Recent Posts

Recent Blog Posts

The PhishLabs Blog

How To Change Security Behaviors: Mobile Security

Posted by Dane Boyd on Jun 13, '18

Let’s be honest, security has never been simple.

Read More

Topics: Mobile

Mobile Adoption is Setting Security Awareness Training Back

Posted by Elliot Volkman on May 24, '18

Phishing is one of the oldest forms of cyber attacks, but until recent years it was commonly thought of as an entirely desktop attack vector. This was primarily due to the flow of web traffic coming through laptops and desktop computers; however, the overtaking of mobile traffic has also drawn the attention of threat actors.

Read More

Topics: Mobile, security awareness training, Rogue Mobile Applications

The Mobile Phishing Threat You’ll See Very Soon: URL Padding

The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.

Read More

Topics: Mobile, Phish

Marcher and Other Mobile Threats: What You Need to Know

Posted by Joshua Shilko on May 26, '17

When most people think about cyber risk, they think primarily of their organization’s servers, PCs, and laptops, and how they might be vulnerable to attack.

But in recent years, the way in which users interact with the outside world has changed. In March this year, for the first time ever, Android overtook Windows to claim the largest share of Internet traffic.

And naturally, where users go, threat actors will surely follow.

Read More

Topics: Mobile, Rogue Mobile Applications, Mobile Crimeware

FFIEC issues new guidance on mobile risks

Posted by Stacy Shelley on May 2, '16

This past Friday, the Federal Financial Institutions Examination Council (FFIEC) released new guidance to banks, credit unions, and other financial institutions regarding mobile financial services (MFS). These are the services that institutions provide to their customers through mobile devices, such as electronic payments, remote deposits, mobile apps, etc.

Read More

Topics: ATO, Mobile, Compliance, FFIEC

Fraudster Phishing Users with Malicious Mobile Apps

Posted by Joshua Shilko on Apr 25, '16

Since the beginning of 2016, PhishLabs has observed a number of malicious mobile applications targeting users of popular payment card companies and online payment sites.  These attacks combine traditional, browser-based phishing attacks with the mobile platform in order to create convincing mobile applications. These applications claim to afford the user access to their accounts directly from their mobile device; however, their only functionality is the capability to collect credentials and personal information and deliver that stolen information to the attacker. Our research has indicated that these malicious applications have been created by the same actor or group of actors.

Read More

Topics: Phishing, Brand Abuse Lure, Mobile

Mobile Spyware: Who is Reading Your Text Messages and Why?

Posted by Jason Davison, Threat Analyst on Jan 14, '16

Find me on 

PhishLabs has recently discovered and analyzed a malicious mobile application that is being actively distributed via a SMiShing (phishing via text message) campaign which attempts to hijack two-factor authentication (one time password) by viewing the victim’s SMS messages.

Read More

Topics: Mobile, Spyware


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events


Posts by Topic

see all