Recent Posts

Recent Blog Posts

The PhishLabs Blog

How Security Teams Handle Malware Analysis

Posted by Elliot Volkman on Feb 16, '18

During our webinar focused on the Qadars Banking Trojan there was a great deal of analysis provided on just how evasive the threat is.  This begs the question, how does your team handle malware analysis?

Read More

Topics: Phishing, Qadars, Threat Monitor

Who Says Holiday Romance is Dead? Catphishers, That’s Who

Posted by Lindsey Havens on Feb 14, '18

It’s that time of year again.

A day of romance, crowded restaurants, overblown gestures of love, and…

Well. You get the idea.

For those of us in the security world there’s another, less enjoyable component to Valentine’s Day. Yes, even less enjoyable than trying to share a romantic meal while sitting less than a foot away from four other couples.

Yes, I’m talking about holiday themed phishing scams. We’ve written about this precise topic many times before (including last Valentine’s Day) but so far we’ve never tackled the specific scams that surround this romance-centric annual event.

So before you send those dutch-courage fueled love notes, just take a moment to consider…

Read More

Topics: Phishing, Spear Phishing, Employee Defense Training

How To Make Reporting a Phish So Easy Even Your Busiest Execs Will Do It

Posted by Dane Boyd on Feb 13, '18

bigstock-blueprints-and-planning-80666213.jpgFrustrating, isn’t it? 

You design a powerful anti-phishing program, secure funding from your executive board, provide world-class training. You do everything right…

Oh, your users are probably spotting phishing emails. After all, they’ve engaged with the training, and seem to be taking it seriously.

But no matter how many times you remind them, they just won’t report those phishing emails.

Read More

Topics: Spear Phishing Protection, Employee Defense Training

The Case for 24/7 Threat Monitoring

Posted by Elliot Volkman on Feb 8, '18

You wake up, wipe the sleep away from your eyes, among the first things you do is to reach over and grab your phone. Your work day hasn’t officially begun, but you’re already looking through your emails. The night before? A similar process, but in reverse. According to a Good Technology survey, 68 percent of professionals check their work email before 8 am and another 50 percent check it while in bed. It doesn’t end there though, as 38 percent commonly break from the dinner table to look through their work emails, too.

Read More

Topics: security awareness training, Threat Monitor

7 Reasons Why Spotting a Phishing Email is Just the Beginning

Posted by Dane Boyd on Feb 6, '18

bigstock-Portrait-Of-Businessman-With-C-80860418.jpgIn most organizations, a user who can identify and delete phishing emails is considered a huge asset.

And, let’s be honest, they’re certainly a big step in the right direction. Users who can't spot a simple phishing email can easily jeopardize the security of an entire organization, even with a comprehensive set of technical security controls in place.

But in our eyes, there’s still a long way for these users to go. Deleted phish are better than clicked phish, but they shouldn’t be the end goal.

Read More

Topics: Phishing, Employee Defense Training, security awareness training

Why Timely Analysis of Reported Emails Matters

Posted by Elliot Volkman on Feb 1, '18

When your employees and team report suspicious emails, it’s an indicator that the security awareness training in place is having a positive effect.

Regardless of the email being spam or legitimate, just a single thwarted attack can make the difference between a slight headache or irreparable financial damage. However, this process is a two-way street, and timely analysis of said reported email is important for several reasons, especially for risk mitigation and improving training effectiveness.

To drive home how important the timely analysis of reported emails is we spoke to our Founder and CTO, John LaCour.

Read More

Topics: Threat Monitor

Why Failure Isn’t the Enemy in the Fight Against Phishing

Posted by Dane Boyd on Jan 29, '18

bigstock-Virus-Detection-92802713-1.jpgTraining users to identify and report phishing emails is far from an overnight fix.

It takes time, persistence, and engagement to make a meaningful impact on user email behaviors.

But you already knew that, didn’t you? In fact, you probably already have a program in place to help users identify potentially malicious emails.

Read More

Topics: Employee Defense Training, security awareness training

Webinar Announcement: Inside Qadars Banking Trojan

Posted by Elliot Volkman on Jan 25, '18

Next week we are publishing the latest white paper from our R.A.I.D. (Research, Analysis, and Intelligence Division) team that focuses on a particularly evasive threat, the Qadars Banking Trojan. 

Read More

Topics: Trojan, Qadars

The 11 Types of Reported Emails

Posted by Elliot Volkman on Jan 18, '18

You receive an email, you are unfamiliar with the sender’s name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.

Read More

Topics: Phishing, security awareness training, Threat Monitor

What Type of Emails Get Reported the Most?

Posted by Elliot Volkman on Jan 16, '18

In anticipation of our previous threat monitoring and forensics webinar we asked the Twitterverse what happens after they report a suspicious email. Does it fall into a black hole? Does IT check it out to mitigate potential impact? The results are in, and interestingly a majority of polled respondents simply don’t know what happens to their emails after they report it.

Read More

Topics: security awareness training, business email compromise, Threat Monitor

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all