Recent Posts

Recent Blog Posts

The PhishLabs Blog

PhishLabs expands protection against malicious email spam

Posted by Stacy Shelley on Sep 18, '14

This week, we upgraded our Brand Abuse Lure Protection service to provide comprehensive protection against all cybercrime email lures that abuse the brands of our clients. 

Read More

Topics: Malware, Fraud, Company News, Spam, Brand Abuse Lure

Cybercriminals Find POS Terminals Easy Prey

Over the past few months an abundance of point-of-sale (POS) attacks on major retailers has left millions of consumers’ personal account information vulnerable. The Home Depot, Goodwill, Supervalu grocery chain, Dairy Queen, and the UPS Store were all recently in the spotlight for POS terminal attacks where memory-scraping malware was installed to nab customer information. What is the cause of the uptick in POS attacks and what can be done to mitigate future attacks?    

Read More

Topics: Fraud, Account Takeover, POS Attacks

“Please Try Again” – Trending Tactics in Phishing

Have you ever received this message when logging into an account? Chances are you have and you likely  blamed the “error” on yourself. What did you do next? You probably carefully typed each letter of your password to ensure accuracy. After reading this post, we hope you will think twice about the next request to “please try again.”

With an increase in phishing activity (APWG recently reported a 10.7 percent increase), also comes evolving tactics of deceit. In the past month, PhishLabs' R.A.I.D. (Research, Intelligence, and Analysis Division) observed the rise of intentional errors into scammers' playbooks.

Read More

Topics: Phishing, Fraud, Hacker Tools, Account Takeover

Targeted Wire Transfer Scam Aims at Corporate Execs

PhishLabs has discovered a fraudulent invoice campaign targeting corporate executives. The scammers attempt to convince their targets to wire funds to various accounts controlled by the fraudsters in order to settle the terms and outstanding balances on legitimate invoices from other companies.

What to look for

Emails associated with this campaign follow this characteristic pattern: 

Read More

Topics: Phishing, Fraud, Threat Analysis, Lure, Spam

New Man-in-the-Middle attacks leveraging rogue DNS

New MitM attacks impersonate banking sites without triggering alerts

PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted.

Read More

Topics: Malware, Fraud, Threat Analysis, Threat Intelligence, Rogue DNS, Crimeware

Inside the Phishing Ecosystem: Launching Phishing Attacks

Posted by Stacy Shelley on Mar 18, '14

In a previous post, I explored how fraudsters go about staging phishing attacks. This post reviews how, once staged, phishing attacks are launched.

With the phishing site now staged and active, the cybercriminal needs to trick customers of the targeted institution into visiting the site and divulging credentials and other sensitive information. This means:

  • setting up an emailer (or spamming tool)
  • gathering a list of target emails
  • crafting convincing phishing email messages.
Read More

Topics: Phishing, Fraud, Phish Kit

Anti-Pharming 101: Countering Hosts File Pharming

Posted by Chris Bowen on Mar 11, '14

A few weeks ago, we took our first look into Pharming. We saw some basics about how it can be accomplished and detected. Let’s now take a bit of a deeper dive into the technical aspects that drive it and start talking in more detail about how we can detect and mitigate these types of attacks.

But before we discuss the details of how these attacks work, it is important to understand how a computer obtains an IP address (which is used to actually initiate a connection to a website) from the domain within a URL (such as When a Web user attempts to navigate to a site, their computer can determine an IP address by either consulting a local file of defined mappings, called a hosts file, or by consulting a DNS server on the internet.

Read More

Topics: Phishing, Fraud, Pharming

Phishing attacks up 20 percent in latest APWG report

Posted by Stacy Shelley on Feb 13, '14

APWG has published the recap and analysis of phishing activity in Q3 of last year. Here are some of the highlights from the APWG Phishing Activity Trends Report for the 3rd Quarter of 2013:

  • The volume of phishing attacks rose 20 percent from Q2.
  • There were more than 143,000 unique phishing websites detected in Q3.
  • The number of brands targeted each month averaged ~390 during Q3.
Read More

Topics: Phishing, Malware, Fraud, APWG

Why phishing matters

Posted by John LaCour on Aug 22, '13

Almost every day I speak with a bank somewhere about phishing. I ask them how much of a threat is it, what are they doing about it, and how does it affect their business. Surprisingly, the answers I get vary quite a bit from one organization to another. Most are concerned about the costs of fraud losses. In the US, due to Regulation E, banks must make customers whole when their account is compromised and funds are stolen. Many banks are also concerned about the costs of dealing with phishing and similar attacks. The overhead costs due to fraud are significant. Call centers, fraud investigations, suspicious activity reports (SARS), and other bank functions are involved in managing fraud. Interestingly, not all of the banks we speak to are focused on the brand and reputation effects of phishing as they should be.

Read More

Topics: Phishing, Fraud, Strategy

Phishing site asks to upload image of their driver’s license and phone bill

Posted by John LaCour on May 23, '12

PhishLabs has discovered a new variant of a common phishing page that prompts users to upload a scanned copy of their driver’s license and telephone bill. The scam detected targets customers of a large US bank.

Read More

Topics: Phishing, Fraud, Threat Analysis


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events


Posts by Topic

see all