Recent Posts

Recent Blog Posts

The PhishLabs Blog

Executive Impersonation Techniques on Social Media

Posted by Jessica Ellis on Jun 22, '20

Threat actors are masquerading as executives on social media for purposes of stealing credentials and damaging popular brands.  Today, many executives have accounts on these platforms to network as well as post content promoting their companies.
Read More

Topics: Social Media Threats

Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites

Posted by Elliot Volkman on Jun 16, '20

Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of legitimacy, better mimic the target site in question, and reduce being flagged or blocked from some browsers. 

Read More

Topics: APWG, https

FBI Warns of Growing Mobile Banking App Threats

Posted by Jessica Ellis on Jun 12, '20

The Federal Bureau of Investigation (FBI) published a public service announcement Wednesday warning the public of anticipated cyber attacks that exploit increased usage of mobile banking apps. The advisory comes at a time when a vast majority of Americans are working from home due to social distancing, and as a result, rely more on mobile apps to do their banking. According to the report, there has been a 50% increase in mobile banking activity since the beginning of 2020. Threat actors are aware of this trend and are capitalizing on it.
Read More

Data Leakage on Social Media: Credit Card Info, Confidential Docs

Posted by Jessica Ellis on Jun 11, '20

When the term data leak comes to mind, most enterprises think of the dark web. Although compromised information can damage an organization when distributed through gated and anonymous platforms, we are seeing social channels being used to allow for a more rapid and potentially destructive outcome. These platforms have an overwhelming number of global participants, with almost half of the world’s population using some form of social media. Threat actors are aware of the massive audience this allows them to reach and as such, are using these channels to promote and expose confidential data. 
Read More

Topics: Social Media Threats

Social Media Platforms Latest Channels used to Leak Sensitive Data

Posted by Jessica Ellis on Jun 2, '20

Threat actors are using social media accounts to expose and sell data that has been compromised. While information found on many of these platforms has traditionally been disclosed by enterprises and individuals with intent, cyber criminals are taking information acquired by means of scams and data breaches and promoting their sale on various social platforms not always monitored by security teams.  
Read More

Topics: Social Media Threats

Threat Actors Impersonate Brands on Social Media for Malicious Purposes

Posted by Jessica Ellis on May 28, '20

With more than 2.95 billion people now estimated to use social media, an organization’s online presence directly relates to the satisfaction of its customers, as well as its profits. False or misleading images or comments connected with a brand on online platforms can swiftly impact the reputation or even financials of an otherwise successful company. 
Read More

Topics: Social Media Threats

Reporting Cyber Threats: Executives at Risk

Posted by Elliot Volkman on May 21, '20

Across the cybersecurity industry, white papers and reports typically highlight high-level trends related to cyber threats. However, what is often overlooked is a more granular analysis that focuses on individuals within an organization. More specifically, the high-value targets that threat actors focus much of their attention on.

Read More

Topics: Executive Monitoring, Email Intelligence & Response

COVID-19 Phishing Update: File Sharing Services Abused to Steal Credentials

Posted by Jessica Ellis on May 19, '20

As enterprise workforces continue to transition to remote environments, online file sharing and cloud storage tools are becoming a frequent, if not necessary means of collaboration. While abusing these types of platforms is nothing new to threat actors, the lures they use are now taking advantage of the novel coronavirus. The two examples below demonstrate how. 
Read More

Topics: COVID-19

COVID-19 Phishing Update: Threat Actors on Twitter Want You to Pay for Your Stolen Passwords

Posted by Jessica Ellis on May 14, '20

Cyber criminals are using COVID-19 to manipulate users on Twitter and steal funds through payment applications. Our latest example demonstrates how victims are being targeted with fake credential dumps.
Read More

Topics: COVID-19

COVID-19 Phishing Update: BEC Lures use Pandemic to Enhance Attacks

Posted by Jessica Ellis on May 8, '20

Threat actors are using the novel coronavirus to add credibility in recent Business Email Compromise (BEC) attacks. Below are three examples of how they are doing it. 
Read More

Topics: COVID-19

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all