The PhishLabs Blog

Exploring the Surge in Phishing Attacks During the Holidays

Posted by Amanda Kline on Dec 1, '16

It should come as no surprise that the holiday season inevitably means an increase in scams and financial fraud. Long gone are the years where we only needed to worry about theft as a result of home burglaries and car break-ins. We not only need to worry about leaving store purchases and gifts in plain view in our cars or homes, but our credit card information being transmitted in plain text via payment services, and the ever increasing threat of phishing and ecommerce scams targeting holiday shoppers.

Read More

Topics: Phishing, Holiday Scams

How to Build a Business Case for Powerful Security Awareness Training

Posted by Lindsey Havens on Nov 29, '16

You're probably thinking security awareness training for employees is a no-brainer, that you shouldn't have to sell the idea up the ranks. However, with several other technology controls in place for securing your organization, you may be faced with a surprising "what's this really necessary" when you slide that line item into next year's budget. 

So you re-consider what you have budgeted and entertain a once-a-year, check-the-box option to satisfy compliance needs. But how much will your organization benefit from this status-quo approach? 

Getting signoff for a security awareness training program that actually works can be much harder.

But it doesn’t have to be. With a little research and a few calculations, you can produce a business case for security awareness training that holds up even under purely financial scrutiny.

Here’s how.  

Read More

Topics: Phishing, Employee Defense Training, security awareness training

How to Calculate ROI for Security Awareness Training

Posted by Jenny Dowd on Nov 22, '16

Frustrating, isn’t it?

Read More

Topics: Phishing, Spear Phishing, security awareness training

Why Ransomware Works, Why it Doesn't, and What it Will Work on Next

Cybersecurity is a field defined by its dynamism, as is crime. When analyzing trends to assess the future of these two
frequently overlapping spaces, the most efficient way to separate persistent threats from hype is by asking not just where the money is, but what the easiest way is to get it. While ransomware has had a lock on headlines all year, the most recent news stories all seem to emphasize increases in attacks targeting educational institutions, state and local governments, and healthcare organizations. Let's examine why this change from shotgun targeting to more focused targeting is happening. 

Read More

Topics: Ransomware

How and Why You Should Calculate Your Organization's Cost of Phishing

Posted by Jenny Dowd on Nov 15, '16

Everybody knows phishing is costly to their organization. 

But how costly? Few organizations know for sure.

Plenty of studies have claimed to calculate the cost of phishing, but the results are usually hard to swallow. For instance, does phishing cost your organization $1.6 million per incident? Or $3.7 million per year?

Perhaps... but probably not.

The issue with these figures is that they're averages, heavily skewed by data from huge organizations. The results may be interesting, but they're of little use to most organizations.

Read More

Topics: Phishing, Spear Phishing, security awareness training, cost of phishing

Why Your Security Awareness Training Isn't up to Par (And What to Do About It)

Posted by Jenny Dowd on Nov 10, '16

Most security awareness training is boring, infrequent, and ineffective. And the worse part is… everybody knows it.

But why? How did we get to this point? And who does all this sub-par security awareness training benefit?

To answer these questions we’ll need to examine one of the main drivers: Compliance.

Read More

Topics: Phishing, Spear Phishing, security awareness training

How Have You Gained Buy-in for Your Security Awareness Program?

Posted by Maria O'Dwyer on Oct 26, '16

Gaining the buy-in from executive leadership and employees within your organization to conduct phishing as a form of security awareness training can often be a daunting task. Proper training programs are extremely effective in conditioning employees to identify threats, yet security teams we speak with are often met with a lot of resistance. Employees feel that the simulations are deceitful and used to point fingers.  

If you are faced with these objections, read our post on Hitting Back at the Security Awareness Training Naysayers for why high quality security awareness training is far from a waste of time and money, and how it truly enhances the knowledge and behavior of your users

Read More

Topics: security awareness training, Cyber Security Awareness Month

Do We Overlook the Best Line of Defense Against Cyber Attacks?

Posted by Jenny Dowd on Oct 25, '16

Cyber Security Awareness Month presents us with the opportunity to catch up on security trends, gauge our security posture, and assess what gaps and exposure may exist.  Do we have blind spots? Or are we overlooking assets readily available to us?

We all know spam filters do not catch 100% of spam, and 1.5% of spam contains malicious links. So when you have one in five employees clicking on phishing emails, you are at risk.  This is not news, right? We all know there is no magic bullet for cyber security, and the best that we can hope for is a strong defense.

When planning the best defense, we often overlook that the best defensive line is right in front of our faces – our employees.  We often think of them as our liability because no matter how many technology controls we put in place, we know statistically that 1 in 5 of them is going to click on a phish.  This week's #CyberAware focus will highlight how, with proper training – and we’ll talk about what ‘proper’ is – you can condition your employees to not just avoid falling for phishing emails, but to actively report phishing attacks to your security team. You can make your employees part of your defense.

Read More

Topics: security awareness training, Cyber Security Awareness Month

Ransomware Reload & Definitive Resource Guide

Posted by Lindsey Havens on Oct 21, '16

If you have been following our Cyber Security Awareness Month series,  we applaud you for taking steps to become #CyberAware. We want you to be in best position to keep your organization safe and prevent the next attack. 

If you're just joining us, no worries! We will walk you through the actions you should be taking to prevent attacks like ransomware from gaining a footholinside your network. 

How to Defend Against Ransomware.jpgAround 1.5 percent of spam emails contain malicious attachments or URLs, along with content designed to manipulate people into opening them. This technique, known as phishing, has become an overwhelming favorite of threat actors in the past few years, primarily because it’s a cheap, effective, and a fast way to compromise targeted networks. Phishing has been far and away the most popular delivery method for ransomware, and the continued evolution of text-based social engineering attacks has been a significant factor in the rise of ransomware.What should we do about it? For starters, we must stop being easy targets. Education is the key. Here you will find a comprehensive list of resources for fighting back. Let's get started! 

Read More

Topics: Ransomware, Cyber Security Awareness Month

How Modern Banking Trojans Obstruct Malware Analysis

Posted by King Salemno on Oct 20, '16

Note to readers: PhishLabs will be represented by Paul Black at MalCon 2016 in Puerto Rico from October 18-21. At MalCon 2016, Paul will review the evolution of malware targeted at banks and financial institutions, reviewing notable trending data and methods to combat them. Contact PhishLabs for ongoing concern, questions and a deeper dive into the latest remediation techniques.

The cat and mouse game between malware researchers and threat actors operating banking Trojans began with the creation and propagation of the Zeus banking trojan in 2007. Since Zeus’s release, the number of banking trojans has increased continually, yet the anti-analysis mechanisms used by cybercriminals to obstruct researchers appear to have plateaued.

Read More

Topics: Malware, Banking Trojan, Malware Analysis, R.A.I.D.


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events