The PhishLabs Blog

Healthcare Security Awareness Training: Don't Fear Failure, Learn From It

Posted by Dane Boyd on Jun 23, '17

The past few years has seen an explosion of cyber attack activity in the healthcare industry.

But that shouldn’t come as a surprise. Healthcare records are a goldmine for enterprising hackers, and with low security budgets across the industry it’s no wonder that healthcare organizations are considered a soft target.

A cursory glance at the industry’s security profile tells us everything we need to know. There are weaknesses everywhere, and hackers all over the world know it.

Incredibly, from a single successful healthcare breach, a hacker stands to earn anything from $285,000 to $1.7 million.

Read More

Topics: security awareness training, Healthcare

Why Your Security Awareness Training Isn't Working and What to Do Instead

Posted by Dane Boyd on Jun 22, '17

At this point, everybody knows phishing is a threat.

But then, it’s difficult to deny. As Verizon points out, over 90 percent of data breaches include a phishing or social engineering component, including many of the high profile breaches we all read about each week.

In fact, from a security perspective, phishing is the single greatest threat to most organizations, whether they’re tiny family owned businesses or huge multinational conglomerates.

So what are most organizations doing to defend against phishing?

Read More

Topics: security awareness training

The Mobile Phishing Threat You’ll See Very Soon: URL Padding


The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.

And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day.

An SMS arrived? Better read it straight away.

New email? Let me at it.

Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to.

The increased attack volume we’re seeing directed at mobile devices is really nothing more than recognition on the part of threat actors that mobile devices account for an increasingly large proportion of web traffic… but aren’t nearly as well protected as PCs and laptops.

So with all that in mind, it shouldn’t be terribly surprising that we have a new mobile phishing threat to tell you about.

Read More

Topics: Mobile, Phish

Evolving Tactics in Tax Phishing: A Recap of the 2017 Tax Season

Posted by Amanda Kline on Jun 14, '17

It used to be said that the only certain things in life were death and taxes.

But this adage is in desperate need of an update. In the age of technology, the only certain things in life are death, taxes, and phishing scams.

And scams targeting taxpayers and tax preparers are just the tip of the iceberg. This tax season, schools, nonprofits, NGOs, state/local governments, and aid organizations have also found themselves the targets of wide ranging tax and W-2 phishing scams. 

Read More

Topics: IRS Phishing Attacks

Q1 2017 Phishing Trends & Intelligence Report

Posted by Stacy Shelley on Jun 8, '17

We all know that the only constant in life is change, but it is often surprising how quickly we must pivot and re-evaluate what we know to be true. In the words of General Shinseki, former U.S. Army Chief of Staff,  “I f you don’t like change, you’re going to like irrelevance even less.”   
 
What' s most imp ortant is how we respond to the shifts, and, when talking about cyber security, how we continue to effectively mana ge risk in the midst of shifting threats. 
Read More

Topics: Phishing, Phishing Trends and Intelligence Report,

Statement on Pastebin post claiming PhishLabs data for sale

Posted by The PhishLabs Team on Jun 2, '17

On May 29, a post was published on Pastebin [What is Pastebin?] in which an anonymous author claimed to have phished an email account of Joseph Opacki, our VP of Threat Research, and announced unidentified PhishLabs data for sale. As of May 31 at 5 PM Eastern Time (US), we have found no evidence that any systems have been compromised. 

Read More

Topics: Pastebin

Coming Soon - Healthcare Security Awareness Training, the 2017 Buyer’s Guide

Posted by Lindsey Havens on Jun 2, '17

Historically, security awareness training (SAT) in the healthcare industry… isn’t great. In fact, if you start talking about SAT to a healthcare CISO, you can see the frustration on their face almost immediately.

Back in February we attended HIMSS, one of the biggest healthcare IT shows in the US. We wanted to find out exactly what healthcare providers needed from a SAT program, and show them that (done properly) SAT can have a tremendous positive effect on the operational security of healthcare organizations.

Read More

Topics: security awareness training

Marcher and Other Mobile Threats: What You Need to Know

Posted by Joshua Shilko on May 26, '17

When most people think about cyber risk, they think primarily of their organization’s servers, PCs, and laptops, and how they might be vulnerable to attack.

But in recent years, the way in which users interact with the outside world has changed. In March this year, for the first time ever, Android overtook Windows to claim the largest share of Internet traffic.

And naturally, where users go, threat actors will surely follow.

Read More

Topics: Mobile, Rogue Mobile Applications, Mobile Crimeware

Third DocuSign Phishing Campaign Identified Linked to Email Database Breach

Posted by Olivia Vining on May 19, '17

Since May 9, PhishLabs has tracked multiple phishing campaigns that uses DocuSign branding that lures victims into downloading malicious files.  These campaigns followed a breach of a DocuSign database containing user email addresses.  Each of the campaigns associated with this breach contain similar, yet distinct, characteristics.  The third, and most recent, campaign was launched on May 17. 

Read More

Topics: Phishing, Spear Phishing, DocuSign

How Malicious Domain Correlation is Fueling the Fight Against Phishing

Posted by Lindsey Havens on May 19, '17

In the fight against phishing, there’s far more to think about than simply blocking malicious email.

In fact, as a security vendor, our analysts spend a huge amount of time trying to disrupt the phishing landscape in a way that makes all of us safer.

Read More

Topics: Phishing

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all