The PhishLabs Blog

How and Why the Phishing Threat Landscape Has Changed

Posted by Lindsey Havens on Mar 24, '17

Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.

It was a serious threat, of course, but it had become somewhat… predictable.

But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.

Read More

Topics: Phishing, Phish Kit, Ransomware, PTI Report

Beyond .COM: Analysis of Phishing Domains in 2016


In the past few years, you’ve no doubt started to see some pretty strange website suffixes.

You know the ones we mean. It isn’t just .COM, .ORG, and .NET anymore. Now you’ve started seeing .XYZ .NEWS .STUDIO and plenty of others.

Read More

Topics: Phishing, PTI Report

APWG & Kaspersky Research Confirms Phishing Trends & Intelligence Report Findings

Posted by Lindsey Havens on Mar 2, '17

“For any study or research project, the ultimate assessment of validity is independent duplication of results.”

This quote was the first line of an email I received a few days ago from Crane Hassold, our senior security threat researcher at PhishLabs.

And since we’ve recently published our annual Phishing Trends & Intelligence (PTI) report, I was interested to learn more.

Read More

Topics: Phishing, PTI Report

Anatomy of a Phishing Attack: How Phish Kits Evolved in 2016

Posted by Lindsey Havens on Feb 23, '17

At this point, most organizations are already aware of phishing. No matter what industry you’re in, phishing is one of the top cyber threats you’ll face in 2017.

But for most people, the threat actors responsible for phishing attacks are something of a mystery. They picture a faceless, hooded specter, hidden somewhere in the dark recesses of the Internet.

Read More

Topics: Phishing, Phish Kit, PTI Report

Shooting Gallery: A Breakdown of Phishing Targets in 2016

Posted by Lindsey Havens on Feb 21, '17

Many organizations assume they won’t be targeted by phishers.

After all, they aren’t financial institutions, or retail outlets, or e-payment services, so why would anyone target them?

And we get it. Your security budget is only so big, and you have to make decisions about where to allocate it. You can’t cover all your bases all the time.

But the phishing landscape has moved, and the old ‘rules’ don’t apply anymore.

Read More

Topics: Phishing, PTI Report

The Sinister New Trend in Phishing (and Why You Should Care)

Posted by Lindsey Havens on Feb 14, '17

Unless you’ve been living under a rock for the past decade, you’ve already heard of phishing.

You probably have an idea of how it works. Perhaps you’ve even spotted a few suspicious emails in your inbox.

Security conscious organizations have been concerned about phishing for a long time. Many have been actively teaching employees to recognize and report phishing emails on sight.

Read More

Topics: Phishing, PTI Report

How To Avoid Becoming the Next Big Phishing Headline

Posted by Lindsey Havens on Feb 10, '17

After years of research, analysis, and first-hand experience, here's what we’ve learned:

Phishing is a big deal.

Last month we held a webinar, with the aim of helping organizations to fight back against phishing. Hosted by Crane Hassold, our Senior Security Threat Researcher & former FBI analyst, and Dane Boyd, our Lead Solution Manager, this was one of the most comprehensive and entertaining webinars that we have hosted on phishing and security awareness training.

In this article we’ll give you the highlights of the webinar, and help you understand why and how your organization should combat phishing attacks.

Read More

Topics: Phishing, security awareness training, EDT

The 2017 Phishing Trends & Intelligence Report is now available!

Posted by Joseph Opacki on Feb 7, '17

On behalf of the PhishLabs R.A.I.D., I'm proud to announce that the 2017 Phishing Trends & Intelligence Report has been released. As with last year's edition, the report provides first-hand, in-depth view of the events and trends that are shaping the phishing threat landscape. It provides insight into the major trends, tools, and techniques used by threat actors to carry out phishing attacks. It also provides the context and perspective needed to understand why these changes are happening. 

Read More

Topics: Phishing, Threat Intelligence, Phishing Trends and Intelligence Report,, Phish, PTI Report

Building Powerful Security Awareness Training for the Healthcare Industry

Posted by Lindsey Havens on Jan 27, '17

Over the past couple of weeks, we’ve written a lot about the current state of security in the healthcare industry, and why things need to change.

We’ve also covered the main causes of healthcare data breaches, and noted that powerful security awareness training is the most natural starting point for security conscious healthcare organization.

But so far, we haven’t really covered what should be included in a healthcare specific security awareness training program. After all, while some aspects of security are relevant to every industry, healthcare organizations are faced with a few highly specific problems that need to be addressed.

Before we consider what should be included, though, it’s worth looking at things from another perspective.

Read More

Topics: Phishing, security awareness training, EDT, Healthcare

The Uphill Battle of the Healthcare CISO

Posted by Lindsey Havens on Jan 12, '17

Let’s face it, being a healthcare CISO isn’t an easy job. The environments are complex, the staff are almost exclusively non-technical, and as of 2015 healthcare is officially the most attacked industry.

But what is it about healthcare that makes it so uniquely difficult to secure? If gambling websites and financial institutions can (for the most part) avoid major breaches, why can’t hospitals and private clinics?

Read More

Topics: Phishing, security awareness training, Healthcare

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_