The PhishLabs Blog

Each year in the month of October there are more things to be cognizant of than ghosts and ghouls, in fact something far scarier. That’s right, Cyber Security Awareness month is back, and with it our team is bringing you some new and updated resources. 

This month marks the 15 anniversary of the awareness program that DHS continues to lead.

“NCSAM 2018 is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online, while increasing the resiliency of the Nation during cyber-threats.” You can access the official NCSAM toolkit here.

When it comes to social media, there is a fine line between letting people know your holiday plans and just plain handing over personal sensitive information for unscrupulous people to use it against you. For instance, if you upload a photo announcing you will be away with your family for some time, once you return from your trip and realize your possessions have been stolen, it’s too late. Insurance companies won’t make it any easier on you either since they will review all your online activity and argue you didn’t properly secure your possessions and mark the claim as “ineligible for compensation”. How? Sometimes, oversharing is like leaving the front door unlocked: you’ve given the opportunity for anyone to enter your home.

Social media is impacting the world around us.

Most organizations have social media accounts, cloud-based drives, access cloud platforms, are filled with employees who use messengers like Slack, and tap into any other piece of the ever expanding digital world.

Because of the growth rate of each of these types of technology and the associated user adoption, ideal security best practices and tools are still sorely lagging behind in place of innovation. Because of this, any user, and in particular executives or the C-suite with keys to the castle, are constantly a potential target to threat actors.

There are many misconceptions about the dark web and what goes on in the digital underground. Though the dark web is usually associated with criminal activities including drug dealing, human trafficking, selling counterfeit consumer goods and many other malicious acts, not everything in the dark web is completely dark.

The most likely way that you will be compromised online is through a simple phish or a socially engineered attack. Today, these two techniques are often combined to create an even more threatening attack, an intelligently targeted phish.

Big or small, global or local, almost every organization uses some form of technology, and therefore has security needs within it. Due to the nature of the work and variables in play, metrics and success are often a subjective matter from organization to organization.

Exposing your geolocation information publicly can lead to increased personal and business risk. This is particularly important to note in the wake of Google's location tracking, even if you explicitly told them not to.

After months of talks, budget approvals, and getting stakeholder buy in, you finally have the security awareness tool of your choice ready to be used. You get some welcome emails, an onboarding conversation with a customer account manager, and then…..?

Over the past few years mobile banking trojans have been a persistent threat.

While Windows desktops and laptops once made up the lion’s share of Internet traffic, mobile devices (particularly Android) have long since become the most common means of browsing the web.

With banking trojans now incorporating such a wide range of malicious functionality, it’s hardly surprising they have become a favorite among malicious actors.

Each year in our Phishing Trends and Intelligence (PTI) report our team highlights the continued growth and impact email-based phishing attacks continue to have on brands and people around the globe. In following these trends, email-based attacks are still steadily growing in numbers; however, this begs the question of what the future holds.

More specifically, at what point will phishing emails plateau and something else take its place?