Resources

$2.3M Stolen from Wisconsin GOP via BEC Attack
Blog

$2.3M Stolen from Wisconsin GOP via BEC Attack

By Jessica Ryan on Fri, 10/30/2020
With Election Day just around the corner, the Republican Party of Wisconsin revealed that $2.3M was recently stolen from election funds intended to support the re-election of President Trump. According to their statement, they are victims of a Business Email Compromise phishing attack that altered invoices to direct payments to accounts controlled by the threat actor. BEC attacks like this...
Eliminating the Threat of Look-alike Domains
Blog

Eliminating the Threat of Look-alike Domains

By Jessica Ryan on Tue, 10/20/2020
There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other uses for look-alike domains. This variation, as well as diverse registrar requirements for removal, can make mitigating look-alike domains a complex, burdensome, and often ineffective process. In this...
Digital Risk Protection vs. Threat Intelligence
Blog

Digital Risk Protection vs. Threat Intelligence

By Jessica Ryan on Fri, 10/09/2020
Digital Risk Protection (DRP) continues to gain momentum and attention among CISOs and security professionals. DRP, an operational security function once classified under Threat Intelligence (TI), has been elevated by the Gartner Hype Cycle and other analyst research as an emerging security function that security teams rely on to address multiple external cyber threat use cases. Many...
APWG: SSL Certificates No Longer Indication of Safe Browsing
Blog

APWG: SSL Certificates No Longer Indication of Safe Browsing

Mon, 09/28/2020
The Anti-Phishing Working Group (APWG) has released its Phishing Activity Trends Report analyzing phishing attacks and identifying theft techniques reported by its members for Q2 of 2020. Key highlights of the report include a significant increase in wire transfer loss attributed to business email compromise (BEC) attacks and a 20% increase in BEC attacks targeting the social media sector. In...
Navigating Social Media Threats : A Digital Risk Protection Playbook
Blog

Navigating Social Media Threats : A Digital Risk Protection Playbook

By Jessica Ryan on Wed, 09/02/2020
Social media is rapidly growing as a preferred channel for threat actors targeting enterprises with malicious campaigns. Half of the global population uses social media, and a post containing sensitive data or impersonating a high-level executive can be shared instantly, for 3.8 billion people to see. There are many types of social media threats that bad actors use to harm their victims,...
Gartner Releases Emerging Tech Report: Critical Insights into Digital Risk Protection
Blog

Gartner Releases Emerging Tech Report: Critical Insights into Digital Risk Protection

By Jessica Ryan on Tue, 08/04/2020
Driven by expanding use cases, approachable intelligence, and the incorporation of premium services, demand for Digital Risk Protection Services (DRPS) has grown over the last 12 months and continues to increase. In Gartner's latest Emerging Technologies report, the author cites the broad range of use cases DRPS addresses as one reason for this growth, including: Brand protection (ex:...
Gartner Releases 2020 Hype Cycle for Security Operations
Blog

Gartner Releases 2020 Hype Cycle for Security Operations

By Jessica Ryan on Tue, 07/14/2020
Digital Risk Protection has emerged as a critical new capability for security teams. It protects critical digital assets and data from external threats across surface, dark, and deep web sources. In Gartner's latest Hype Cycle for Security Operations, the author writes “This technology accelerates the breadth and depth of protecting digital assets in an organization by significantly improving...
Spoofed Domains Present Multifaceted, Growing Problems for Enterprises
Blog

Spoofed Domains Present Multifaceted, Growing Problems for Enterprises

Thu, 07/09/2020
Threat actors are increasingly registering new domains to launch malicious campaigns against enterprises. Identifying suspicious domains, as well as monitoring existing ones for changes, is an overwhelming and reactive task for many organizations. In order to minimize the risk spoofed domains pose, security teams must be able to efficiently detect abuse and understand what is required to...
Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites
Blog

Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites

By Jessica Ryan on Tue, 06/16/2020
Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of legitimacy, better mimic the target site in question, and reduce being flagged or blocked from some browsers. Last year, threat actors hit a significant milestone in this usage when more than 50% of phishing sites...
COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims
Blog

COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims

By Jessica Ryan on Tue, 05/05/2020
As job losses grow due to the coronavirus pandemic, cybercriminals are taking advantage of the situation to recruit individuals into money mule scams. Below are two examples that reference work-from-home opportunities. We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date...
On-Demand Webinar

Domains and the Open Web: Defending Against Ever-Evolving Threats Webinar

Big or small, enterprise or startup, in today’s world nearly every business across the globe has some form of digital presence. In most cases this is a website, in others, this may include social media or apps. This is due in part to the ease in establishing these properties, which makes it more accessible than ever before. However, as easy as it is to establish a brand online, so too is it for a...
Online Impersonation
How Threat Actors are Abusing Coronavirus Uncertainty
Blog

How Threat Actors are Abusing Coronavirus Uncertainty

By Jessica Ryan on Fri, 03/06/2020
By this time, most everyone in the world has heard about COVID-19, a global outbreak that is commonly referred to as the Coronavirus. With growing fear and a lack of information, the stock markets have dropped to lows we haven't seen in years, and organizations everywhere are putting together contingency plans. Like most global events, this scenario creates a perfect opportunity for threat...
Beware of Account Takeover
Blog

Beware of Account Takeover

Tue, 10/15/2019
One way to verify if an email is legitimate is to look at the sender's address, the actual sender's address, not just the sender's name. One tactic cyber criminals employ is using the sender's name to trick the recipients. The cyber criminal may use a known acquaintance's name or the name of a legitimate company they are trying to spoof. This sounds sophisticated, but it is easy to catch when...
Account Takeover Protection
Blog

Threat Actors are Increasing Their Use of Free Hosts

Thu, 07/11/2019
In our continued expansion and exploration of data from this year's annual Phishing Trends and Intelligence report it's time to take a closer look into free hosts. More specifically, the free hosts and domains that threat actors abuse in order to further distribute phishing attacks. While phishing sites that abuse free hosts don't make up the majority, the use of them is increasing dramatically...
Should User Passwords Expire? Microsoft Ends its Policy
Blog

Should User Passwords Expire? Microsoft Ends its Policy

Thu, 06/06/2019
If you have ever worked for an organization that uses Microsoft-based systems, there is a high likelihood that your IT or security team has implemented a policy that occasionally forces you to create a new password. Years ago it was every three months, then every two, and so on. This policy was heavily encouraged by Microsoft, but as of May of this year, they have reversed course. According to...
5 Tips for Smarter Detection and Collection of Digital Risks
Blog

5 Tips for Smarter Detection and Collection of Digital Risks

Tue, 03/26/2019
Recently, our Director of Product Management, Cary Hudgins, discussed how to develop a digital risk protection plan for the modern enterprise. One of the many reasons why such a plan should be created is because, in today's world, an enterprise organization's digital footprint can be vast and will continue to grow. Take for example the average employee who receives an average of 90 emails per...
This message is from a trusted sender, or is it?
Blog

Brain-Hacking Part 2: Ain't Nobody Got Time for That!

Tue, 03/19/2019
Taking Advantage of Our Tendency to Simplify There's an old joke floating around the Internet that claims NASA, upon discovering that standard ballpoint pens would not work in space, invested millions of dollars and years of R&D. The resulting pen was supposedly capable of writing in zero-G, on any surface, and in temperatures that would surely kill any astronaut. When confronted with the same...
Romanian Vishing/SMiShing Threat Actors Plead Guilty
Blog

Romanian Vishing/SMiShing Threat Actors Plead Guilty

Fri, 03/15/2019
In May of 2018, we reported on three Romanian threat actors who were extradited to the U.S. for their involvement in a SMiShing and Vishing fraud scheme. At the time of reporting, the expected losses were listed around $18 million but have since risen to more than $21 million. Between July 12 and October 31, 2011, PhishLabs' analysts detected a number of telephone phishing (known as vishing)...
It Only Takes One to Detect or Infect
Blog

It Only Takes One to Detect or Infect

Tue, 03/05/2019
It's time to take action against phish! Phishing attacks are no longer few and far between, they are the norm. Regardless of your company's investments in filtering technologies and countermeasures, suspicious and malicious emails make it into employee inboxes. It only takes one to cost your company time, money, and lost reputation. Unfortunately, even with traditional security awareness...
This message is from a trusted sender, or is it?
Blog

This message is from a trusted sender, or is it?

Tue, 02/26/2019
We've previously reported on how, due to the rise in phishing attempts leveraging SSL certificates, the icon in your web browser gives your users a false sense of security. The threat, however, doesn't end with your web browser. Although first observed as early as 2016, PhishLabs analysts have observed a dramatic uptick in the imitation of flags, banners, and other markup used by applications...