The PhishLabs Blog

In our ongoing contributions to Cyber Security Awareness Month today we’re launching a two-part series designed to introduce you to some of our team.

For those who have been fortunate (unfortunate) enough to be on the receiving end of one of our phishing simulations, interacted with our microlearning modules, or training materials, you likely are unaware of some of the minds behind them. That’s why we’ve put together some brief interviews so that you can become more acquainted with people that power our security awareness training programs.

Since September 21, PhishLabs analysts have detected a number of phishing sites hosted on emoji domains. So far, all detected sites have a few things in common:

Each year in the month of October there are more things to be cognizant of than ghosts and ghouls, in fact something far scarier. That’s right, Cyber Security Awareness month is back, and with it our team is bringing you some new and updated resources. 

This month marks the 15 anniversary of the awareness program that DHS continues to lead.

“NCSAM 2018 is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online, while increasing the resiliency of the Nation during cyber-threats.” You can access the official NCSAM toolkit here.

When it comes to social media, there is a fine line between letting people know your holiday plans and just plain handing over personal sensitive information for unscrupulous people to use it against you. For instance, if you upload a photo announcing you will be away with your family for some time, once you return from your trip and realize your possessions have been stolen, it’s too late. Insurance companies won’t make it any easier on you either since they will review all your online activity and argue you didn’t properly secure your possessions and mark the claim as “ineligible for compensation”. How? Sometimes, oversharing is like leaving the front door unlocked: you’ve given the opportunity for anyone to enter your home.

Social media is impacting the world around us.

Most organizations have social media accounts, cloud-based drives, access cloud platforms, are filled with employees who use messengers like Slack, and tap into any other piece of the ever expanding digital world.

Because of the growth rate of each of these types of technology and the associated user adoption, ideal security best practices and tools are still sorely lagging behind in place of innovation. Because of this, any user, and in particular executives or the C-suite with keys to the castle, are constantly a potential target to threat actors.

There are many misconceptions about the dark web and what goes on in the digital underground. Though the dark web is usually associated with criminal activities including drug dealing, human trafficking, selling counterfeit consumer goods and many other malicious acts, not everything in the dark web is completely dark.

The most likely way that you will be compromised online is through a simple phish or a socially engineered attack. Today, these two techniques are often combined to create an even more threatening attack, an intelligently targeted phish.

Big or small, global or local, almost every organization uses some form of technology, and therefore has security needs within it. Due to the nature of the work and variables in play, metrics and success are often a subjective matter from organization to organization.

Exposing your geolocation information publicly can lead to increased personal and business risk. This is particularly important to note in the wake of Google's location tracking, even if you explicitly told them not to.

After months of talks, budget approvals, and getting stakeholder buy in, you finally have the security awareness tool of your choice ready to be used. You get some welcome emails, an onboarding conversation with a customer account manager, and then…..?