Recent Posts

Recent Blog Posts

The PhishLabs Blog

Is It a Phish? April 20 Edition

Posted by Elliot Volkman on Apr 20, '18

As you are aware, phishing is certainly not a new cyber threat, yet it continues to be one of the most pervasive and costly to businesses and consumers. With nearly endless examples, we have decided to develop a new series that not only highlights some of these attacks, but also sharing helpful tips along the way for spotting them.

Read More

Topics: Phishing, Phishing Simulation, Phish

Security Awareness Training and How it Impacts Reported Suspicious Emails

Posted by Dane Boyd on Apr 19, '18

It should not be a surprise, but 95 percent of breaches come through phishing attacks. Nothing more than a simple lure email lands in one of your users inboxes, they click it, and everything unravels from there.

Read More

Topics: security awareness training, Phish, Threat Monitor

2018 Phishing Trends & Intelligence Report: The Shift to Enterprise

Posted by Elliot Volkman on Apr 17, '18

Like years past, phishing continues to be an evolving threat. What once was a simple attack that would hit everyone from your neighbors to your colleagues’ inboxes has since expanded to different medians and tactics growing in sophistication.

Read More

Topics: PTI Report

How To Avoid Bursting the Buy-In Bubble

Posted by Stacy Shelley on Apr 12, '18

You know the feeling.

You’re excited about something. It’s new, it’s interesting, and you’re ready to go.

But then something happens and all of a sudden that excitement just drains away, to be replaced with a resounding “Meh.”

Read More

Topics: Employee Defense Training, security awareness training

Silent Librarian University Attacks Continue Unabated in Days Following Indictment

On Friday, March 23, nine Iranian threat actors were indicted for stealing massive quantities of data from universities, businesses, and governments all over the world.

If you’ve been following our blog (or the news), you already know the actors are associated with an organization called the Mabna Institute, and are responsible for stealing more than 31 terabytes of data over the past four and a half years. To put that number in context, you’d need to cut down more than 1.5 million trees to make enough paper to print out all of the stolen data.

Read More

Topics: Phishing, Spear Phishing, silent librarian

RSA 2018: Preview the Latest Phishing Trends and Intelligence Report

Posted by Elliot Volkman on Apr 3, '18

RSA 2018 is nearly here and with it PhishLabs will unveil the emerging cybercrime trends and intelligence contained within this year’s Phishing Trends and Intelligence Report.

In addition to this year’s PTI report findings, our Director of Threat Intelligence, Crane Hassold, will be onsite discussing how he discovered and tracked the recently indicted Iranian’s tied to the Mabna Institute.

Read More

Topics: Events, PTI Report

How Universities Should Respond to Iranian Hacking Charges

Last week, news broke that an Iranian hacker network, Mabna Institute, had been systematically stealing data from universities across the US and abroad.

It’s unclear precisely how much data has been compromised, but it has been estimated to have cost US universities around $3.4 billion dollars to collect and maintain.

While the administration has announced sanctions and criminal indictments against the group, it’s highly unlikely any of the actors involved will receive punishment.

So if you happen to work for a university, or be responsible in some capacity for the data security of a university, you’d be forgiven for wondering “…What now?

Read More

Topics: Phishing, Spear Phishing

Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment

Last Friday, Deputy Attorney General Rod Rosenstein announced the indictment of nine Iranians who worked for an organization named the Mabna Institute. According to prosecutors, the defendants stole more than 31 terabytes of data from universities, companies, and government agencies around the world. The cost to the universities alone reportedly amounted to approximately $3.4 billion. The information stolen from these universities was used by the Islamic Revolutionary Guard Corps (IRGC) or sold for profit inside Iran. 

Read More

Topics: Spear Phishing, silent librarian

MISTI: Phish are King, But What Comes Next?

Posted by Nicole Garrigan on Mar 19, '18

MISTI’s InfoSec World,  March 19-21 in Lake Buena Vista, FL, is nearing and Crane Hassold, PhishLabs' threat research manager, is set to present on the attack techniques that threat actors are employing to overcome detection and blocking techniques.

Read More

Topics: Events, misti, infosec world

With Spoofed Calls on the Rise, FCC Seeks New ID Authentication Program

Posted by Elliot Volkman on Mar 14, '18

Spoofing a phone number is not a new concept, you probably get several calls from them a day, but with the accessibility of VoIP solutions and open source software spoofing a phone number is a breeze.

Telemarketers, robocalls, spammers, scammers, and even prank callers use it, and what once started as a simple grab and go of any available phone number has since evolved.

Read More

Topics: Vishing, Phone Fraud, Spoofing


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events


Posts by Topic

see all