Recent Posts

Recent Blog Posts

The PhishLabs Blog

Credential Theft, O365 Lures Dominate Corporate Inboxes in Q1

47% Phishing Increase in Q1

Q1 2021 Threat Trends & Intelligence Report

Top 4 Digital Brand Threats

What is Digital Brand Protection?

Ransomware Playbook: Defense in Depth Strategies to Minimize Impact

Alien Mobile Malware Evades Detection, Increases Targets

ZLoader Dominates Email Payloads in Q1

Breaking Down the Latest O365 Phishing Techniques

Most Phishing Attacks Use Compromised Domains and Free Hosting

Surge in ZLoader Attacks Observed

OSINT: Mapping Threat Actor Social Media Accounts

Emotet Dismantled, Trickbot, ZLoader, and BazarLoader Step In

Threat Actor using Social Media to Scam Credit Union Members

Sharp Increase in Emotet, Ransomware Droppers

Using Social Media OSINT to Determine Actor Locations

Activists Leak Data Stolen in Ransomware Attacks

Look-alike Domain Mitigation: Breaking Down the Steps

Year In Review: Ransomware

The Anatomy of a Look-alike Domain Attack

The Year In Review: How COVID-19 Has Changed Cyber Security

APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS

Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

What is a Look-alike Domain?

Phishing Campaign Uses Malicious Office 365 App

Top 7 Use Cases for Digital Risk Protection

Ransomware Groups Break Promises, Leak Data Anyway

As Screen Time Skyrockets, So Does Threat of Fake Apps

How to Detect Look-alike Domain Registrations

Encryption to Double Extortion: Ransomware's Rapid Evolution

Limited Impact of Phishing Site Blocklists and Browser Warnings

$2.3M Stolen from Wisconsin GOP via BEC Attack

Ryuk Ransomware Targeting Healthcare

How URL Tracking Systems are Abused for Phishing

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

Eliminating the Threat of Look-alike Domains

What is Digital Risk Protection?

Digital Risk Protection vs. Threat Intelligence

How to Take Down Social Media Threats

Social Media Intelligence: Cutting Through the Noise

APWG: SSL Certificates No Longer Indication of Safe Browsing

Royal Ripper: Multi-Stage Phishing Attack Adapts to Victim Input

Navigating Social Media Threats : A Digital Risk Protection Playbook

Data Leaks in 2020: Accelerated Digital Transformation Exposes Enterprises

Gartner Releases Emerging Tech Report: Critical Insights into Digital Risk Protection

Account Takeover Attacks Cause Chaos @ Twitter

Gartner Releases 2020 Hype Cycle for Security Operations

Spoofed Domains Present Multifaceted, Growing Problems for Enterprises

Executive Impersonation Techniques on Social Media

Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites

FBI Warns of Growing Mobile Banking App Threats

Data Leakage on Social Media: Credit Card Info, Confidential Docs

Social Media Platforms Latest Channels used to Leak Sensitive Data

Threat Actors Impersonate Brands on Social Media for Malicious Purposes

Reporting Cyber Threats: Executives at Risk

COVID-19 Phishing Update: File Sharing Services Abused to Steal Credentials

COVID-19 Phishing Update: Threat Actors on Twitter Want You to Pay for Your Stolen Passwords

COVID-19 Phishing Update: BEC Lures use Pandemic to Enhance Attacks

COVID-19 Phishing Update: Money Mule Scams Use Remote Opportunities to Entice Victims

COVID-19 Phishing Update: Scammers Impersonating Financial Institutions on Instagram

COVID-19 Phishing Update: Money-Flipping Schemes Promise Coronavirus Cash

COVID-19 Phishing Update: Threat Actors Abusing Utility Concerns

COVID-19 Phishing Update: Bad Actors Use Stimulus Payment Delays to Capture Banking Credentials

COVID-19 Phishing Update: Voicemail Attacks Surface Targeting Office 365 Users

COVID-19 Phishing Update: Workplace Concerns Exploited to Distribute Malware

COVID-19: New Daily Intel Download and Webinar Next Week

COVID-19 Phishing Update: Promise of Payments Fuel Financial Fraud

COVID-19 Phishing Update: Nigerian Prince Lures Evolve with Crisis

COVID-19 Phishing Update: Infected Coworker Email Targets Enterprise O365 Credentials

COVID-19 Phishing Update: Email Posing as Scam Guidance Delivers Malware Instead

COVID-19 Phishing Update: Your Bank is Not Texting You About Coronavirus

COVID-19 Phishing Update: Threat Actors Impersonating CDC, WHO

COVID-19 Phishing Update: Campaigns Exploiting Hope for a Cure

COVID-19 Phishing Update: Insurance Coverage Lures

COVID Phishing Update - Coronavirus wants your Bonus, too

Evasion Techniques: User-Agent Blocking

How Threat Actors are Abusing Coronavirus Uncertainty

APWG Year-End Report: 2019 A Roller Coaster Ride for Phishing

Evasion Techniques: Geoblocking by IP

Breakfast, Lunch, and Bourbon at RSA Conference 2020

Social Media Phishing: Beyond Credential Theft

Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

New Webinar: Inside the World of Social Media Phishing: Financial Scams

Threat Actor Abuses Mobile Sensor to Evade Detection

New White Paper: BEC Attacks are the Most Costly Form of Phishing

The Training Evaluation Conundrum

Beyond Marketing: Getting Ahead of Brand Protection Issues

How to Handle Brand Impersonation on Social Media

Unique Countermeasures in Active Phishing Campaign Avoids Security Tools

Active TrickBot Campaign Observed Abusing SendGrid and Google Docs

Marketing Teams Are Not Equipped to Monitor Social Media Threats

Active Office 365 Credential Theft Phishing Campaign Targeting Admin Credentials

APWG: Two-Thirds of all Phishing Sites Used SSL protection in Q3

Social Media Account Takeover is as Vicious as a BEC Attack

Recap: How to Proactively Protect Users with Email Incident Response

Don’t Respond to Suspicious Emails

Best Practices for Defanging Social Media Phishing Attacks

More Bees with Honey? Reinforcement vs. Punishment in a Security Training Program

Beware of Account Takeover

Grease the Skids: Improve Training Successes by Optimizing the Environment

Training Not Sinking In? Try a Programmatic Approach

New Spear Phishing Campaign Impersonates VCs and PE Firms

APWG: Phishing Continues to Rise, Threat Actors Love Gift Cards

The Vast Social Media Landscape for Phishing Threats

Why Social Media is Increasingly Abused for Phishing Attacks

Phishing Simulations: Should they Reflect Real-World Attacks?

BEC Attacks: How CEOs and Executives are Put at Risk

Low Appetite for Long Security Training? Use a Bite Sized Approach

BEC Attacks: A Closer Look at Invoice Scams

How Spear Phishing Makes BEC Attacks So Effective

Romanian Cybercriminals Sentenced for Phishing Campaign

How Business Email Compromise (BEC) Attacks Impact Everyone

Threat Actors are Increasing Their Use of Free Hosts

We Are a Best Place to Work Four Years in a Row!

Phishing Number One Cause of Data Breaches: Lessons from Verizon DBIR

More Than Half of Phishing Sites Now Use HTTPS

PhishLabs Enhances Email Incident Response Solution

The Definition of Phishing

Should User Passwords Expire? Microsoft Ends its Policy

6/13 Webinar: Handling Threats That Land in User Inboxes

The Rise in Mobile Phishing Attacks

These Are the Top Most Targeted Countries by Phishing Attacks

Beyond the Top 5 Industries Most Impacted by Social Engineering

Phishing Volume Continues to Rise

The Most Common Types of Reported Emails

2019 Phishing Trends & Intelligence Report: The Growing Social Engineering Threat

5 Tips for Smarter Detection and Collection of Digital Risks

Brain-Hacking Part 2: Ain’t Nobody Got Time for That!

Romanian Vishing/SMiShing Threat Actors Plead Guilty

It Only Takes One to Detect or Infect

This message is from a trusted sender, or is it?

Brain-hacking: Why Social Engineering is so effective

Hiding in Plain Sight: How Phishing Attacks are Evolving

How to Cut Healthcare Cyber Incidents by 80 Percent

BankBot Anubis Switches to Chinese and Adds Telegram for C2

Less Than 3 Percent of ‘Collection #1’ Data Dump Passwords are Unique

Social Risk Monitoring: All Press Good Press?

49 Percent of Phishing Sites Now Use HTTPS

Users Failing Phishing Simulations? That’s ok

Finding Threats That Go Undetected

Learn About Phishing Incident Response on Nov 15

Is it a Phish? Halloween Edition

Meet the Cyber Security Awareness Team: Dane

Executive Guide to Mobile Banking Trojans Now Available

Meet the Cyber Security Awareness Team: Kimber

Threat Announcement: Phishing Sites Detected on Emoji Domains

15 Years of Cybersecurity Awareness Month

How Social Media Can Cost You Thousands of Dollars

Targeting the Brand: Your C-Suite May Be at Risk

The Light in the Dark: Myths and Truths about the Dark Web

Phishing 101: Targeted Phishing Attacks

Defining and Managing Success for Security Teams

Geolocation Tracking Poses Risks to Your Employees

So You Got a SaaS Security Awareness Training Platform, Now What?

BankBot Anubis Still a Threat, Gets Upgrade

Phishing and Social Media, Will it Over Take Email?

The Perils of Public Wifi

How To Write Social Media Policies Designed to Reduce Digital Risks

Prep for Taxes? Prep for Tax Scammers!

Beyond Digital: How Social Media Can Lead to Physical Threats Towards Brands

Understanding Why Spear Phish Are Highly Effective

How To Tackle the Hidden Threat of Social Media

Using Reported Phish to Hunt Threats

Practice Makes Permanent: Avoiding The Training Forgetting Curve

How To Change Security Behaviors: Information Security

How Social Media Threatens Personal and Corporate Security

Is it a Phish? June 22 Edition

Phishing Around the World: How Attack Volume Grew in the Last Year

How To Change Security Behaviors: Social Media

How To Change Security Behaviors: Mobile Security

Is it a Phish? Office 365 Edition

FBI’s IC3 Report Reconfirms Impact of Phishing on Consumers

How To Change Security Behaviors: Identity Management

Is it a Phish? May 25 Edition

Mobile Adoption is Setting Security Awareness Training Back

Are Phishing Simulations a Replacement For Training? No.

Is it a Phish? Slightly Delayed Mother’s Day Edition

PTI 2018: The Biggest Key Findings and How to Defend Against Them

Two Romanian Threat Actors Extradited to US After $18M Fraud Scheme

WannaCry, NotPetya and the Rest: How Ransomware Evolved in 2017

Is it a Phish? May the Fourth Be With You Edition

6 Steps to Quickly Defang Reported Phishing Emails

Credential Phishing: The Shift to Enterprise

Is it a Phish: Friday, April 27, 2018

PTI 2018: The Rising Risk for SaaS

The 2018 Phishing Trends & Intelligence Report Now Available

Is It a Phish? April 20 Edition

Security Awareness Training and How it Impacts Reported Suspicious Emails

2018 Phishing Trends & Intelligence Report: The Shift to Enterprise

How To Avoid Bursting the Buy-In Bubble

Silent Librarian University Attacks Continue Unabated in Days Following Indictment

RSA 2018: Preview the Latest Phishing Trends and Intelligence Report

How Universities Should Respond to Iranian Hacking Charges

Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment

MISTI: Phish are King, But What Comes Next?

With Spoofed Calls on the Rise, FCC Seeks New ID Authentication Program

New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users

Understanding Google Chrome’s Upcoming https Changes

PhishLabs Launches Future of Cybersecurity Scholarship Program

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all