The PhishLabs Blog

Lindsey Havens

Recent Posts

Coming Soon - Healthcare Security Awareness Training, the 2017 Buyer’s Guide

Posted by Lindsey Havens on Jun 2, '17

Historically, security awareness training (SAT) in the healthcare industry… isn’t great. In fact, if you start talking about SAT to a healthcare CISO, you can see the frustration on their face almost immediately.

Back in February we attended HIMSS, one of the biggest healthcare IT shows in the US. We wanted to find out exactly what healthcare providers needed from a SAT program, and show them that (done properly) SAT can have a tremendous positive effect on the operational security of healthcare organizations.

Read More

Topics: security awareness training

How Malicious Domain Correlation is Fueling the Fight Against Phishing

Posted by Lindsey Havens on May 19, '17

In the fight against phishing, there’s far more to think about than simply blocking malicious email.

In fact, as a security vendor, our analysts spend a huge amount of time trying to disrupt the phishing landscape in a way that makes all of us safer.

Read More

Topics: Phishing

How To use URL Pattern Analysis for Phishing Detection & Mitigation

Posted by Lindsey Havens on May 5, '17

When you’re attempting to mitigate the risk of phishing, threat intelligence plays a vital role.

After all, what better way to predict and intercept future phishing attacks than by analyzing past attacks for patterns and indicators?

This post is the second in a series breaking down lessons learned from our recent consumer-focused phishing webinar. In the first post we covered the value of phishing intelligence, and explained how to use source code analysis to link individual phishing sites back to the phishing kits and actors responsible.

Read More

Topics: Phishing, Threat Intelligence

7 Things the Healthcare Industry Needs from Security Awareness Training: HIMSS Feedback

Posted by Lindsey Havens on Mar 30, '17

Mention security awareness training in a healthcare setting and stress levels start to rise.

But it doesn’t have to be that way.

Last month we attended HIMSS, one of the largest healthcare specific IT conferences in the US. We wanted to show healthcare providers that security awareness training doesn’t have to be a huge burden, and that (done well) it can have a profound impact on a healthcare organization’s security profile.

But to do that, we needed to have frank conversations with as many healthcare providers as possible. We needed to find out what healthcare security professionals require from their security awareness training in terms of structure, content, and results.

And that’s exactly what we did.

Read More

Topics: security awareness training

How and Why the Phishing Threat Landscape Has Changed

Posted by Lindsey Havens on Mar 24, '17

Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.

It was a serious threat, of course, but it had become somewhat… predictable.

But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.

Read More

Topics: Phishing, Phish Kit, Ransomware, PTI Report

Picking on the Little Guy: Ransomware Trends

Posted by Lindsey Havens on Mar 8, '17

In late 2015, malware trends hinted a ransomware epidemic was on its way.

And what happened? Less than three months into 2016, security analysts had branded it the ‘year of ransomware’.

Even popular media outlets were covering ransomware cases on an almost daily basis, and both consumers and businesses the world over would come to understand exactly what the word ransomware really means.

So what happened? After all, ransomware has been around for decades, so why the sudden explosion?

Read More

Topics: Ransomware, PTI Report

APWG & Kaspersky Research Confirms Phishing Trends & Intelligence Report Findings

Posted by Lindsey Havens on Mar 2, '17

“For any study or research project, the ultimate assessment of validity is independent duplication of results.”

This quote was the first line of an email I received a few days ago from Crane Hassold, our senior security threat researcher at PhishLabs.

And since we’ve recently published our annual Phishing Trends & Intelligence (PTI) report, I was interested to learn more.

Read More

Topics: Phishing, PTI Report

Anatomy of a Phishing Attack: How Phish Kits Evolved in 2016

Posted by Lindsey Havens on Feb 23, '17

At this point, most organizations are already aware of phishing. No matter what industry you’re in, phishing is one of the top cyber threats you’ll face in 2017.

But for most people, the threat actors responsible for phishing attacks are something of a mystery. They picture a faceless, hooded specter, hidden somewhere in the dark recesses of the Internet.

Read More

Topics: Phishing, Phish Kit, PTI Report

Shooting Gallery: A Breakdown of Phishing Targets in 2016

Posted by Lindsey Havens on Feb 21, '17

Many organizations assume they won’t be targeted by phishers.

After all, they aren’t financial institutions, or retail outlets, or e-payment services, so why would anyone target them?

And we get it. Your security budget is only so big, and you have to make decisions about where to allocate it. You can’t cover all your bases all the time.

But the phishing landscape has moved, and the old ‘rules’ don’t apply anymore.

Read More

Topics: Phishing, PTI Report

The Sinister New Trend in Phishing (and Why You Should Care)

Posted by Lindsey Havens on Feb 14, '17

Unless you’ve been living under a rock for the past decade, you’ve already heard of phishing.

You probably have an idea of how it works. Perhaps you’ve even spotted a few suspicious emails in your inbox.

Security conscious organizations have been concerned about phishing for a long time. Many have been actively teaching employees to recognize and report phishing emails on sight.

Read More

Topics: Phishing, PTI Report

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all