The PhishLabs Blog

Tech Support Scams: How To Spot a Phish

Posted by Amanda Kline on Oct 17, '17

Originating in India around 2008, tech support scams are a simple and effective way of preying on individuals’ fear.

In its earliest form, the tech support scam involved a scammer cold-calling English speaking countries, and claiming to represent Microsoft Technical Support. The victim would be informed that their machine was infected with malware, and that the caller would help them remove it if granted access to the machine.

Naturally, once access was granted, the scammer would “fix” the problem and promptly demand payment.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

Nigerian 419 Scams: How to Spot a Phish

Posted by Amanda Kline on Oct 11, '17

All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works.

Today, we’re a true phishing classic: Nigerian 419 scams.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

BEC Scams: How to Spot a Phish


All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

How to Spot a Phish Video: Spotting Red Flags

Posted by Lindsey Havens on Oct 9, '17

In observance of National Cyber Security Awareness month, we are releasing several videos to help employees and consumers spot a phish. In this first video, we are going to look at red flags that would identify an email as unsafe. 

Read More

Topics: Cyber Security Awareness Month, CyberAware

Ransomware: How to Spot a Phish


Phishing has no limits. Everyone that uses email to communicate will at some point be the recipient of a phishing email. In the spot a phish series we'll be taking a closer look at some phishing lures to help you mentally prepare for these attacks before they hit your inbox. 

Content Clues

The first lure is representative of a vast majority of lures that we see. For starters, it capitalizes on the universal language of money. Because this is a mass distributed phish, the threat actor needs to find a commonality among the recipients.  For this reason, we see the use of "invoice attachments" employed exhaustively.  Lures in all languages utilize this tactic.  One would think this practice would get old and at some point become ineffective but it must be producing results for cybercriminals; otherwise, why would they keep it up?

Read More

Topics: Cyber Security Awareness Month, CyberAware

The Impact of Phishing, and Why it Should be Your #1 Priority

Posted by Joseph Opacki on Oct 4, '17

Nation states. Hacktivists. Cyber criminals.

There are so many players in the modern threat landscape it can be hard to keep up.

And the number of threats? Practically too many to count.

By the time you’ve secured your organization against password reuse, DDoS, and crimeware attacks, your resources are likely so diminished there’s no point even thinking about what else could be out there.

But there’s a problem. An elephant in the room, if you like.

There’s one threat vector that gets minimal attention, and even less budget… and yet is a common factor in almost every data breach you’ve heard about in the last decade.

Read More

Topics: Cyber Security Awareness Month, Phish

#CyberAware: Crash Course in Phishing

Posted by Lindsey Havens on Oct 2, '17

It would be easy to feel defeated by the statistics continuously reported on cyber attacks. Even with an organization’s next-gen firewall, threat intelligence capabilities, and a host of sophisticated tech tools, threat actors still manage to access valuable data.

How is this happening? Here’s a hint: we’ve all seen them…those sneaky, often carefully crafted emails that lure us into giving up our valuable information. Yes, you guessed it… 

Read More

Topics: Cyber Security Awareness Month

"Phish For The Future" is Perfect Example of Advanced Persistent Phishing

Posted by Stacy Shelley on Sep 29, '17

 

The Electronic Frontier Foundation (EFF) has reported that activists at Free Press and Fight for the Future were hit over the summer with a targeted spear phishing campaign that involved nearly 70 phishing attempts. If you haven't read their report, you should. Very few organizations would come out of the same situation unscathed.

Read More

Topics: Spear Phishing, Phish, EFF, Advanced Persistent Phish

RedAlert2 Mobile Banking Trojan Actively Updating Its Techniques

Posted by Joshua Shilko on Sep 25, '17

RedAlert2, an Android banking Trojan, has received a significant amount of attention since first noted last week (read more in this article by Bleeping Computer). The high level of interest in this Trojan is due to the fact that the code base appears to be completely new and the Trojan itself includes some unique functionality.  The PhishLabs Research, Analysis, and Intelligence Division (R.A.I.D.) recently identified a new sample which exhibits changed tactics, techniques, and procedures relative to previous samples. We’ll review some of the interesting features of RedAlert2 before identifying the changes observed in the most recent sample.

Read More

Topics: Android, Banking Trojan, Mobile Crimeware

Phishing landscape thrives in the second quarter of 2017

Posted by Amanda Kline on Sep 20, '17

It probably comes as no surprise that the second quarter of 2017 brought changes in the phishing landscape. A dramatic increase (41%) in overall phishing volume was observed by the PhishLabs research team. Additionally, there have been shifts in the industries that are being targeted. This is further evidence that the threat landscape is both thriving and volatile as cybercriminals pivot and exploit different targets. 

After years of gathering and analyzing phishing data, only one thing is certain - phishing continues to be a successful attack method for cybercriminals.

Read More

Topics: Phishing, Phishing Trends and Intelligence Report,, PTI Report

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all