Recent Posts

Recent Blog Posts

The PhishLabs Blog

You Reported a Potential Phish, Now What? [Webinar Recap]

Posted by Elliot Volkman on Dec 28, '17

Have you ever wondered what happens after a phish gets reported? Does it simply fall into a blackhole? That’s what PhishLabs set out to answer during this month’s webinar. 

As you are likely aware, 95 percent of data breaches, an event that occurs on a daily basis, are the direct result of phishing attacks. For as old as phishing is, it continues to be a cyber security threat because it continues to be effective and technology alone can’t combat email attacks. This is not to mention the rise in other phishing attempts through the likes of social media, messengers, and even gaming systems. 

Read More

Topics: Phish, Webinar, Threat Monitor

A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?


The push for more widespread adoption of HTTPS has been in full-force this year as a way to increase the number of websites that securely transmit information on the Internet. In January, both Chrome and Firefox browsers began alerting users whenever sensitive information, such as passwords or credit card information, was entered on a non-HTTPS web page. In October, Google took this a step further by displaying a “Not Secure” label in the URL bar whenever a user enters any text on an HTTP website.

Read More

Topics: Threat Intelligence, Phishing Trends and Intelligence Report,, Phish

Enterprise Credential Theft: How to Spot a Phish


Today, we are going to look at a phish that takes advantage of the massive user base of Office 365 products. It’s safe to speculate that this phish is specifically targeting enterprise employees given most users of Office 365 products are using it for business purposes.

Read More

Topics: Phishing, Phish

The Impact of Phishing, and Why it Should be Your #1 Priority

Posted by Joseph Opacki on Oct 4, '17

Nation states. Hacktivists. Cyber criminals.

There are so many players in the modern threat landscape it can be hard to keep up.

And the number of threats? Practically too many to count.

By the time you’ve secured your organization against password reuse, DDoS, and crimeware attacks, your resources are likely so diminished there’s no point even thinking about what else could be out there.

But there’s a problem. An elephant in the room, if you like.

There’s one threat vector that gets minimal attention, and even less budget… and yet is a common factor in almost every data breach you’ve heard about in the last decade.

Read More

Topics: Cyber Security Awareness Month, Phish

"Phish For The Future" is Perfect Example of Advanced Persistent Phishing

Posted by Stacy Shelley on Sep 29, '17

 

The Electronic Frontier Foundation (EFF) has reported that activists at Free Press and Fight for the Future were hit over the summer with a targeted spear phishing campaign that involved nearly 70 phishing attempts. If you haven't read their report, you should. Very few organizations would come out of the same situation unscathed.

Read More

Topics: Spear Phishing, Phish, EFF, Advanced Persistent Phish

The Mobile Phishing Threat You’ll See Very Soon: URL Padding


The fact that hackers are increasingly targeting mobile devices isn’t exactly a secret.

And really, it’s not surprising either. After all, most of us are practically glued to our smartphones throughout the day.

An SMS arrived? Better read it straight away.

New email? Let me at it.

Somebody I don’t care about updated their Facebook status? Great, let’s see what they’re up to.

The increased attack volume we’re seeing directed at mobile devices is really nothing more than recognition on the part of threat actors that mobile devices account for an increasingly large proportion of web traffic… but aren’t nearly as well protected as PCs and laptops.

So with all that in mind, it shouldn’t be terribly surprising that we have a new mobile phishing threat to tell you about.

Read More

Topics: Mobile, Phish

The 2017 Phishing Trends & Intelligence Report is now available!

Posted by Joseph Opacki on Feb 7, '17

On behalf of the PhishLabs R.A.I.D., I'm proud to announce that the 2017 Phishing Trends & Intelligence Report has been released. As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening. 

Read More

Topics: Phishing, Threat Intelligence, Phishing Trends and Intelligence Report,, Phish, PTI Report

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all