Recent Posts

Recent Blog Posts

The PhishLabs Blog

Is It a Phish? April 20 Edition

Posted by Elliot Volkman on Apr 20, '18

As you are aware, phishing is certainly not a new cyber threat, yet it continues to be one of the most pervasive and costly to businesses and consumers. With nearly endless examples, we have decided to develop a new series that not only highlights some of these attacks, but also sharing helpful tips along the way for spotting them.

Read More

Topics: Phishing, Phishing Simulation, Phish

Silent Librarian University Attacks Continue Unabated in Days Following Indictment


On Friday, March 23, nine Iranian threat actors were indicted for stealing massive quantities of data from universities, businesses, and governments all over the world.

If you’ve been following our blog (or the news), you already know the actors are associated with an organization called the Mabna Institute, and are responsible for stealing more than 31 terabytes of data over the past four and a half years. To put that number in context, you’d need to cut down more than 1.5 million trees to make enough paper to print out all of the stolen data.

Read More

Topics: Phishing, Spear Phishing, silent librarian

How Universities Should Respond to Iranian Hacking Charges


Last week, news broke that an Iranian hacker network, Mabna Institute, had been systematically stealing data from universities across the US and abroad.

It’s unclear precisely how much data has been compromised, but it has been estimated to have cost US universities around $3.4 billion dollars to collect and maintain.

While the administration has announced sanctions and criminal indictments against the group, it’s highly unlikely any of the actors involved will receive punishment.

So if you happen to work for a university, or be responsible in some capacity for the data security of a university, you’d be forgiven for wondering “…What now?

Read More

Topics: Phishing, Spear Phishing

New Variant of BankBot Banking Trojan Ups Ante, Cashes Out on Android Users

Posted by Joshua Shilko on Mar 13, '18

A newly observed variant of BankBot has been discovered masquerading as Adobe Flash Player, Avito, and an HD Video Player. This variant, now detected by PhishLabs as BankBot Anubis, was first identified on March 5, 2018. 

Read More

Topics: Phishing, Banking Trojan, BankBot Anubis

How To Fight the War Against Phishing

Posted by Dane Boyd on Feb 20, '18

Making the move from the typical security awareness training approach to a powerful anti-phishing program isn’t an easy sell.

Executive boards are used to basic training programs with boring annual sessions, and (let’s be honest) minimal results… with correspondingly tiny budget approvals. So when they finally do agree to a more in-depth program, there’s a tendency to expect results overnight.

The trouble is, training users to spot and report phishing emails isn’t an overnight fix. And trying to realize dramatic results in a short timescale is a surefire way to hamstring your program.

Read More

Topics: Phishing, Employee Defense Training

How Security Teams Handle Malware Analysis

Posted by Elliot Volkman on Feb 16, '18

During our webinar focused on the Qadars Banking Trojan there was a great deal of analysis provided on just how evasive the threat is.  This begs the question, how does your team handle malware analysis?

Read More

Topics: Phishing, Qadars, Threat Monitor

Who Says Holiday Romance is Dead? Catphishers, That’s Who

Posted by Lindsey Havens on Feb 14, '18

It’s that time of year again.

A day of romance, crowded restaurants, overblown gestures of love, and…

Well. You get the idea.

For those of us in the security world there’s another, less enjoyable component to Valentine’s Day. Yes, even less enjoyable than trying to share a romantic meal while sitting less than a foot away from four other couples.

Yes, I’m talking about holiday themed phishing scams. We’ve written about this precise topic many times before (including last Valentine’s Day) but so far we’ve never tackled the specific scams that surround this romance-centric annual event.

So before you send those dutch-courage fueled love notes, just take a moment to consider…

Read More

Topics: Phishing, Spear Phishing, Employee Defense Training

7 Reasons Why Spotting a Phishing Email is Just the Beginning

Posted by Dane Boyd on Feb 6, '18

bigstock-Portrait-Of-Businessman-With-C-80860418.jpgIn most organizations, a user who can identify and delete phishing emails is considered a huge asset.

And, let’s be honest, they’re certainly a big step in the right direction. Users who can't spot a simple phishing email can easily jeopardize the security of an entire organization, even with a comprehensive set of technical security controls in place.

But in our eyes, there’s still a long way for these users to go. Deleted phish are better than clicked phish, but they shouldn’t be the end goal.

Read More

Topics: Phishing, Employee Defense Training, security awareness training

The 11 Types of Reported Emails

Posted by Elliot Volkman on Jan 18, '18

You receive an email, you are unfamiliar with the sender’s name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.

Read More

Topics: Phishing, security awareness training, Threat Monitor

Getting Past Gotcha: Reframing Anti-Phishing Training

Posted by Dane Boyd on Jan 9, '18

If you’ve been following our blog for a while, you’ll already be aware of our stance on anti-phishing training.

Experience has taught us that the only way to reliably improve a user’s ability to spot and report phishing emails is to test them in the real world. To put it another way, they need to see realistic phishing emails in their inbox on a regular basis… and you need to put them there.

It’s tempting (oh so tempting…) to treat this as a gotcha exercise.

Read More

Topics: Phishing, Phishing Simulation, security awareness training

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all