Recent Posts

Recent Blog Posts

The PhishLabs Blog

As Screen Time Skyrockets, So Does Threat of Fake Apps

Posted by Jessica Ellis on Nov 25, '20

App downloads fueled by COVID-19 lockdowns leapt to 37.5 billion in Q2 of this year, and collective global app usage is surging. Android users' screen time stands out significantly, with an increase of 25% above the weekly average from the previous year. As apps continue to be an integral part of how we conduct business and perform sensitive tasks, bad actors are using fake and unethical apps to engage with unassuming mobile users. 
Read More

Phishing Campaign Uses Malicious Office 365 App

Posted by Michael Tyler on Nov 25, '20

Most phishing campaigns attempt to take over accounts by tricking the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.

Read More

Topics: Email Incident Response, Office 365

How to Detect Look-alike Domain Registrations

Posted by The PhishLabs Team on Nov 25, '20

Malicious domains are attributed to a wide variety of cyber attacks capable of undermining a brand’s credibility. A spoofed domain is easy and quick to create, and can act as the catalyst for malicious email campaigns and phishing sites. In order to detect and action domain threats targeting your organization, security teams need to implement mature and progressive processes for collection and curation.
Read More

Topics: Domain Threats Playbook, Domains

Encryption to Double Extortion: Ransomware's Rapid Evolution

Posted by The PhishLabs Team on Nov 11, '20

Threat actors are leveraging stolen data to enhance ransomware attacks. Data leaks and ransomware - once considered two distinct threats - are overlapping into a hybrid tactic known as double extortion. While traditional ransomware attacks deny access to valuable systems and data, double extortion threatens to leak sensitive data if the ransom is not paid. 
Read More

Topics: Ransomware, TrickBot, Ryuk

Limited Impact of Phishing Site Blocklists and Browser Warnings

Posted by Stacy Shelley on Nov 6, '20

The life of a phishing site is brief, but impactful. A study published earlier this year found the average time span between the first and last victim of a phishing attack is just 21 hours.  The same study observed the average phishing site shows up in industry blocklist feeds nearly 9 hours after the first victim visit. By that time, most of the damage is done. 

Read More

Topics: Phishing, Digital Risk Protection

$2.3M Stolen from Wisconsin GOP via BEC Attack

Posted by Stacy Shelley on Oct 30, '20

 
With Election Day just around the corner, the Republican Party of Wisconsin  revealed that $2.3M was recently stolen from election funds intended to support the re-election of President Trump.  According to their statement, they are victims of a Business Email Compromise phishing attack that altered invoices to direct payments to accounts controlled by the threat actor.
 
Read More

Topics: Spear Phishing, BEC, Election 2020

Ryuk Ransomware Targeting Healthcare

Posted by The PhishLabs Team on Oct 29, '20

As if the COVID-19 pandemic were not enough, the healthcare sector is now being actively targeted by threat actors using Ryuk ransomware. Yesterday, the FBI issued an increased and imminent cyber threat warning amid growing reports of healthcare providers falling victim to the campaign. The threat actors are using Trickbot (delivered via Emotet) to gain access to target systems and deploy Ryuk. 
Read More

How URL Tracking Systems are Abused for Phishing

Posted by Sean Bell on Oct 28, '20

Widely-used URL tracking systems are often abused in phishing attacks. The domains used by these systems are commonly known and trusted, making them attractive carriers for phishing URLs. To illustrate how it works, this post breaks down a recently-observed phishing attack that uses Google Ads’ tracking system to evade email filters. 
Read More

Planetary Reef: Cybercriminal Hosting and Phishing-as-a-Service Threat Actor

Posted by The PhishLabs Team on Oct 23, '20

PhishLabs is monitoring a threat actor group that has set up fraudulent hosting companies with leased IP space from a legitimate reseller. They are using this infrastructure for bulletproof hosting services as well as to carry out their own phishing attacks. The group, which is based in Indonesia, has been dubbed Planetary Reef. 
Read More

Topics: Domains

Eliminating the Threat of Look-alike Domains

Posted by The PhishLabs Team on Oct 20, '20

There are many ways look-alike domains can be used by threat actors. While business email compromise (BEC) and phishing sites are often top-of-mind for defenders, there are dozens of other uses for look-alike domains. This variation, as well as diverse registrar requirements for removal, can make mitigating look-alike domains a complex, burdensome, and often ineffective process.
 
In this post, we examine steps to mitigate the internal and external risk posed by look-alike domains. 
Read More

Topics: Domain Threats Playbook, Domains

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all