Recent Posts

Recent Blog Posts

The PhishLabs Blog

The Vast Social Media Landscape for Phishing Threats

Posted by Elliot Volkman on Sep 12, '19

On a daily basis, around 42% of the global population, or 3.2 billion people, uses some form of social media. Of that number, people spend a daily average of 2.2 hours on these networks, too. These two numbers are exactly why threat actors continue to flock to social media to abuse them for phishing purposes; however, there is far more to this story. Phishing threats extend well beyond Twitter, Telegram, Snapchat, and the other big networks.

Read More

Topics: social media, Email Incident Response

Why Social Media is Increasingly Abused for Phishing Attacks

Posted by Elliot Volkman on Sep 5, '19

Today, social media is a daily medium for communication for much of the modern world, and adoption only continues to grow. Because of this, much like how threat actors started to target mobile users, they have begun to abuse social media, too.

Read More

Topics: Social Media Monitoring

Phishing Simulations: Should they Reflect Real-World Attacks?

Posted by Dane Boyd on Aug 29, '19

As the manager of a security awareness team, whose primary goal is to educate users on how to spot phishing attacks, I often get asked, “can you make the phishing simulations look like real-world phish?”

This is when I show people what real-world phishing attacks look like.

Read More

Topics: Phishing Simulation, security awareness training

BEC Attacks: How CEOs and Executives are Put at Risk

Posted by Elliot Volkman on Aug 22, '19

Business Email Compromise (BEC) attacks are the most costly and effective forms of phishing. In most cases, these attacks use highly research social engineering to go after the top brass in a company with a motive of stealing corporate dollars or breaching their network.

Read More

Topics: Email Incident Response

Low Appetite for Long Security Training? Use a Bite Sized Approach

Posted by Kimber Bougan on Aug 13, '19

Although computer-based training has been on the scene for over two decades, it is only recently that learning professionals have begun to optimize it. Often these courses present hours of content in a single learning experience.

While the flexibility of computer-based training offers convenience, learners are often overloaded and overwhelmed by the amount of information presented to them.

Read More

Topics: security awareness training, nanolearning

BEC Attacks: A Closer Look at Invoice Scams

Posted by Elliot Volkman on Aug 8, '19

Business Email Compromise attacks are some of the most costly and vicious forms of phishing. Unlike the standard pray and spray approaches to phishing, they take a great deal of research and personalization to persuade a victim to hand over their credentials or wire them funds. This week we’re taking a closer look at how invoice scams work, just one of the many sub-types of BEC or spearphishing attacks.

Read More

Topics: BEC

How Spear Phishing Makes BEC Attacks So Effective

Posted by Elliot Volkman on Aug 2, '19

Everyone will at some point see a standard phishing email. Be it the 409 Scam (Nigerian Prince) or even a fake password reset, these are pretty easy to spot, and most people delete it without flinching. However, for the select few who have been on the receiving end of a spear phish, it’s often a more memorable experience.

Read More

Topics: BEC

Romanian Cybercriminals Sentenced for Phishing Campaign

Posted by John LaCour on Jul 25, '19

This week, the Department of Justice for the U.S. Attorney’s Office for the Northern District of Georgia announced the final of three sentences to be carried out by cybercriminals that plead guilty to carrying out phishing campaigns involving vishing and SMiShing. I’m proud to say that the apprehension and conviction of these criminals was supported in part by intelligence PhishLabs provided in cooperation with federal law enforcement officials.

Read More

Topics: Vishing, SMiShing, Phishing Incident Response

How Business Email Compromise (BEC) Attacks Impact Everyone

Posted by Elliot Volkman on Jul 18, '19

Business email compromise (BEC) attacks are among the most effective forms of phishing in our modern world. Regardless of the technology in place, the social engineering involved easily will bypass it and can trick even trained users.

Read More

Topics: BEC

Threat Actors are Increasing Their Use of Free Hosts

Posted by Elliot Volkman on Jul 11, '19

In our continued expansion and exploration of data from this year’s annual Phishing Trends and Intelligence report it’s time to take a closer look into free hosts. More specifically, the free hosts and domains that threat actors abuse in order to further distribute phishing attacks. While phishing sites that abuse free hosts don’t make up the majority, the use of them is increasing dramatically.

Read More

Topics: PTI Report

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all