Recent Posts

Recent Blog Posts

The PhishLabs Blog

Using Social Media OSINT to Determine Actor Locations

Posted by The PhishLabs Team on Jan 19, '21

Read More

Activists Leak Data Stolen in Ransomware Attacks

Posted by Jessica Ellis on Jan 7, '21

The activist group known as Distributed Denial of Secrets (DDoSecrets) has published almost one terabyte of data originally leaked to dark web sites by ransomware operators. In addition, they are privately making another 1.9 terabytes of stolen data available to journalists or academic researchers. 
Read More

Look-alike Domain Mitigation: Breaking Down the Steps

Posted by The PhishLabs Team on Dec 21, '20

Look-alike domains remain some of the most consistent elements of cyber attacks targeting organizations. At a high-level, there are two ways to mitigate the threat of a look-alike domain: remove the threat completely by taking it offline, or block attacks on your users by implementing IT security controls. If we dissect the construction of a look-alike domain, we see where each step in its creation represents a point where actions can be taken to mitigate the threat. 
Read More

Year In Review: Ransomware

Posted by Jessica Ellis on Dec 15, '20

In 2020, cybercrime has seen a dramatic evolution in ransomware attacks. This threat type has adopted increasingly malevolent tactics and targeted some of the year's most vulnerable industries. Operators are linking up, franchising their attacks, extorting their victims, then expecting organizations to believe them trustworthy. By 2021, ransomware is anticipated to cause $20 billion in loss. 
Read More

Topics: Ransomware

The Anatomy of a Look-alike Domain Attack

Posted by Tricia Harris on Dec 11, '20

Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable organizations and make a profit. These domains are used for a variety of attacks including phishing emails, fraudulent websites, web traffic diversion, and malware delivery.

Read More

Topics: Spear Phishing Protection, business email compromise, Digital Risk Protection, Domains

The Year In Review: How COVID-19 Has Changed Cyber Security

Posted by The PhishLabs Team on Dec 8, '20

The novel coronavirus has dominated 2020, and in the cyber community, threat actors have capitalized on its impact from the beginning. In early March we saw the first of what would be an onslaught of criminal activity using the pandemic to manipulate users, and over the course of the year these attacks have been modified to reflect local and global fallout. 
Read More

Topics: COVID-19

APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS

Posted by Jessica Ellis on Dec 3, '20

The Anti-Phishing Working Group (APWG), known for its collaborative analysis of phishing attacks and identify theft techniques, has released its Phishing Activity Trends Report for Q3 of 2020. Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general websites, and a 10 percent increase in BEC attacks originating from free webmail accounts. 
Read More

Topics: Phishing, BEC, business email compromise, https, Domains

Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

Posted by Jessica Ellis on Dec 1, '20

Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of its diverse range of use cases, and in order to protect themselves against attacks, organizations should learn to identify its range of malicious applications. 
>> Learn More About How Threat Actors Use Impersonation <<
In this article, we explore the variety of ways impersonation can be used to target a single entity. All examples originate from the same financial institution (FI). 
Read More

Topics: Digital Risk Protection, DRP, Domains, Brand Abuse

What is a Look-alike Domain?

Posted by Tricia Harris on Nov 25, '20

By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. Cybercriminals register hundreds of thousands of look-alike domains each year with the goal of impersonating legitimate businesses and making money, usually by committing fraud.

In this post, we’ll describe how domains help us communicate on the Internet, the anatomy of a look-alike domain and why we fall for them, how attackers create them, and the best place to begin when facing this common threat.

Read More

Topics: Digital Risk Protection, Domains

Top 7 Use Cases for Digital Risk Protection

Posted by The PhishLabs Team on Nov 25, '20

Today’s enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces and transition to new platforms. The external digital landscape is also rapidly expanding, and organizations are being required to conduct business more frequently through non-traditional channels. This digital evolution is leaving enterprises increasingly susceptible to attacks outside the network perimeter. 

In order to detect and respond to today's most relevant threats, security teams are investing in operational Digital Risk Protection (DRP) capabilities. 
Read More

Topics: Digital Risk Protection, DRP

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all