Recent Posts

Recent Blog Posts

The PhishLabs Blog

Brain-hacking: Why Social Engineering is so effective

Posted by Michael Tyler on Feb 19, '19

You are affected by social engineering tactics every day.

Read More

Topics: Psychology, social engineering

Hiding in Plain Sight: How Phishing Attacks are Evolving

Posted by Sean Bell on Feb 7, '19

Phishing attacks are supposed to be visible. If you can’t see them, how could anyone possibly fall for them? Since the dawning of time for phishing attacks there has been a constant struggle between the threat actors creating phishing sites and the individuals and organizations combating them.

Read More

Topics: Phishing Incident Response

How to Cut Healthcare Cyber Incidents by 80 Percent

Posted by Nicole Garrigan on Jan 31, '19

Healthcare data breaches are among the most costly of any industry, and phishing attacks are the number one cause. 

Security technologies, while essential, are not enough to mitigate the threat posed by phishing. Over 90 percent of data breaches contain a phishing component, and the average cost to remediate a data breach is $3.86 million.

Read More

Topics: security awareness training, Healthcare

BankBot Anubis Switches to Chinese and Adds Telegram for C2

Posted by Dan Chabala and Joseph Fleming on Jan 29, '19

We've recently noticed two significant changes in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of Chinese characters to encode the C2 strings (in addition to base64 encoding). The second is the use of Telegram Messenger in addition to Twitter for communicating C2 URLs. 

Read More

Topics: BankBot Anubis, Banking Trojan, Threat Intelligence

Less Than 3 Percent of ‘Collection #1’ Data Dump Passwords are Unique

Posted by Elliot Volkman on Jan 23, '19

This month the largest recorded data dump in history, 87GB filled with passwords and user credentials, was made available. Dubbed Collection #1 consists of 1,160,253,228 unique combinations of email addresses and passwords. Though historic, there are two positive notes regarding this information: The first is that this data set was circulated on hacking forums back in December of 2018 and is considered a few years old, and the second being that none of this data is the result of a new breach. In short, this is a very large collection of already breached data from at least 340 different websites.

Read More

Topics: security awareness training

Social Risk Monitoring: All Press Good Press?

Posted by Elliot Volkman on Jan 4, '19

It happens on a daily basis, it’s even likely that at some point it happened to you: social media account takeovers. A quick Google search shows a new batch of celebrities, politicians, companies, and other high profile users becoming the victim of account takeovers on a weekly basis.

Read More

Topics: Digital Risk Protection

49 Percent of Phishing Sites Now Use HTTPS

Posted by Elliot Volkman on Dec 6, '18

Since 2015 there has been a steady increase in threat actors’ use of SSL certificates to add an air of legitimacy to malicious websites. By the end of 2017 almost a third of phishing sites had SSL certificates, meaning their URLs began with HTTPS:// and (most) browsers displayed the all-important padlock symbol.

Read More

Topics: https

Users Failing Phishing Simulations? That’s ok

Posted by Elliot Volkman on Nov 29, '18

Phishing simulations come with a range of emotions for the users who interact with them. Some will simply ignore them, others may fail by clicking on a link or attachment, and for the well-trained, they may even report them.

Even if there is a negative outcome, training leads and organizations should not be worried, yet. Just like in school, these simulations are just that, simulations or quizzes. They are designed to prepare users for the real test or a potential attack or phishing lure from a threat actor.

Read More

Topics: security awareness training

Finding Threats That Go Undetected

Posted by Alexa Villanueva on Nov 20, '18

Phishing attacks have become increasingly sophisticated. From tricking users into sending confidential information to crafting well executed emails that can slip past the most advanced technology, social engineering is still incredibly effective.

This month we discussed this very topic and how organizations and their users should respond to phishing incidents.

Read More

Topics: Phishing Incident Response, Webinar

Learn About Phishing Incident Response on Nov 15

Posted by Elliot Volkman on Nov 7, '18

An email lands in your box, it looks suspicious, but what should you do with it? This very situation happens to enterprise organizations countless times a day, and there are so many solutions for tackling it. How can you best use this information to protect your enterprise, brands, and customers?

Read More

Topics: Webinar

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Posts by Topic

see all