Recent Posts

Recent Blog Posts

The PhishLabs Blog

Stacy Shelley

Recent Posts

How To Avoid Bursting the Buy-In Bubble

Posted by Stacy Shelley on Apr 12, '18

You know the feeling.

You’re excited about something. It’s new, it’s interesting, and you’re ready to go.

But then something happens and all of a sudden that excitement just drains away, to be replaced with a resounding “Meh.”

Read More

Topics: Employee Defense Training, security awareness training

APWG Report Reveals Increased Exploitation of Free Hosting Providers

Posted by Stacy Shelley on Oct 18, '17

The Anti-Phishing Working Group (APWG) has released the Phishing Activity Trends Report for the first half of 2017. APWG  utilizes  reported phishing attacks from multiple data sources to track, analyze, and report on fraud resulting  from phishing, crimeware, and email spoofing.  The report reveals frequent targeting in Payment, Financial, and Webmail sectors, as well as a rise in phishing attacks that utilize website builders and free hosting providers. 

Crane Hassold, Manager of Threat Intelligence at PhishLabs, noted in the report that hosting providers that offer free hosting and free  website-building tools provide criminals with opportunities. “These free hosts are not only easy and cheap to use, but they also allow threat actors to create subdomains spoofing a targeted brand, resulting in a more legitimate-looking phishing site. Free hosts also afford phishers additional anonymity, because these services do not make registrant information easily available.”

Read More

Topics: Phishing, APWG

"Phish For The Future" is Perfect Example of Advanced Persistent Phishing

Posted by Stacy Shelley on Sep 29, '17


The Electronic Frontier Foundation (EFF) has reported that activists at Free Press and Fight for the Future were hit over the summer with a targeted spear phishing campaign that involved nearly 70 phishing attempts. If you haven't read their report, you should. Very few organizations would come out of the same situation unscathed.

Read More

Topics: Spear Phishing, Phish, EFF, Advanced Persistent Phish

Q1 2017 Phishing Trends & Intelligence Report

Posted by Stacy Shelley on Jun 8, '17

We all know that the only constant in life is change, but it is often surprising how quickly we must pivot and re-evaluate what we know to be true. In the words of General Shinseki, former U.S. Army Chief of Staff,  “I f you don’t like change, you’re going to like irrelevance even less.”   
What' s most imp ortant is how we respond to the shifts, and, when talking about cyber security, how we continue to effectively mana ge risk in the midst of shifting threats. 
Read More

Topics: Phishing, Phishing Trends and Intelligence Report,

FFIEC issues new guidance on mobile risks

Posted by Stacy Shelley on May 2, '16

This past Friday, the Federal Financial Institutions Examination Council (FFIEC) released new guidance to banks, credit unions, and other financial institutions regarding mobile financial services (MFS). These are the services that institutions provide to their customers through mobile devices, such as electronic payments, remote deposits, mobile apps, etc.

Read More

Topics: ATO, Mobile, Compliance, FFIEC

#PHISHRAGE shirts at RSA USA 2016

Posted by Stacy Shelley on Feb 11, '16

It's frustrating when users get phished. Especially when you've told them repeatedly not to open untrusted links or attachments.  But remember, violence isn't the answer.

Instead, express yourself in a safe way that keeps you gainfully employed: by sporting a fresh, new #PHISHRAGE shirt!

Made with a comfortable blend of high quality cotton and seething rage, you'll want to wear it to work every day. 

 You can get yourself one at the upcoming RSA USA Conference. We'll be there in the North Expo, Booth 3845. Give us your shirt size in advance and we'll have it waiting for you:  

I want a #PHISHRAGE shirt.

Read More

Employees are going to get phished. Why even bother with awareness training?

Posted by Stacy Shelley on Feb 4, '16

Recently, I had a call with a rather prominent analyst in the cyber security community. We were having a pretty good conversation about security awareness training, focusing on the T2 Employee Defense Training service we launched this week. As the conversation was wrapping up, he said, “You know, I’ve always believed that trying to train employees for phishing emails was pointless. No matter how good the training is, someone is still going to fall for an attack. So why even bother?”

Read More

Topics: Awareness Training, T2, Employee Defense Training, security awareness training

Preventing Payload Delivery via Spear Phishing

Posted by Stacy Shelley on Oct 8, '15

To help security leaders strategically manage their defensive posture, we have created a framework that spans relevant security layers from the start of an attack to its resolution. When applied, this framework helps organizations:

Read More

Topics: Spear Phishing Protection

Introducing the Defensive Framework for Spear Phishing

Posted by Stacy Shelley on Sep 24, '15

Spear phishing is the preferred attack method for advanced threat actors. Well-crafted spear phishing attacks easily slip past layers of defenses and target the only vulnerability that cannot be patched – people. The vast majority of headline data breaches in recent years have all begun with spear phishing attacks.  If your organization has intellectual property, customer data, or critical systems that are valuable, your employees are being targeted with spear phishing emails.

Read More

Topics: Spear Phishing

PhishLabs Named a Top-Performing Company

Posted by Stacy Shelley on Sep 16, '15

PhishLabs is one of the fastest growing firms in South Carolina

Read More

Topics: Company News


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events


Posts by Topic

see all