Recent Posts

Recent Blog Posts

The PhishLabs Blog

Evasion Techniques: Geoblocking by IP

Posted by Trey George on Feb 20, '20

In order to increase the lifespan of their campaigns, most threat actors implement evasion techniques to keep their activity from being detected by defenders and their intelligence tools. In this blog post, we'll take a look at how geoblocking by IP is used.

Read More

Topics: Phish, blocking, geoblocking

Breakfast, Lunch, and Bourbon at RSA Conference 2020

Posted by Stacy Shelley on Feb 11, '20

Heading to RSA in a few weeks? If you are, be sure to spend some time with PhishLabs while you're there. This year we are hosting several events for security leaders and practitioners. Come relax with a glass of quality bourbon, get a break from the crowds, catch up with old friends, and make some new ones.

Read More

Social Media Phishing: Beyond Credential Theft

Posted by Elliot Volkman on Jan 31, '20

In the past few weeks, our team highlighted how social media is abused by threat actors seeking to steal credentials and to administer phishing attacks. While these are both two of the most prominent cybersecurity threats distributed through social media, there are some other tactics in play, too.

Read More

Why You Should Take Social Media Account Takeover as Seriously as a BEC Attack

Posted by Stacy Shelley on Jan 24, '20

Social media account compromise is nothing new. If you haven’t had an account hacked in the past, most of us know someone who has. According to a study by the University of Phoenix, almost two-thirds of US adults have had at least one social media account hacked. Another report found that 53% of social media logins are fraudulent.

Read More

Topics: social media, Digital Risk Protection

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

Posted by Max Ickert on Jan 16, '20

On August 30, Twitter CEO Jack Dorsey became the most notable victim of one of the fastest-growing cyber threats: SIM Swapping. SIM Swap Attacks are increasing because they only require social engineering and access to a SIM card, which makes it another form of phishing.

Read More

Topics: 2 factor, Sim Swap

New Webinar: Inside the World of Social Media Phishing: Financial Scams

Posted by Elliot Volkman on Jan 14, '20

On a daily basis, most people will use some form of social media. From checking photos of your friends and pets, to communicating with coworkers and loved ones, social media is a large part of the connected world.

Unfortunately, this also means that the more social media is used, the more likely that threat actors will try to exploit it. 

Read More

Topics: Phishing, social media, Digital Risk Protection

Threat Actor Abuses Mobile Sensor to Evade Detection

Posted by Trey George on Jan 9, '20

Every day our teams analyze millions of phish across the web, detected through emails, social media, text messages, and most other common digital vectors. Many phishing sites are easy to review and analyze. However, some threat actors that we track take steps to hide their attacks from people other than their intended victims. This is a defense mechanism that makes it harder to analyze their techniques, allowing them to keep their campaigns active for longer periods of time.

Read More

Topics: Digital Risk Protection

New White Paper: BEC Attacks are the Most Costly Form of Phishing

Posted by Elliot Volkman on Jan 7, '20

Business Email Compromise (BEC) attacks have plagued organizations all over the world for almost a decade. In fact, the phishing threat has become so pervasive and effective for threat actors that the reported losses to date have already hit more than $26 billion. 

Read More

Topics: BEC

The Training Evaluation Conundrum

Posted by Kimber Bougan on Jan 3, '20

Stakeholders expect to see a return on their investment in training. In some cases though, they struggle to conceptualize the best way to evaluate the effectiveness of their security awareness training. They are in good company. Training evaluations can be complex, expensive, elusive, and baffles even seasoned pros.

Read More

Topics: security awareness training

Beyond Marketing: Getting Ahead of Brand Issues

Posted by Elliot Volkman on Dec 27, '19

Today’s marketing organization uses countless SaaS-based tools and platforms that live outside of an organization’s network. As their digital footprint grows, so does their potential for digital risks targeting their enterprise, brands, and customers. Even if they don’t join the latest social media platform, in most cases there are not proper security systems in place to ensure a person or brand is even verified. They just can’t scale with pesky things like security and privacy controls in place.

Read More

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all