The PhishLabs Blog

The Phishing Email that Fooled Thousands of Trained Users

Posted by Dane Boyd on Mar 9, '17

It’s a sobering moment.

You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results.

But then it happens.

Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it.

Read More

Topics: security awareness training, EDT

How To Avoid Becoming the Next Big Phishing Headline

Posted by Lindsey Havens on Feb 10, '17

After years of research, analysis, and first-hand experience, here's what we’ve learned:

Phishing is a big deal.

Last month we held a webinar, with the aim of helping organizations to fight back against phishing. Hosted by Crane Hassold, our Senior Security Threat Researcher & former FBI analyst, and Dane Boyd, our Lead Solution Manager, this was one of the most comprehensive and entertaining webinars that we have hosted on phishing and security awareness training.

In this article we’ll give you the highlights of the webinar, and help you understand why and how your organization should combat phishing attacks.

Read More

Topics: Phishing, security awareness training, EDT

Building Powerful Security Awareness Training for the Healthcare Industry

Posted by Lindsey Havens on Jan 27, '17

Over the past couple of weeks, we’ve written a lot about the current state of security in the healthcare industry, and why things need to change.

We’ve also covered the main causes of healthcare data breaches, and noted that powerful security awareness training is the most natural starting point for security conscious healthcare organization.

But so far, we haven’t really covered what should be included in a healthcare specific security awareness training program. After all, while some aspects of security are relevant to every industry, healthcare organizations are faced with a few highly specific problems that need to be addressed.

Before we consider what should be included, though, it’s worth looking at things from another perspective.

Read More

Topics: Phishing, security awareness training, EDT, Healthcare

Anatomy of a Healthcare Data Breach

Posted by Lindsey Havens on Jan 19, '17

Healthcare data breaches are becoming an almost daily occurrence.

Last year, the  volume and scale of healthcare data breaches increased more than ever before. In August of 2016, Advocate Health Care, a network of 12 hospitals and over 200 other treatment centers, was hit with a $5.5 million settlement over a series of three data breaches back in 2013.

So what’s going wrong? If you’ve been following this series so far, you’ll know an unprecedented number of threat actors are now targeting the healthcare industry… but how are all these breaches actually happening?

Read More

Topics: security awareness training, EDT, Healthcare

Security Awareness Training: A Recipe for Success

Posted by Jenny Dowd on Jan 4, '17

In recent months we’ve written a lot about security awareness and employee defense training. It’s an involved topic, clearly, and if you’ve taken away anything we hope it will be this:

If you want real, measurable improvements you must test your employees. And when it comes to email security, that means phishing your employees on a regular basis.

In this post, we’ll take a deep dive into a managed employee defense training program, and examine the ins and outs of effective security awareness training. From planning to post-game analysis, here are the best practices for managing your program.

 

Read More

Topics: EDT

When It Comes To Security Awareness – Do You Want A Doctor Or A Personal Trainer?

Posted by Jenny Dowd on May 26, '16

Ahh, employees. They’re your greatest asset and your weakest link.

After all, it takes just one employee to click on a malicious link in a phishing email that leads to a data breach, compromising your entire organization.  No matter how great your training is, the human vulnerability can still be exploited by a crafty phishing email.

And apparently, there’s more than just one employee with risky behavior: the proportion of infections that result from user behaviors is between 70 and 95 percent.

But … why?

Read More

Topics: T2, security awareness training, EDT

Six Steps to Train Your Users to Fight Cybercrime

Posted by Maria O'Dwyer on Apr 7, '16

Stopped in traffic on my commute home it hit me…(not the person texting and driving) but the idea that I’d just been miyagi’d!

Every day I have the pleasure of speaking with Information Security leaders across multiple verticals. I learn about the challenges they face and the Security Awareness Programs that they have implemented to foster a security vigilant environment.

Read More

Topics: Employee Defense Training, security awareness training, EDT

What Makes a Good Simulated Phish?

Posted by Stephanie Fauvelle on Mar 31, '16

Bad_template.png

If your security awareness training provider offers personal banking phishing templates, then it’s a good idea to re-think your provider. Why? Because phishers aren’t sending fraudulent banking alerts to corporate accounts. Besides, who links their bank account to their work email anyway? Phishers continue to up their game, moving away from sloppy phishing emails ripe with spelling mistakes and other recognizable signs to sending craftier, what we’ll call, “lite” spear phish.

Read More

Topics: T2, Phishing Simulation, Employee Defense Training, EDT

Why Your Advanced Spam Filter Isn't Enough

Posted by Stephanie Fauvelle on Mar 29, '16

Advanced spam filters are a wonderful thing. Don’t get me wrong. But they aren’t enough to protect your organization from a phishing attack. If you’ve heard it once, then you’ve heard it a million times, it takes just one employee to click a malicious link or download an infected document to give your IT Support a headache or, much worse, cause a data breach.  

Read More

Topics: Phishing, Spear Phishing, Employee Defense Training, EDT

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all