The PhishLabs Blog

Does the Yahoo Breach Have You Worried About Your Online Security?

The recent news of the Yahoo breach and leak of hundreds of millions of passwords, names, dates of birth, and other
 personal information has led to headlines across the country. Understandably, given Yahoo’s popularity, people are worried. Especially as a summer dominated by news of leaks, hacks, and foreign intelligence agencies with nefarious agendas comes to an end. 

Given that reports suggest that the initial breach of this data occurred in 2014, one of the primary concerns about this type of data dump are password reuse attacks, where cybercriminals take previously compromised credentials and use them to break into accounts on other platforms where the victim used the same username/password combination.  It’s only a matter of time before criminals use the credentials leaked in the Yahoo breach to attempt to compromise other accounts, such as financial accounts or social media profiles. 

Read More

Topics: Phishing, Data Breach

How to Strengthen Your Human Firewall

Posted by Dane Boyd on Sep 20, '16

When it comes to security, it pays to be completely honest with yourself. After all, you may be able to hide weaknesses in your network from yourself, but that won’t stop threat actors from finding them.

If you are totally honest with yourself, you’ll realize there’s no way to completely shield your users from attacks.

You can tighten your spam filter, keep a watchful eye on user permissions, and buy in the best endpoint security package you can afford… but still, some attacks will make it through. And if your users are like most people, right now they aren’t even close to being ready to cope with that. We explored this previously in Why Some Phishing Emails Will Always Get Through Your Spam Filter.

We believe people can be the last line of your network defense – and do a damn good job of it – but first they have to be trained.

Here are a few ideas to get you started.

Read More

Topics: Phishing, Spear Phishing, security awareness training

Why Some Phishing Emails Will Always Get Through Your Spam Filter

Posted by Dane Boyd on Sep 15, '16

Frustrating, isn’t it?

It seems like no matter what you do, a few phishing emails always find their way into your users’ inboxes. You’ve tweaked your spam filter, and you’re scanning every attachment… But nothing seems to work.

Is it you? Are you making some glaring mistake?

Probably not.  We've discussed before why your users keep falling for phishing scams, and there's more to it. 

The fact is that no matter how good your security, a small percentage of phishing emails will always reach your user’s inboxes. 

Read More

Topics: Phishing, Spear Phishing, security awareness training

Hitting Back Against Security Awareness Training Nay Sayers

Posted by Dane Boyd on Sep 13, '16

There’s a lot of talk in the security industry about the effectiveness of security awareness training for employees. Some highly respected members of the community have repeatedly asserted that it’s a total waste of money, and this sentiment seems to have picked up some momentum in recent years. 

In our last post we discussed human vulnerability in Why Your Users Keep Falling for Phishing Scams. People generally assume anything that makes its way into their inbox is a legitimate attempt to contact them. Just because security professionals see a shady email and think ‘phishing’, doesn’t mean everybody else does, too.

The argument against security awareness training goes that since normal users have no responsibility for network security, and they don’t understand the implications of their actions, it should be down to IT to create an environment in one which can’t harm the organization.

But we disagree.

The fact is that while that is a good target to aim for, it isn’t possible right now, and probably never will be.

Read More

Topics: Employee Defense Training, security awareness training

Federal Trade Commission Hosts Ransomware Workshop

Posted by Lindsey Havens on Sep 9, '16

The Federal Trade Commission (FTC) responded to the rising ransomware threat on September 7, 2016 with a technology workshop in Washington, D.C. The workshop brought security experts, including PhishLabs' Vice President of Threat Research, Joseph Opacki, together to address common questions and concerns around the ransomware threat. Opacki  joined a panel during the workshop to educate the audience on the overall landscape of the ransomware threat and reasons it's proliferating at such a high pace.

Read More

Topics: Ransomware

Why Your Users Keep Falling for Phishing Scams

Posted by Dane Boyd on Sep 7, '16

We’ve all been there. That awful moment, when you realize it’s happened again.

“Why do they never learn?” You ask yourself. “It really isn’t that hard!”

Time and time again, your users click on malicious links and attachments in phishing emails, and it seems like no matter what you do to improve their awareness, it never gets any better.

So why do they keep falling for phishing scams? Is it just complacency? Or something more?

Read More

Topics: Phishing, Spear Phishing, Employee Defense Training, security awareness training

Disrupting the Phishing Supply Chain

Phishing has proven to be a successful, lucrative, and persistent threat vector that does not discriminate by industry or size of an organization. Traditional defensive measures against phishing attacks focus on shutting down the web page. This may address the immediate problem, is that really a fight? This reaction does little to stop the cybercriminal who is able to continue launching future attacks. 

For us to truly evolve the fight against phishing, we need to combine the traditionally defensive posture with a proactive, aggressive strategy. This shift will allow us to disrupt the phishing supply chain and proactively go after kits and their creators on the distribution level instead of reacting to phishing sites that have been identified one-at-a-time. 

Using in-depth, comprehensive intelligence can help us do a better job of fighting phishing instead of reacting to it. If we are able to provide context to threats by understanding where and how they manifest, we are able to better prepare, defend, and prevent future cyberattacks.  

Read More

Topics: Phishing

When Good Websites Turn Evil: How Cybercriminals Exploit File Upload Features to Host Phishing Sites

Posted by Amanda Kline on Aug 25, '16

Compromised websites are an integral part of the cybercrime ecosystem. They are used by cybercriminals to host a wide range of malicious content, including phishing sites, exploit kits, redirects to other malicious sites, and other tools needed to carry out attacks.  Why? One reason is because there is an abundance of insecure websites around the world that can be easily compromised. Another reason is because legitimate sites that have only been recently compromised are less likely to be blacklisted by internet browsers and other security measures.

Read More

Topics: Phishing, Malware, GIF89a, whitelisting

Alma Ransomware: Analysis of a New Ransomware Threat (and a decrypter!)

With low overhead and risk of prosecution, ransomware attacks have outpaced banking Trojans in sheer number of incidents, if not profit.  Ransomware’s rapidly growing popularity has spawned dozens of variants, subtypes, and families as threat actors seek to outmaneuver researchers and competitors. In this dynamic threat landscape, alongside monitoring the established ransomware families for any change in tactics, techniques, or procedures, we monitor social media and underground markets for emerging threats. Through this process, our team was alerted to and began an investigation of what is likely a new threat actor’s first attempt at ransomware design and distribution.

Recently we observed a new type of ransomware, called Alma Ransomware, being delivered via exploit kit. Often hidden on web servers, exploit kits (EK) are toolkits used by threat actors that exploit vulnerabilities in visiting users’ web browsers to deliver malicious payloads.  Alma Ransomware (MD5 Hash: 92f8a916975363a371354b10070ab3e9) was observed being delivered via the RIG Exploit Kit. The malicious payload tripped only one indicator on VirusTotal at 2016-08-22 14:51:15 UTC:

 Figure 1: VirusTotal indicator from day 1 of circulation.

Read More

Topics: Ransomware

Google AdWords Used in Bitcoin, Banking, and Online Gambling Phishing Campaigns

Posted by Amanda Kline on Aug 19, '16

Hackers targeting bitcoin wallet users are once again leveraging Google’s AdWords in their most recent campaigns. Phishlabs has previously seen similar attacks against banks and online gambling sites over the past year. Some of the most recent attacks have targeted Blockchain and Kraken and have been widely blogged and tweeted about over the past week.  As seen in the screenshot below, a Google search for “” returns a Google ad for a look alike domain “” (figure 1). Kraken has released a statement via their blog acknowledging the ongoing campaigns and its attempt to mitigate the threat which can be read here

 Figure 1 Sourced

Read More

Topics: Phishing, Bitcoin, blockchain, adwords


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events