Threat actors are exploiting employee concerns about infected colleagues. Our latest example targets Office 365 accounts at a large Canadian company by falsely claiming a colleague has died from the virus. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat...

The novel coronavirus is giving opportunistic threat actors new means of deploying malicious lures on unsuspecting targets. Today's example shows the attacker leveraging the pandemic by offering guidance on how to avoid coronavirus scams. Unfortunately, it's also a scam. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are...

Threat actors continue using COVID-19 fears to exploit individuals on a variety of channels. Today we are taking a look at two new, related SMS lures. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. The first...

As COVID-19 continues to spread, we are seeing an increase in threat actors impersonating public health organizations and luring victims in with fake links to government agencies. The four examples below impersonate the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO) using lures we have recently observed. We are providing ongoing updates on coronavirus...

We continue to see a wide range of lures exploiting coronavirus fears. In this post, we take a look at three recently observed lure samples that use the possibility of a cure to entice victims. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are...

As COVID-19 cases have further spread over the past few weeks, our team has come across new lures that target an individual's fear of coronavirus as it relates to their health insurance coverage. Both examples lead to malicious sites that attempt to steal Microsoft Office 365 login credentials. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This...

A few weeks ago we noted some early examples of Coronavirus phishing campaigns. Since then, the pandemic has spread and we've seen a dramatic uptick in COVID-19-themed malicious activity, with everything from domain registration to phishing emails and even malware campaigns. Going forward, we will be publishing more examples as we find additional methods cybercriminals are using to exploit the...

Recently we highlighted one of the most common evasion techniques employed by threat actors in order to keep a phishing site online: geoblocking, or blocking by location. However, many other techniques exist, some that are more subtle and make it more difficult for unwanted visitors to view a site. One such method is used to thwart unintended parties - bots, analysts, hosting providers, etc. -...

By this time, most everyone in the world has heard about COVID-19, a global outbreak that is commonly referred to as the Coronavirus. With growing fear and a lack of information, the stock markets have dropped to lows we haven't seen in years, and organizations everywhere are putting together contingency plans. Like most global events, this scenario creates a perfect opportunity for threat...

In order to increase the lifespan of their campaigns, most threat actors implement evasion techniques to keep their activity from being detected by defenders and their intelligence tools. In this blog post, we'll take a look at how geoblocking by IP is used. Geoblocking by IP takes advantage of the victim's location. It is often used on sites hosting malicious content to limit the exposure...

In the past few weeks, our team highlighted how social media is abused by threat actors seeking to steal credentials and to administer phishing attacks. While these are both two of the most prominent cybersecurity threats distributed through social media, there are some other tactics in play, too. Join us on February 6 to discuss the latest social media-based financial scams. This week we're...

Social media account compromise is nothing new. If you haven't had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix, almost two-thirds of US adults have had at least one social media account hacked. Another report found that 53% of social media logins are fraudulent. But what's the big deal? Your account gets hacked, you...

On August 30, Twitter CEO Jack Dorsey became the most notable victim of one of the fastest-growing cyber threats: SIM Swapping. SIM Swap Attacks are increasing because they only require social engineering and access to a SIM card, which makes it another form of phishing. You can find our definition of phishing here. In a few words, it isn't that difficult. What is SIM Swapping? SIM...

On a daily basis, most people will use some form of social media. From checking photos of your friends and pets, to communicating with coworkers and loved ones, social media is a large part of the connected world. Unfortunately, this also means that the more social media is used, the more likely that threat actors will try to exploit it. Join us on February 6, at 3 PM ET, as we discuss how...

Every day our teams analyze millions of phish across the web, detected through emails, social media, text messages, and most other common digital vectors. Many phishing sites are easy to review and analyze. However, some threat actors that we track take steps to hide their attacks from people other than their intended victims. This is a defense mechanism that makes it harder to analyze their...

Business Email Compromise (BEC) attacks have plagued organizations all over the world for almost a decade. In fact, the phishing threat has become so pervasive and effective for threat actors that the reported losses to date have already hit more than $26 billion. This does not even include the thousands of unreported BEC attacks that net gift cards and other small denominations. It's for...

Today's marketing organization uses countless SaaS-based tools and platforms that live outside of an organization's network. As their digital footprint grows, so does their potential for digital risks targeting their enterprise, brands, and customers. Even if they don't join the latest social media platform, in most cases there are not proper online brand protections in place to ensure...

Social media is undoubtedly a huge asset to modern organizations. It helps them spread their message, promote their products and services, and communicate directly with customers, and users. Along with those benefits, social media also presents a unique threat. Never before has it been so easy for threat actors to abuse the trust built up by an organization, damage its reputation, profit...

PhishLabs' Email Incident Response analysts recently identified a phishing campaign leveraging novel tactics in the ongoing war between threat actors and security teams. In addition to presenting a unique twist on a popular lure theme, the campaign leverages a clever combination of tactics by attackers attempting to defeat email security technologies to great effectiveness. PhishLabs observed...

PhishLabs has observed an active TrickBot campaign targeting the employees of multiple organizations. Trickbot is a sophisticated successor of the Dyre Banking Trojan. It uses an intricate network of command and control servers (C2), web injects, and customized redirection attacks that leverage HTML or JavaScript injections to target numerous financial institutions across many geographies and...