Recent Posts

Recent Blog Posts

The PhishLabs Blog

More Bees with Honey? Reinforcement vs. Punishment in a Security Training Program

Posted by Kimber Bougan on Oct 22, '19

Ambassadors of security training programs often struggle with the most effective way to drive success. The ultimate purpose of these programs is to change employee behavior and create a more secure organization.

Read More

Topics: security awareness training, NCSAM

Beware of Account Takeover

Posted by Dane Boyd on Oct 15, '19

One way to verify if an email is legitimate is to look at the sender’s address, the actual sender’s address, not just the sender’s name. One tactic cyber criminals employ is using the sender’s name to trick the recipients.

Read More

Topics: security awareness training, Cyber Security Awareness Month, NCSAM

Grease the Skids: Improve Training Successes by Optimizing the Environment

Posted by Kimber Bougan on Oct 8, '19

You have carefully selected a training program. Employees are completing the courses. And yet, they are not reporting suspicious emails and their passwords are made up of favorite sports teams and graduation dates. What is missing?

Read More

Topics: security awareness training, Cyber Security Awareness Month, NCSAM

Training Not Sinking In? Try a Programmatic Approach

Posted by Kimber Bougan on Oct 1, '19

In honor of National Cybersecurity Awareness Month (CSAM), Dane Boyd, PhishLabs’ Security Training Manager, and I will share a series of posts covering topics from cybersecurity to organizational learning and development. We are kicking off the series by covering a topic near and dear to my heart: taking a programmatic approach to implementing a security training program.

Read More

Topics: security awareness training, Cyber Security Awareness Month, NCSAM

New Spear Phishing Campaign Impersonates VCs and PE Firms

Posted by The PhishLabs Team on Sep 20, '19

In the past 48 hours, PhishLabs has identified and successfully thwarted a sophisticated phishing campaign targeting the Office 365 credentials of high-value targets. this however campaign is still active, and security teams should familiarize themselves with the tactics, indicators, and remain vigilant. In these attacks, the threat actor(s) is posing as private equity firms submitting non-disclosure agreements.

Read More

Topics: Spear Phishing, Email Incident Response, SOAR

APWG: Phishing Continues to Rise, Threat Actors Love Gift Cards

Posted by Elliot Volkman on Sep 19, '19

This week APWG released its findings from Q2 of this year that compiles insights from their member companies and provides an analysis of how phishing is changing. This quarter's report shows that phishing attacks continue to increase, both SaaS and email service providers are prime targets, BEC attacks are focused on getting gift cards, and more than half of phishing sites continue to abuse HTTPS.

Read More

Topics: Phishing, APWG, BEC, https

The Vast Social Media Landscape for Phishing Threats

Posted by Elliot Volkman on Sep 12, '19

On a daily basis, around 42% of the global population, or 3.2 billion people, uses some form of social media. Of that number, people spend a daily average of 2.2 hours on these networks, too. These two numbers are exactly why threat actors continue to flock to social media to abuse them for phishing purposes; however, there is far more to this story. Phishing threats extend well beyond Twitter, Telegram, Snapchat, and the other big networks.

Read More

Topics: social media, Email Incident Response

Why Social Media is Increasingly Abused for Phishing Attacks

Posted by Elliot Volkman on Sep 5, '19

Today, social media is a daily medium for communication for much of the modern world, and adoption only continues to grow. Because of this, much like how threat actors started to target mobile users, they have begun to abuse social media, too.

Read More

Topics: Social Media Monitoring

Phishing Simulations: Should they Reflect Real-World Attacks?

Posted by Dane Boyd on Aug 29, '19

As the manager of a security awareness team, whose primary goal is to educate users on how to spot phishing attacks, I often get asked, “can you make the phishing simulations look like real-world phish?”

This is when I show people what real-world phishing attacks look like.

Read More

Topics: Phishing Simulation, security awareness training

BEC Attacks: How CEOs and Executives are Put at Risk

Posted by Elliot Volkman on Aug 22, '19

Business Email Compromise (BEC) attacks are the most costly and effective forms of phishing. In most cases, these attacks use highly research social engineering to go after the top brass in a company with a motive of stealing corporate dollars or breaching their network.

Read More

Topics: Email Incident Response

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all