacked. Another report found that 53% of social media logins are fraudulent. But what's the big deal? Your account gets hacked, you...

PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign. In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains - an educational institution for example - not belonging to Microsoft. If the victim clicked the link, they...

At the height of social media adoption, users willingly shared everything from the lunch they just ate to the exact places they visited throughout the day. While some of this has been reduced as consumers learned how sharing private information could impact their privacy, many people still hide these kinds of updates behind basic security controls. This is just one of the reasons that a flurry of...

One way to verify if an email is legitimate is to look at the sender's address, the actual sender's address, not just the sender's name. One tactic cyber criminals employ is using the sender's name to trick the recipients. The cyber criminal may use a known acquaintance's name or the name of a legitimate company they are trying to spoof. This sounds sophisticated, but it is easy to catch when...

Although computer-based training has been on the scene for over two decades, it is only recently that learning professionals have begun to optimize it. Often these courses present hours of content in a single learning experience. While the flexibility of computer-based training offers convenience, learners are often overloaded and overwhelmed by the amount of information presented to them. ...

New MitM attacks impersonate banking sites without triggering alerts PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted. In these attacks, hackers use spam to deliver malware that changes DNS settings and installs a rogue Certificate Authority...