Recent Posts

Recent Blog Posts

The PhishLabs Blog

Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack

Posted by Stacy Shelley on Jan 24, '20

Social media account compromise is nothing new. If you haven’t had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix, almost two-thirds of US adults have had at least one social media account hacked. Another report found that 53% of social media logins are fraudulent.

Read More

Topics: social media, Digital Risk Protection

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

Posted by Max Ickert on Jan 16, '20

On August 30, Twitter CEO Jack Dorsey became the most notable victim of one of the fastest-growing cyber threats: SIM Swapping. SIM Swap Attacks are increasing because they only require social engineering and access to a SIM card, which makes it another form of phishing.

Read More

Topics: 2 factor, Sim Swap

New Webinar: Inside the World of Social Media Phishing: Financial Scams

Posted by Elliot Volkman on Jan 14, '20

On a daily basis, most people will use some form of social media. From checking photos of your friends and pets, to communicating with coworkers and loved ones, social media is a large part of the connected world.

Unfortunately, this also means that the more social media is used, the more likely that threat actors will try to exploit it. 

Read More

Topics: Phishing, social media, Digital Risk Protection

Threat Actor Abuses Mobile Sensor to Evade Detection

Posted by Trey George on Jan 9, '20

Every day our teams analyze millions of phish across the web, detected through emails, social media, text messages, and most other common digital vectors. Many phishing sites are easy to review and analyze. However, some threat actors that we track take steps to hide their attacks from people other than their intended victims. This is a defense mechanism that makes it harder to analyze their techniques, allowing them to keep their campaigns active for longer periods of time.

Read More

Topics: Digital Risk Protection

New White Paper: BEC Attacks are the Most Costly Form of Phishing

Posted by Elliot Volkman on Jan 7, '20

Business Email Compromise (BEC) attacks have plagued organizations all over the world for almost a decade. In fact, the phishing threat has become so pervasive and effective for threat actors that the reported losses to date have already hit more than $26 billion. 

Read More

Topics: BEC

The Training Evaluation Conundrum

Posted by Kimber Bougan on Jan 3, '20

Stakeholders expect to see a return on their investment in training. In some cases though, they struggle to conceptualize the best way to evaluate the effectiveness of their security awareness training. They are in good company. Training evaluations can be complex, expensive, elusive, and baffles even seasoned pros.

Read More

Topics: security awareness training

Beyond Marketing: Getting Ahead of Brand Issues

Posted by Elliot Volkman on Dec 27, '19

Today’s marketing organization uses countless SaaS-based tools and platforms that live outside of an organization’s network. As their digital footprint grows, so does their potential for digital risks targeting their enterprise, brands, and customers. Even if they don’t join the latest social media platform, in most cases there are not proper security systems in place to ensure a person or brand is even verified. They just can’t scale with pesky things like security and privacy controls in place.

Read More

How to Handle Brand Impersonation on Social Media

Posted by Elliot Volkman on Dec 19, '19

Social media is undoubtedly a huge asset to modern organizations. It helps them spread their message, promote their products and services, and communicate directly with customers, and users.

Read More

Topics: social media

Phishing Campaign Uses Malicious Office 365 App

Posted by Michael Tyler on Dec 9, '19

Most phishing campaigns attempt to take over accounts by tricking the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.

Read More

Topics: Email Incident Response, Office 365

Unique Countermeasures in Active Phishing Campaign Avoids Security Tools

Posted by Michael Tyler and Saurabh Galagali on Dec 5, '19

PhishLabs’ Email Incident Response analysts recently identified a phishing campaign leveraging novel tactics in the ongoing war between threat actors and security teams. In addition to presenting a unique twist on a popular lure theme, the campaign leverages a clever combination of tactics by attackers attempting to defeat email security technologies to great effectiveness.

Read More

Topics: Email Incident Response, Office 365

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all