Recent Posts

Recent Blog Posts

The PhishLabs Blog

Royal Ripper: Multi-Stage Phishing Attack Adapts to Victim Input

Posted by The PhishLabs Team on Sep 24, '20

PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers. The threat actor behind the attacks has been designated Royal Ripper. The initial stage of the attack harvests personal information and the sort code of the victim’s bank. It then uses the sort code to redirect the victim to a second phishing site that poses as their bank. This progression allows the threat actor to use a non-banking lure to draw in victims and ultimately steal their online banking credentials. 
Read More

Topics: Digital Risk Protection

Navigating Social Media Threats : A Digital Risk Protection Playbook

Posted by Jessica Ellis on Sep 2, '20

Social media is rapidly growing as a preferred channel for threat actors targeting enterprises with malicious campaigns. Half of the global population uses social media, and a post containing sensitive data or impersonating a high-level executive can be shared instantly, for 3.8 billion people to see. 
Read More

Topics: Social Media Threats

Data Leaks in 2020: Accelerated Digital Transformation Exposes Enterprises

Posted by Jessica Ellis on Aug 20, '20

The digital presence of today's enterprise looks very different than it did earlier in the year. The COVID-19 pandemic is forcing rapid change on how many businesses use technology. From transitioning to remote workforces to delivering new online services, digital transformation initiatives that would normally span years are happening in weeks and months. Under these conditions, the likelihood of experiencing a major incident due to data leakage is very high. So much so that a recent Gartner Emerging Technologies Report highlighted data leakage as a primary concern. 
Read More

Topics: Data Breach, Digital Risk Protection, Data Leak Detection, Data Leakage

Gartner Releases Emerging Tech Report: Critical Insights into Digital Risk Protection

Posted by Tricia Harris on Aug 4, '20

Driven by expanding use cases, approachable intelligence, and the incorporation of premium services, demand for Digital Risk Protection Services (DRPS) has grown over the last 12 months and continues to increase.

Read More

Topics: Digital Risk Protection, DRP, Gartner

Account Takeover Attacks Cause Chaos @ Twitter

Posted by Stacy Shelley on Jul 16, '20

On Tuesday afternoon, dozens of high-profile Twitter accounts were hijacked to promote cryptocurrency scams. Threat actors took over the accounts of Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, and many others. Corporate Twitter accounts were also hijacked, including those belonging to cryptocurrency companies. What does this mean for enterprises and their security teams?
Read More

Topics: Account Takeover, Social Media Monitoring, Digital Risk Protection, Social Media Threats, executive impersonation

Gartner Releases 2020 Hype Cycle for Security Operations

Posted by Elliot Volkman on Jul 14, '20

Digital Risk Protection has emerged as a critical new capability for security teams. It protects critical digital assets and data from external threats across surface, dark, and deep web sources.

Read More

Topics: Digital Risk Protection, DRP, Gartner

Spoofed Domains Present Multifaceted, Growing Problems for Enterprises

Posted by Jessica Ellis on Jul 9, '20

Threat actors are increasingly registering new domains to launch malicious campaigns against enterprises. Identifying suspicious domains, as well as monitoring existing ones for changes, is an overwhelming and reactive task for many organizations. In order to minimize the risk spoofed domains pose, security teams must be able to efficiently detect abuse and understand what is required to mitigate threats. 
Read More

Executive Impersonation Techniques on Social Media

Posted by Jessica Ellis on Jun 22, '20

Threat actors are masquerading as executives on social media for purposes of stealing credentials and damaging popular brands.  Today, many executives have accounts on these platforms to network as well as post content promoting their companies.
Read More

Topics: Social Media Threats

Abuse of HTTPS on Nearly Three-Fourths of all Phishing Sites

Posted by Elliot Volkman on Jun 16, '20

Since 2015, PhishLabs has and continues to track how threat actors abuse HTTPS or SSL certs. In particular, threat actors often use HTTPS on their phishing sites to add a layer of legitimacy, better mimic the target site in question, and reduce being flagged or blocked from some browsers. 

Read More

Topics: APWG, https

FBI Warns of Growing Mobile Banking App Threats

Posted by Jessica Ellis on Jun 12, '20

The Federal Bureau of Investigation (FBI) published a public service announcement Wednesday warning the public of anticipated cyber attacks that exploit increased usage of mobile banking apps. The advisory comes at a time when a vast majority of Americans are working from home due to social distancing, and as a result, rely more on mobile apps to do their banking. According to the report, there has been a 50% increase in mobile banking activity since the beginning of 2020. Threat actors are aware of this trend and are capitalizing on it.
Read More

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all