The PhishLabs Blog

Crane Hassold, Senior Security Threat Researcher

A member of the PhishLabs R.A.I.D., Crane specializes in cyber behavioral analysis. Prior to PhishLabs, he spent 12 years with the FBI, helping to create and build the FBI's Cyber Behavioral Analysis Center.
Find me on:

Recent Posts

The Mobile Phishing Threat You’ll See Very Soon: URL Padding


The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.

And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day.

An SMS arrived? Better read it straight away.

New email? Let me at it.

Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to.

The increased attack volume we’re seeing directed at mobile devices is really nothing more than recognition on the part of threat actors that mobile devices account for an increasingly large proportion of web traffic… but aren’t nearly as well protected as PCs and laptops.

So with all that in mind, it shouldn’t be terribly surprising that we have a new mobile phishing threat to tell you about.

Read More

Topics: Mobile, Phish

How Phishing Volume Grew in the First Three Months of 2017


For the past several years, we’ve released an annual report during the first quarter of the year detailing precisely how the phishing landscape had evolved during the preceding 12 months.

Read More

Topics: Phishing, PTI Report

Beyond .COM: Analysis of Phishing Domains in 2016


In the past few years, you’ve no doubt started to see some pretty strange website suffixes.

You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.

Read More

Topics: Phishing, PTI Report

Disrupting the Phishing Supply Chain


Phishing has proven to be a successful, lucrative, and persistent threat vector that does not discriminate by industry or size of an organization. Traditional defensive measures against phishing attacks focus on shutting down the web page. This may address the immediate problem, is that really a fight? This reaction does little to stop the cybercriminal who is able to continue launching future attacks. 

For us to truly evolve the fight against phishing, we need to combine the traditionally defensive posture with a proactive, aggressive strategy. This shift will allow us to disrupt the phishing supply chain and proactively go after kits and their creators on the distribution level instead of reacting to phishing sites that have been identified one-at-a-time. 

Using in-depth, comprehensive intelligence can help us do a better job of fighting phishing instead of reacting to it. If we are able to provide context to threats by understanding where and how they manifest, we are able to better prepare, defend, and prevent future cyberattacks.  

Read More

Topics: Phishing

Phishing Attacks Come in a Wide Variety of Flavors...Make Sure Your Employees Get a Taste of Each


While more organizations than ever before recognize the need to educate and train their employees on the dangers
of phishing attacks, it’s important that those in charge of training make sure employees understand that not all phishing probes are alike. That’s because recognizing the “smell” of a phishing attempt is a powerful defense against17_MA_the-New-Face-of-BEC-in-the-Coming-Year.jpg the malicious bag of tricks used by cybercriminals to breach your security. 

In 2015, PhishLabs analyzed more than 1 million confirmed malicious phishing sites residing on more than 130,000 unique domains. While the typical consumer phishing attack has garnered much attention, the specialized business spear phishing attack poses increasing risk for a company and its employees. 

Here’s a brief menu of the types of phishing attacks your employees need to recognize and avoid. 

Read More

Topics: Phishing, Ransomware, Spear Phishing

Recent Phishing Campaign Uses Jabber to Exfiltrate Compromised Information


While analyzing a recent phishing campaign targeting a Canadian financial institution, we came across an interesting technique used by the phishers to exfiltrate the personal and financial data obtained from victims.  Historically, phishers have most commonly used disposable email accounts to collect compromised information from phishing campaigns.  Sending compromised data to a temporary email account has likely been adopted by the phishing community because email accounts are easily accessible, and mailing scripts can be used or built with very little PHP knowledge.  Instead of forwarding phished data to an email account, we have also seen phishers that have stored victim information on the compromised phishing server, which allows them to consolidate all of the data into one file rather than having to sift through individual emails for each piece of information. 

Read More

Topics: Phishing, Hacker Tools, Spear Phishing

Digging Deeper into IRS Phishing Attacks:  How Do They Work and Who are the Scammers Behind Them?


Recently, the media has been exploding with articles noting a massive increase in tax fraud phishing scams. The IRS publicly announced that they had seen a 400 percent increase in phishing incidents so far this year targeting taxpayers. Phishing is even on the IRS’ “Dirty Dozen” list of scams for the 2016 tax season.

Read More

Topics: Phishing, Fraud, Phish Kit, Spear Phishing, IRS Phishing Attacks

New Phish Kit Backdoor Techniques: "The Dufresne" and "The Vezzini"


The market for pre-made phishing kits is thriving.  Think of a financial institution, email provider, or e-commerce site and someone somewhere has undoubtedly created a pre-packaged collection of the files necessary to create a fictitious site designed to obtain personal and financial information from unsuspecting victims.  These kits are often sold in Dark Web marketplaces or underground hacking forums, but they are also commonly distributed for free on various social media sites.

Read More

Topics: Phishing, Threat Analysis, Phish Kit

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all