Recent Posts

Recent Blog Posts

The PhishLabs Blog

Year In Review: Ransomware

Posted by Jessica Ellis on Dec 15, '20

In 2020, cybercrime has seen a dramatic evolution in ransomware attacks. This threat type has adopted increasingly malevolent tactics and targeted some of the year's most vulnerable industries. Operators are linking up, franchising their attacks, extorting their victims, then expecting organizations to believe them trustworthy. By 2021, ransomware is anticipated to cause $20 billion in loss. 
Read More

Topics: Ransomware

The Anatomy of a Look-alike Domain Attack

Posted by Tricia Harris on Dec 11, '20

Cybercriminals register hundreds of thousands of look-alike domains every year to impersonate reputable brands and make a profit. These domains are used for a variety of attacks including phishing emails, fraudulent websites, web traffic diversion, and malware delivery.

Read More

Topics: Spear Phishing Protection, business email compromise, Digital Risk Protection, Domains

The Year In Review: How COVID-19 Has Changed Cyber Security

Posted by The PhishLabs Team on Dec 8, '20

The novel coronavirus has dominated 2020, and in the cyber community, threat actors have capitalized on its impact from the beginning. In early March we saw the first of what would be an onslaught of criminal activity using the pandemic to manipulate users, and over the course of the year these attacks have been modified to reflect local and global fallout. 
Read More

Topics: COVID-19

APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS

Posted by Jessica Ellis on Dec 3, '20

The Anti-Phishing Working Group (APWG), known for its collaborative analysis of phishing attacks and identify theft techniques, has released its Phishing Activity Trends Report for Q3 of 2020. Highlights from the report include more than two hundred thousand unique phishing websites detected in August and September, SSL encryption for phishing sites overtaking SSL deployment for general websites, and a 10 percent increase in BEC attacks originating from free webmail accounts. 
Read More

Topics: Phishing, BEC, business email compromise, https, Domains

Easy to Deceive, Difficult to Detect, Impersonation Dominates Attacks

Posted by Jessica Ellis on Dec 1, '20

Impersonation enables threat actors to manipulate victims into disclosing sensitive information as well as enhance their ability to commit fraud. An organization's name, logo, or messaging can be incorporated into almost any threat type, making it an easy and versatile element of a cyber attack. Impersonation is an especially difficult technique to defend against because of its diverse range of use cases, and in order to protect themselves against attacks, organizations should learn to identify its range of malicious applications. 
>> Learn More About How Threat Actors Use Impersonation <<
In this article, we explore the variety of ways impersonation can be used to target a single entity. All examples originate from the same financial institution (FI). 
Read More

Topics: Digital Risk Protection, DRP, Domains, Brand Abuse

What is a Look-alike Domain?

Posted by Tricia Harris on Nov 25, '20

By definition, a look-alike domain is a nearly identical, slightly altered domain name, registered with intent to deceive. Cybercriminals register hundreds of thousands of look-alike domains each year with the goal of impersonating legitimate brands and making money, usually by committing fraud.

In this post, we’ll describe how domains help us communicate on the Internet, the anatomy of a look-alike domain and why we fall for them, how attackers create them, and the best place to begin when facing this common threat.

Read More

Topics: Digital Risk Protection, Domains

Phishing Campaign Uses Malicious Office 365 App

Posted by Michael Tyler on Nov 25, '20

Most phishing campaigns use social engineering and brand impersonation to attempt to take over accounts and trick the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.

Read More

Topics: Email Incident Response, Office 365

Top 7 Use Cases for Digital Risk Protection

Posted by The PhishLabs Team on Nov 25, '20

Today’s enterprises are experiencing an accelerated digital transformation due to the pandemic, and adoption of initiatives that would normally span years are being fast-tracked to support remote workforces and transition to new platforms. The external digital landscape is also rapidly expanding, and organizations are being required to conduct business more frequently through non-traditional channels. This digital evolution is leaving enterprises increasingly susceptible to attacks outside the network perimeter. 

In order to detect and respond to today's most relevant threats, security teams are investing in operational Digital Risk Protection (DRP) capabilities. 
Read More

Topics: Digital Risk Protection, DRP

Ransomware Groups Break Promises, Leak Data Anyway

Posted by Jessica Ellis on Nov 25, '20

While paying ransoms to cybercriminals remains very controversial, the trend of ransomware groups threatening to leak sensitive data has added another layer of complexity to an already difficult decision. Should organizations pay up? Or should they refuse?  According to a recent report, it may not matter. Data stolen in ransomware attacks is frequently becoming public even after the victim has paid. 
Read More

Topics: Ransomware, Digital Risk Protection, Email Intelligence & Response, DRP

As Screen Time Skyrockets, So Does Threat of Fake Apps

Posted by Jessica Ellis on Nov 25, '20

App downloads fueled by COVID-19 lockdowns leapt to 37.5 billion in Q2 of this year, and collective global app usage is surging. Android users' screen time stands out significantly, with an increase of 25% above the weekly average from the previous year. As apps continue to be an integral part of how we conduct business and perform sensitive tasks, bad actors are using fake and unethical apps to engage with unassuming mobile users. 
Read More

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all