The PhishLabs Blog

The Evolution of Mobile Banking Trojans… and What To Do About Them (Part II)

Posted by Joshua Shilko on Aug 15, '17

In the last article, we looked at why threat actors have flocked to the mobile space in droves, and which tools they’re using to ply their trade.

And naturally, no discussion of mobile threats would be complete without a detailed look at the most concerning current mobile threat: mobile banking trojans.

Since we’ve already covered the most common functionality, permissions, and distribution mechanisms, it only makes sense to take things a stage further and look at specific banking trojan families. To that end, in this article we’ll be looking at the two of the most widespread families: Marcher and BankBot.

Once we’re through with that, we’ll go over some of the things organizations and individuals can do to avoid falling prey to mobile banking trojans in the future.

Read More

Topics: Phishing, Android, Banking Trojan

The Evolution of Mobile Banking Trojans… and What To Do About Them (Part I)

Posted by Joshua Shilko on Aug 8, '17

Over the past few years the way people interact with the Internet has changed.

In the past, the vast majority of people (over 80 percent) accessed the Internet using Windows desktop and laptop machines, with similar OSX devices taking a distant second spot.

But by the end of 2016, everything had changed. Android mobile devices overtook Windows desktops as the most common means of accessing the Internet.

Naturally, this trend hasn’t gone unnoticed.

Read More

Topics: Phishing, Trojan, Vishing, Rogue Mobile Applications

New Phishing-Based TrickBot Campaign Identified

Posted by Olivia Vining on Jul 20, '17

This week, PhishLabs analysts have detected a new TrickBot campaign that began at approximately 23:30 EST on July 17th, and continued through the evening of July 18th before ending later that night.

Thousands of lures were detected, the bulk of which were sent between 12:30 - 15:30 EST on July 18th.

But let’s back up a little.

In case you missed it first time around, TrickBot is a prominent example of a type of malware known as a Trojan.  Like the Trojan from which it was developed, Dyre, Trickbot is configured to steal banking credentials. 

Once a victim's machine is infected, Trickbot sends bank information to criminals through a complex series of events initiated by one click. Once initiated, TrickBot resides in the background, operating as unobtrusively as possible. As a result, many victims are unaware their machine has been infected.

Read More

Topics: Phishing, TrickBot

New Tech Support Scam Strikes Amazon, eBay, and Alibaba Customers

Posted by Amanda Kline on Jun 28, '17

In a world where new cyber threats seem to develop almost daily, it’s easy to forget that some tactics have stood the test of time.

Since mid-May, PhishLabs has been tracking an ongoing consumer-focused email phishing campaign.

And what tactic have they been using? The dreaded tech support scam.

No matter how much technology develops, threat actors will nearly always default to the simplest tactic that still works. And when it comes to consumer-focused phishing, there’s nothing simpler (and more effective) than a well constructed tech support scam.

Read More

Topics: Phishing

How Phishing Volume Grew in the First Three Months of 2017


For the past several years, we’ve released an annual report during the first quarter of the year detailing precisely how the phishing landscape had evolved during the preceding 12 months.

Read More

Topics: Phishing, PTI Report

Q1 2017 Phishing Trends & Intelligence Report

Posted by Stacy Shelley on Jun 8, '17

We all know that the only constant in life is change, but it is often surprising how quickly we must pivot and re-evaluate what we know to be true. In the words of General Shinseki, former U.S. Army Chief of Staff,  “I f you don’t like change, you’re going to like irrelevance even less.”   
 
What' s most imp ortant is how we respond to the shifts, and, when talking about cyber security, how we continue to effectively mana ge risk in the midst of shifting threats. 
Read More

Topics: Phishing, Phishing Trends and Intelligence Report,

Third DocuSign Phishing Campaign Identified Linked to Email Database Breach

Posted by Olivia Vining on May 19, '17

Since May 9, PhishLabs has tracked multiple phishing campaigns that uses DocuSign branding that lures victims into downloading malicious files.  These campaigns followed a breach of a DocuSign database containing user email addresses.  Each of the campaigns associated with this breach contain similar, yet distinct, characteristics.  The third, and most recent, campaign was launched on May 17. 

Read More

Topics: Phishing, Spear Phishing, DocuSign

How Malicious Domain Correlation is Fueling the Fight Against Phishing

Posted by Lindsey Havens on May 19, '17

In the fight against phishing, there’s far more to think about than simply blocking malicious email.

In fact, as a security vendor, our analysts spend a huge amount of time trying to disrupt the phishing landscape in a way that makes all of us safer.

Read More

Topics: Phishing

Global WannaCry Ransomware Outbreak

Posted by Joseph Opacki on May 12, '17

Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks. 

Read More

Topics: Phishing, Ransomware, WannaCrypt

How to Use URL Pattern Analysis for Phishing Detection & Mitigation

Posted by Lindsey Havens on May 5, '17

When you’re attempting to mitigate the risk of phishing, threat intelligence plays a vital role.

After all, what better way to predict and intercept future phishing attacks than by analyzing past attacks for patterns and indicators?

This post is the second in a series breaking down lessons learned from our recent consumer-focused phishing webinar. In the first post we covered the value of phishing intelligence, and explained how to use source code analysis to link individual phishing sites back to the phishing kits and actors responsible.

Read More

Topics: Phishing, Threat Intelligence

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_

Posts by Topic

see all