The PhishLabs Blog

New Phishing-Based TrickBot Campaign Identified

Posted by Olivia Vining on Jul 20, '17

This week, PhishLabs analysts have detected a new TrickBot campaign that began at approximately 23:30 EST on July 17th, and continued through the evening of July 18th before ending later that night.

Thousands of lures were detected, the bulk of which were sent between 12:30 - 15:30 EST on July 18th.

But let’s back up a little.

In case you missed it first time around, TrickBot is a prominent example of a type of malware known as a Trojan.  Like the Trojan from which it was developed, Dyre, Trickbot is configured to steal banking credentials. 

Once a victim's machine is infected, Trickbot sends bank information to criminals through a complex series of events initiated by one click. Once initiated, TrickBot resides in the background, operating as unobtrusively as possible. As a result, many victims are unaware their machine has been infected.

Read More

Topics: Phishing, TrickBot

Marcher Android Banking Trojan - Threat Actor Shifts Technique to Evade Detection

Posted by Joshua Shilko on Jul 12, '17

PhishLabs has recently observed a technique change implemented by a threat actor tracked by our Research, Analysis, and Intelligence Division (R.A.I.DTM). This actor is utilizing a variant of the Marcher Android banking trojan to target clients of financial institutions, payment companies, auction sites, retailers, email providers, and social media companies, primarily located in North America.

Overview of Marcher

Marcher is a family of malicious Android applications that run in the background on an infected device and monitor its operation to detect the launch of specific applications or websites. When a targeted application or site is opened, Marcher overlays the screen with a customized phishing site which mimics the look and feel of the targeted institution. Marcher first appeared in 2013, and there are a number of variants in the wild with varying levels of functionality. Some samples contain only the web overlay and credential theft capability, while others extend functionality to include the ability to intercept and send SMS messages, lock the screen, steal system data, detect and hide anti-virus software, and even utilize the infected device as a SOCKS proxy.  

Read More

Not NotPetya (An analysis of Karo Ransomware)


While there was a lively running debate over whether it was Petya or NotPetya yesterday, we all can all agree that what locked up some of the world’s largest shipping companies, spread through the infamous SMB exploit, and may have been delivered as an infected update, was not Karo. However, this obscure ransomware family was launched into the spotlight due to early confusion over Petya's initial infection vector.

Read More

Topics: Ransomware

New Tech Support Scam Strikes Amazon, eBay, and Alibaba Customers

Posted by Amanda Kline on Jun 28, '17

In a world where new cyber threats seem to develop almost daily, it’s easy to forget that some tactics have stood the test of time.

Since mid-May, PhishLabs has been tracking an ongoing consumer-focused email phishing campaign.

And what tactic have they been using? The dreaded tech support scam.

No matter how much technology develops, threat actors will nearly always default to the simplest tactic that still works. And when it comes to consumer-focused phishing, there’s nothing simpler (and more effective) than a well constructed tech support scam.

Read More

Topics: Phishing

Healthcare Security Awareness Training: Don't Fear Failure, Learn From It

Posted by Dane Boyd on Jun 23, '17

The past few years has seen an explosion of cyber attack activity in the healthcare industry.

But that shouldn’t come as a surprise. Healthcare records are a goldmine for enterprising hackers, and with low security budgets across the industry it’s no wonder that healthcare organizations are considered a soft target.

A cursory glance at the industry’s security profile tells us everything we need to know. There are weaknesses everywhere, and hackers all over the world know it.

Incredibly, from a single successful healthcare breach, a hacker stands to earn anything from $285,000 to $1.7 million.

Read More

Topics: security awareness training, Healthcare

Why Your Security Awareness Training Isn't Working and What to Do Instead

Posted by Dane Boyd on Jun 22, '17

At this point, everybody knows phishing is a threat.

But then, it’s difficult to deny. As Verizon points out, over 90 percent of data breaches include a phishing or social engineering component, including many of the high profile breaches we all read about each week.

In fact, from a security perspective, phishing is the single greatest threat to most organizations, whether they’re tiny family owned businesses or huge multinational conglomerates.

So what are most organizations doing to defend against phishing?

Read More

Topics: security awareness training

The Mobile Phishing Threat You’ll See Very Soon: URL Padding


The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.

And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day.

An SMS arrived? Better read it straight away.

New email? Let me at it.

Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to.

The increased attack volume we’re seeing directed at mobile devices is really nothing more than recognition on the part of threat actors that mobile devices account for an increasingly large proportion of web traffic… but aren’t nearly as well protected as PCs and laptops.

So with all that in mind, it shouldn’t be terribly surprising that we have a new mobile phishing threat to tell you about.

Read More

Topics: Mobile, Phish

Evolving Tactics in Tax Phishing: A Recap of the 2017 Tax Season

Posted by Amanda Kline on Jun 14, '17

It used to be said that the only certain things in life were death and taxes.

But this adage is in desperate need of an update. In the age of technology, the only certain things in life are death, taxes, and phishing scams.

And scams targeting taxpayers and tax preparers are just the tip of the iceberg. This tax season, schools, nonprofits, NGOs, state/local governments, and aid organizations have also found themselves the targets of wide ranging tax and W-2 phishing scams. 

Read More

Topics: IRS Phishing Attacks

How Phishing Volume Grew in the First Three Months of 2017


For the past several years, we’ve released an annual report during the first quarter of the year detailing precisely how the phishing landscape had evolved during the preceding 12 months.

Read More

Topics: Phishing, PTI Report

Q1 2017 Phishing Trends & Intelligence Report

Posted by Stacy Shelley on Jun 8, '17

We all know that the only constant in life is change, but it is often surprising how quickly we must pivot and re-evaluate what we know to be true. In the words of General Shinseki, former U.S. Army Chief of Staff,  “I f you don’t like change, you’re going to like irrelevance even less.”   
 
What' s most imp ortant is how we respond to the shifts, and, when talking about cyber security, how we continue to effectively mana ge risk in the midst of shifting threats. 
Read More

Topics: Phishing, Phishing Trends and Intelligence Report,

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all