Recent Posts

Recent Blog Posts

The PhishLabs Blog

Have We Conditioned Web Users to be Phished?


Have the well-meaning recommendations of the security community made web users more vulnerable to cyber attacks? Have we conditioned people to be phished?

The HTTPS Paradox

You know that little green padlock symbol that appears in your browser’s URL bar every now and then? What do you think it means?

Read More

Topics: Phishing, Cyber Security Awareness Month

Final Review: How to Spot a Phish Video Series

Posted by Lindsey Havens on Oct 31, '17

In observance of National Cyber Security Awareness month, we released several videos to help employees and consumers spot a phish. In the final video, we take a look at a number of phish to apply what we have learned. To view all videos released in this series, visit this page: https://info.phishlabs.com/2017-cyber-security-awareness-month

Read More

Topics: Cyber Security Awareness Month, CyberAware

URL Analysis: How to Spot a Phish Video

Posted by Nicole Garrigan on Oct 24, '17

In observance of National Cyber Security Awareness month, we are releasing several videos to help employees and consumers spot a phish. In the third video, we discuss hovering over a link in a email to analyze the URL before clicking. To view all videos released in this series, visit this page: https://info.phishlabs.com/2017-cyber-security-awareness-month

Read More

Topics: Cyber Security Awareness Month, CyberAware

Credential Theft: How To Spot a Phish

Posted by Amanda Kline on Oct 19, '17

When people think about phishing, their mind often turns immediately to ransomware. And for good reason. After all, there have been dozens of high profile ransomware attacks in recent months.

But you know what? An even greater proportion of phishing lures don’t contain ransomware. Instead of extorting money from you, they have an ulterior motive: they’re designed to steal your identity.

Well, OK. They’re designed to steal your login credentials… but in reality that isn’t far short of stealing your identity.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

Email Sender Domain: How to Spot a Phish Video

Posted by Lindsey Havens on Oct 18, '17

In observance of National Cyber Security Awareness month, we are releasing several videos to help employees and consumers spot a phish. In the second video, we take a look at the  sender's email address to help spot a potentially malicious email. To view all videos released in this series, visit this page: https://info.phishlabs.com/2017-cyber-security-awareness-month

Read More

Topics: Cyber Security Awareness Month, CyberAware

Tech Support Scams: How To Spot a Phish

Posted by Amanda Kline on Oct 17, '17

Originating in India around 2008, tech support scams are a simple and effective way of preying on individuals’ fear.

In its earliest form, the tech support scam involved a scammer cold-calling English speaking countries, and claiming to represent Microsoft Technical Support. The victim would be informed that their machine was infected with malware, and that the caller would help them remove it if granted access to the machine.

Naturally, once access was granted, the scammer would “fix” the problem and promptly demand payment.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

Nigerian 419 Scams: How to Spot a Phish

Posted by Amanda Kline on Oct 11, '17

All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works.

Today, we’re a true phishing classic: Nigerian 419 scams.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

BEC Scams: How to Spot a Phish


All through October, in aid of National Cyber Security Awareness Month (#CyberAware) we’re putting phishing under the microscope. In each post we’ll take a close look at one specific type of phishing, including the actors responsible, who it targets, and how/why it works.

Read More

Topics: Threat Analysis, Cyber Security Awareness Month

How to Spot a Phish Video: Spotting Red Flags

Posted by Lindsey Havens on Oct 9, '17

In observance of National Cyber Security Awareness month, we are releasing several videos to help employees and consumers spot a phish. In this first video, we are going to look at red flags that would identify an email as unsafe. 

Read More

Topics: Cyber Security Awareness Month, CyberAware

Ransomware: How to Spot a Phish


Phishing has no limits. Everyone that uses email to communicate will at some point be the recipient of a phishing email. In the spot a phish series we'll be taking a closer look at some phishing lures to help you mentally prepare for these attacks before they hit your inbox. 

Content Clues

The first lure is representative of a vast majority of lures that we see. For starters, it capitalizes on the universal language of money. Because this is a mass distributed phish, the threat actor needs to find a commonality among the recipients.  For this reason, we see the use of "invoice attachments" employed exhaustively.  Lures in all languages utilize this tactic.  One would think this practice would get old and at some point become ineffective but it must be producing results for cybercriminals; otherwise, why would they keep it up?

Read More

Topics: Cyber Security Awareness Month, CyberAware

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all