Recent Posts

Recent Blog Posts

The PhishLabs Blog

Social Media Platforms Latest Channels used to Leak Sensitive Data

Threat Actors Impersonate Brands on Social Media for Malicious Purposes

Reporting Cyber Threats: Executives at Risk

COVID-19 Phishing Update: File Sharing Services Abused to Steal Credentials

COVID-19 Phishing Update: Threat Actors on Twitter Want You to Pay for Your Stolen Passwords

COVID-19 Phishing Update: BEC Lures use Pandemic to Enhance Attacks

COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims

COVID-19 Phishing Update: Scammers Impersonating Financial Institutions on Instagram

COVID-19 Phishing Update: Money-Flipping Schemes Promise Coronavirus Cash

COVID-19 Phishing Update: Threat Actors Abusing Utility Concerns

COVID-19 Phishing Update: Bad Actors Use Stimulus Payment Delays to Capture Banking Credentials

COVID-19 Phishing Update: Voicemail Attacks Surface Targeting Office 365 Users

COVID-19 Phishing Update: Workplace Concerns Exploited to Distribute Malware

COVID-19: New Daily Intel Download and Webinar Next Week

COVID-19 Phishing Update: Promise of Payments Fuel Financial Fraud

COVID-19 Phishing Update: Nigerian Prince Lures Evolve with Crisis

COVID-19 Phishing Update: Infected Coworker Email Targets Enterprise O365 Credentials

COVID-19 Phishing Update: Email Posing as Scam Guidance Delivers Malware Instead

COVID-19 Phishing Update: Your Bank is Not Texting You About Coronavirus

COVID-19 Phishing Update: Threat Actors Impersonating CDC, WHO

COVID-19 Phishing Update: Campaigns Exploiting Hope for a Cure

COVID-19 Phishing Update: Insurance Coverage Lures

COVID Phishing Update - Coronavirus wants your Bonus, too

Evasion Techniques: User-Agent Blocking

How Threat Actors are Abusing Coronavirus Uncertainty

APWG Year-End Report: 2019 A Roller Coaster Ride for Phishing

Evasion Techniques: Geoblocking by IP

Breakfast, Lunch, and Bourbon at RSA Conference 2020

Social Media Phishing: Beyond Credential Theft

Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

New Webinar: Inside the World of Social Media Phishing: Financial Scams

Threat Actor Abuses Mobile Sensor to Evade Detection

New White Paper: BEC Attacks are the Most Costly Form of Phishing

The Training Evaluation Conundrum

Beyond Marketing: Getting Ahead of Brand Issues

How to Handle Brand Impersonation on Social Media

Phishing Campaign Uses Malicious Office 365 App

Unique Countermeasures in Active Phishing Campaign Avoids Security Tools

Active TrickBot Campaign Observed Abusing SendGrid and Google Docs

Marketing Teams Are Not Equipped to Monitor Social Media Threats

Active Office 365 Credential Theft Phishing Campaign Targeting Admin Credentials

APWG: Two-Thirds of all Phishing Sites Used SSL protection in Q3

Social Media Account Takeover is as Vicious as a BEC Attack

Recap: How to Proactively Protect Users with Email Incident Response

Don’t Respond to Suspicious Emails

Best Practices for Defanging Social Media Phishing Attacks

More Bees with Honey? Reinforcement vs. Punishment in a Security Training Program

Beware of Account Takeover

Grease the Skids: Improve Training Successes by Optimizing the Environment

Training Not Sinking In? Try a Programmatic Approach

New Spear Phishing Campaign Impersonates VCs and PE Firms

APWG: Phishing Continues to Rise, Threat Actors Love Gift Cards

The Vast Social Media Landscape for Phishing Threats

Why Social Media is Increasingly Abused for Phishing Attacks

Phishing Simulations: Should they Reflect Real-World Attacks?

BEC Attacks: How CEOs and Executives are Put at Risk

Low Appetite for Long Security Training? Use a Bite Sized Approach

BEC Attacks: A Closer Look at Invoice Scams

How Spear Phishing Makes BEC Attacks So Effective

Romanian Cybercriminals Sentenced for Phishing Campaign

How Business Email Compromise (BEC) Attacks Impact Everyone

Threat Actors are Increasing Their Use of Free Hosts

We Are a Best Place to Work Four Years in a Row!

Phishing  Number One Cause of Data Breaches: Lessons from Verizon DBIR

More Than Half of Phishing Sites Now Use HTTPS

PhishLabs Enhances Email Incident Response Solution

The Definition of Phishing

Should User Passwords Expire? Microsoft Ends its Policy

6/13 Webinar: Handling Threats That Land in User Inboxes

The Rise in Mobile Phishing Attacks

These Are the Top Most Targeted Countries by Phishing Attacks

Beyond the Top 5 Industries Most Impacted by Social Engineering

Phishing Volume Continues to Rise

The Most Common Types of Reported Emails

2019 Phishing Trends & Intelligence Report: The Growing Social Engineering Threat

5 Tips for Smarter Detection and Collection of Digital Risks

Brain-Hacking Part 2: Ain’t Nobody Got Time for That!

Romanian Vishing/SMiShing Threat Actors Plead Guilty

It Only Takes One to Detect or Infect

This message is from a trusted sender, or is it?

Brain-hacking: Why Social Engineering is so effective

Hiding in Plain Sight: How Phishing Attacks are Evolving

How to Cut Healthcare Cyber Incidents by 80 Percent

BankBot Anubis Switches to Chinese and Adds Telegram for C2

Less Than 3 Percent of ‘Collection #1’ Data Dump Passwords are Unique

Social Risk Monitoring: All Press Good Press?

49 Percent of Phishing Sites Now Use HTTPS

Users Failing Phishing Simulations? That’s ok

Finding Threats That Go Undetected

Learn About Phishing Incident Response on Nov 15

Is it a Phish? Halloween Edition

Meet the Cyber Security Awareness Team: Dane

Executive Guide to Mobile Banking Trojans Now Available

Meet the Cyber Security Awareness Team: Kimber

Threat Announcement: Phishing Sites Detected on Emoji Domains

15 Years of Cybersecurity Awareness Month

How Social Media Can Cost You Thousands of Dollars

Targeting the Brand: Your C-Suite May Be at Risk

The Light in the Dark: Myths and Truths about the Dark Web

Phishing 101: Targeted Phishing Attacks

Defining and Managing Success for Security Teams

Geolocation Tracking Poses Risks to Your Employees

So You Got a SaaS Security Awareness Training Platform, Now What?

BankBot Anubis Still a Threat, Gets Upgrade

Phishing and Social Media, Will it Over Take Email?

The Perils of Public Wifi

How To Write Social Media Policies Designed to Reduce Digital Risks

Prep for Taxes? Prep for Tax Scammers!

Beyond Digital: How Social Media Can Lead to Physical Threats Towards Brands

Understanding Why Spear Phish Are Highly Effective

How To Tackle the Hidden Threat of Social Media

Using Reported Phish to Hunt Threats

Practice Makes Permanent: Avoiding The Training Forgetting Curve

How To Change Security Behaviors: Information Security

How Social Media Threatens Personal and Corporate Security

Is it a Phish? June 22 Edition

Phishing Around the World: How Attack Volume Grew in the Last Year

How To Change Security Behaviors: Social Media

How To Change Security Behaviors: Mobile Security

Is it a Phish? Office 365 Edition

FBI’s IC3 Report Reconfirms Impact of Phishing on Consumers

How To Change Security Behaviors: Identity Management

Is it a Phish? May 25 Edition

Mobile Adoption is Setting Security Awareness Training Back

Are Phishing Simulations a Replacement For Training? No.

Is it a Phish? Slightly Delayed Mother’s Day Edition

PTI 2018: The Biggest Key Findings and How to Defend Against Them

Two Romanian Threat Actors Extradited to US After $18M Fraud Scheme

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Is it a Phish? May the Fourth Be With You Edition

6 Steps to Quickly Defang Reported Phishing Emails

Credential Phishing: The Shift to Enterprise

Is it a Phish: Friday, April 27, 2018

PTI 2018: The Rising Risk for SaaS

The 2018 Phishing Trends & Intelligence Report Now Available

Is It a Phish? April 20 Edition

Security Awareness Training and How it Impacts Reported Suspicious Emails

2018 Phishing Trends & Intelligence Report: The Shift to Enterprise

How To Avoid Bursting the Buy-In Bubble

Silent Librarian University Attacks Continue Unabated in Days Following Indictment

RSA 2018: Preview the Latest Phishing Trends and Intelligence Report

How Universities Should Respond to Iranian Hacking Charges

Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment

MISTI: Phish are King, But What Comes Next?

With Spoofed Calls on the Rise, FCC Seeks New ID Authentication Program

New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users

Understanding Google Chrome’s Upcoming https Changes

PhishLabs Launches Future of Cybersecurity Scholarship Program

Webinar Announcement: Microlearning for Macro Results

Qadars: Modular Features That Make This a True Threat

HIMSS: Why the Healthcare Industry is a Unique Target for Cyber Criminals

How To Fight the War Against Phishing

How Security Teams Handle Malware Analysis

Who Says Holiday Romance is Dead? Catphishers, That’s Who

How To Make Reporting a Phish So Easy Even Your Busiest Execs Will Do It

The Case for 24/7 Threat Monitoring

7 Reasons Why Spotting a Phishing Email is Just the Beginning

Why Timely Analysis of Reported Emails Matters

Why Failure Isn’t the Enemy in the Fight Against Phishing

Webinar Announcement: Inside Qadars Banking Trojan

The 11 Types of Reported Emails

What Type of Emails Get Reported the Most?

Getting Past Gotcha: Reframing Anti-Phishing Training

You Reported a Potential Phish, Now What? [Webinar Recap]

How To Really Change User Email Behaviors (It’s Not About Education)

A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?

The Targeted Approach to Anti-Phishing: Improving Core Skills

Banking Trojan Dropped Through Spoofed Korean CERT Bulletin

Holiday Phishing Scams Target Job Seekers

Office DDE feature exploited to deliver DNSMessenger payload in new targeted phishing campaign

Have We Conditioned Web Users to be Phished?

Adwind Remote Access Trojan Still Going Strong

Final Review: How to Spot a Phish Video Series

Enterprise Credential Theft: How to Spot a Phish

URL Analysis: How to Spot a Phish Video

Credential Theft: How To Spot a Phish

APWG Report Reveals Increased Exploitation of Free Hosting Providers

Email Sender Domain: How to Spot a Phish Video

Tech Support Scams: How To Spot a Phish

Nigerian 419 Scams: How to Spot a Phish

BEC Scams: How to Spot a Phish

How to Spot a Phish Video: Spotting Red Flags

Ransomware: How to Spot a Phish

The Impact of Phishing, and Why it Should be Your #1 Priority

#CyberAware: Crash Course in Phishing

"Phish For The Future" is Perfect Example of Advanced Persistent Phishing

RedAlert2 Mobile Banking Trojan Actively Updating Its Techniques

Phishing landscape thrives in the second quarter of 2017

Phishing Implications of the Equifax Data Breach

Locky, Three Ways

BankBot Continues Its Evolution as AgressiveX AndroBot

The Evolution of Mobile Banking Trojans… and What To Do About Them (Part II)

Globe Imposter Ransomware Makes a New Run

The Evolution of Mobile Banking Trojans… and What To Do About Them (Part I)

Smoke Loader Adds Additional Obfuscation Methods to Mitigate Analysis

New Phishing-Based TrickBot Campaign Identified

Marcher Android Banking Trojan - Threat Actor Shifts Technique to Evade Detection

Not NotPetya (An analysis of Karo Ransomware)

New Tech Support Scam Strikes Amazon, eBay, and Alibaba Customers

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all