Recent Posts

Recent Blog Posts

The PhishLabs Blog

Crane Hassold, Threat Intelligence Manager

A member of the PhishLabs R.A.I.D., Crane specializes in cyber behavioral analysis. Prior to PhishLabs, he spent 12 years with the FBI, helping to create and build the FBI's Cyber Behavioral Analysis Center.
Find me on:

Recent Posts

A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?

The push for more widespread adoption of HTTPS has been in full-force this year as a way to increase the number of websites that securely transmit information on the Internet. In January, both Chrome and Firefox browsers began alerting users whenever sensitive information, such as passwords or credit card information, was entered on a non-HTTPS web page. In October, Google took this a step further by displaying a “Not Secure” label in the URL bar whenever a user enters any text on an HTTP website.

Read More

Topics: Threat Intelligence, Phishing Trends and Intelligence Report,, Phish

Have We Conditioned Web Users to be Phished?

Have the well-meaning recommendations of the security community made web users more vulnerable to cyber attacks? Have we conditioned people to be phished?

The HTTPS Paradox

You know that little green padlock symbol that appears in your browser’s URL bar every now and then? What do you think it means?

Read More

Topics: Phishing, Cyber Security Awareness Month

BEC Scams: How to Spot a Phish

All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

The Mobile Phishing Threat You’ll See Very Soon: URL Padding

The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.

And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day.

An SMS arrived? Better read it straight away.

New email? Let me at it.

Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to.

The increased attack volume we’re seeing directed at mobile devices is really nothing more than recognition on the part of threat actors that mobile devices account for an increasingly large proportion of web traffic… but aren’t nearly as well protected as PCs and laptops.

So with all that in mind, it shouldn’t be terribly surprising that we have a new mobile phishing threat to tell you about.

Read More

Topics: Mobile, Phish

How Phishing Volume Grew in the First Three Months of 2017

For the past several years, we’ve released an annual report during the first quarter of the year detailing precisely how the phishing landscape had evolved during the preceding 12 months.

Read More

Topics: Phishing, PTI Report

Beyond .COM: Analysis of Phishing Domains in 2016

In the past few years, you’ve no doubt started to see some pretty strange website suffixes.

You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.

Read More

Topics: Phishing, PTI Report

Disrupting the Phishing Supply Chain

Phishing has proven to be a successful, lucrative, and persistent threat vector that does not discriminate by industry or size of an organization. Traditional defensive measures against phishing attacks focus on shutting down the web page. This may address the immediate problem, is that really a fight? This reaction does little to stop the cybercriminal who is able to continue launching future attacks. 

For us to truly evolve the fight against phishing, we need to combine the traditionally defensive posture with a proactive, aggressive strategy. This shift will allow us to disrupt the phishing supply chain and proactively go after kits and their creators on the distribution level instead of reacting to phishing sites that have been identified one-at-a-time. 

Using in-depth, comprehensive intelligence can help us do a better job of fighting phishing instead of reacting to it. If we are able to provide context to threats by understanding where and how they manifest, we are able to better prepare, defend, and prevent future cyberattacks.  

Read More

Topics: Phishing

Phishing Attacks Come in a Wide Variety of Flavors...Make Sure Your Employees Get a Taste of Each

While more organizations than ever before recognize the need to educate and train their employees on the dangers
of phishing attacks, it’s important that those in charge of training make sure employees understand that not all phishing probes are alike. That’s because recognizing the “smell” of a phishing attempt is a powerful defense against17_MA_the-New-Face-of-BEC-in-the-Coming-Year.jpg the malicious bag of tricks used by cybercriminals to breach your security. 

In 2015, PhishLabs analyzed more than 1 million confirmed malicious phishing sites residing on more than 130,000 unique domains. While the typical consumer phishing attack has garnered much attention, the specialized business spear phishing attack poses increasing risk for a company and its employees. 

Here’s a brief menu of the types of phishing attacks your employees need to recognize and avoid. 

Read More

Topics: Phishing, Ransomware, Spear Phishing

Recent Phishing Campaign Uses Jabber to Exfiltrate Compromised Information

While analyzing a recent phishing campaign targeting a Canadian financial institution, we came across an interesting technique used by the phishers to exfiltrate the personal and financial data obtained from victims.  Historically, phishers have most commonly used disposable email accounts to collect compromised information from phishing campaigns.  Sending compromised data to a temporary email account has likely been adopted by the phishing community because email accounts are easily accessible, and mailing scripts can be used or built with very little PHP knowledge.  Instead of forwarding phished data to an email account, we have also seen phishers that have stored victim information on the compromised phishing server, which allows them to consolidate all of the data into one file rather than having to sift through individual emails for each piece of information. 

Read More

Topics: Phishing, Hacker Tools, Spear Phishing

Digging Deeper into IRS Phishing Attacks:  How Do They Work and Who are the Scammers Behind Them?

Recently, the media has been exploding with articles noting a massive increase in tax fraud phishing scams. The IRS publicly announced that they had seen a 400 percent increase in phishing incidents so far this year targeting taxpayers. Phishing is even on the IRS’ “Dirty Dozen” list of scams for the 2016 tax season.

Read More

Topics: Phishing, Fraud, Phish Kit, Spear Phishing, IRS Phishing Attacks


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events


Posts by Topic

see all