The PhishLabs Blog

PhishLabs has observed an active TrickBot campaign targeting the employees of multiple organizations. Trickbot is a sophisticated successor of the Dyre Banking Trojan. It uses an intricate network of command and control servers (C2), web injects, and customized redirection attacks that leverage HTML or JavaScript injections to target numerous financial institutions across many geographies and language zones.

Every second, 5,787 tweets are published. Every minute, 300 hours of video are uploaded to YouTube. These are just two of the more popular social networks, and among these data points are the occasional references to a specific organization, its brands, and even customers or employees.

PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign. In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains - an educational institution for example - not belonging to Microsoft. If the victim clicked the link, they were presented with a spoofed login for Office 365.

This week, APWG released its findings from Q3 that compiles insights from their member companies and provides an analysis of how phishing is changing. The key findings from the latest report show that phishing attacks continued to rise throughout the year, 40% of BEC attacks involve domains registered by the threat actor, and now more than two-thirds of all phishing sites are using SSL certs or HTTPS.

At the height of social media adoption, users willingly shared everything from the lunch they just ate to the exact places they visited throughout the day. While some of this has been reduced as consumers learned how sharing private information could impact their privacy, many people still hide these kinds of updates behind basic security controls. This is just one of the reasons that a flurry of activity has slid into people’s DMs, and led to the $19 billion dollar sale of Whatsapp, $1.7 billion raised by Telegram, and longevity of Snapchat.

This year organizations are estimated to have spent more than $124 billion on security, yet phishing attacks continue to bypass email security technology. Is it possible to proactively stop threats that would otherwise make it past your infrastructure? If you attended our most recent webinar, you know the answer is yes.

Sometimes when sending phishing simulations to our clients, we setup a reply-to address to see if people will reply to suspicious emails and many do.

Social media-based phishing attacks have taken off in a big way.

Ambassadors of security training programs often struggle with the most effective way to drive success. The ultimate purpose of these programs is to change employee behavior and create a more secure organization.

One way to verify if an email is legitimate is to look at the sender’s address, the actual sender’s address, not just the sender’s name. One tactic cyber criminals employ is using the sender’s name to trick the recipients.