Recent Posts

Recent Blog Posts

The PhishLabs Blog

How To Fight the War Against Phishing

Posted by Dane Boyd on Feb 20, '18

Making the move from the typical security awareness training approach to a powerful anti-phishing program isn’t an easy sell.

Read More

Topics: Phishing, Employee Defense Training

How Security Teams Handle Malware Analysis

Posted by Elliot Volkman on Feb 16, '18

During our webinar focused on the Qadars Banking Trojan there was a great deal of analysis provided on just how evasive the threat is.  This begs the question, how does your team handle malware analysis?

Read More

Topics: Phishing, Qadars, Threat Monitor

Who Says Holiday Romance is Dead? Catphishers, That’s Who

Posted by Lindsey Havens on Feb 14, '18

It’s that time of year again.

A day of romance, crowded restaurants, overblown gestures of love, and…

Well. You get the idea.

For those of us in the security world there’s another, less enjoyable component to Valentine’s Day. Yes, even less enjoyable than trying to share a romantic meal while sitting less than a foot away from four other couples.

Yes, I’m talking about holiday themed phishing scams. We’ve written about this precise topic many times before (including last Valentine’s Day) but so far we’ve never tackled the specific scams that surround this romance-centric annual event.

So before you send those dutch-courage fueled love notes, just take a moment to consider…

Read More

Topics: Phishing, Spear Phishing, Employee Defense Training

7 Reasons Why Spotting a Phishing Email is Just the Beginning

Posted by Dane Boyd on Feb 6, '18

bigstock-Portrait-Of-Businessman-With-C-80860418.jpgIn most organizations, a user who can identify and delete phishing emails is considered a huge asset.

And, let’s be honest, they’re certainly a big step in the right direction. Users who can't spot a simple phishing email can easily jeopardize the security of an entire organization, even with a comprehensive set of technical security controls in place.

But in our eyes, there’s still a long way for these users to go. Deleted phish are better than clicked phish, but they shouldn’t be the end goal.

Read More

Topics: Phishing, Employee Defense Training, security awareness training

The 11 Types of Reported Emails

Posted by Elliot Volkman on Jan 18, '18

You receive an email, you are unfamiliar with the sender’s name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.

Read More

Topics: Phishing, security awareness training, Threat Monitor

Getting Past Gotcha: Reframing Anti-Phishing Training

Posted by Dane Boyd on Jan 9, '18

If you’ve been following our blog for a while, you’ll already be aware of our stance on anti-phishing training.

Experience has taught us that the only way to reliably improve a user’s ability to spot and report phishing emails is to test them in the real world. To put it another way, they need to see realistic phishing emails in their inbox on a regular basis… and you need to put them there.

It’s tempting (oh so tempting…) to treat this as a gotcha exercise.

Read More

Topics: Phishing, Phishing Simulation, security awareness training

How To Really Change User Email Behaviors (It’s Not About Education)

Posted by Dane Boyd on Dec 15, '17

It’s not exactly a secret that most security awareness training programs are… less than effective.

Something about the 12-month gap between sessions, decade-old content, and total lack of user engagement seems to limit the potential for behavioral change.

We can’t imagine why.

But if you’re reading this, it’s a reasonable bet that you take security awareness more seriously than many of your peers.

Read More

Topics: Phishing, security awareness training

The Targeted Approach to Anti-Phishing: Improving Core Skills

Posted by Dane Boyd on Dec 1, '17

Wouldn’t it be great if every one of your users could be turned into an anti-phishing specialist?

Like sleeper agents, they’d be ready at any moment to drop their day jobs and sniff out every last malicious email that makes it past your perimeter defenses.

It’s an enticing fantasy.

But is it reasonable to expect your users to become genuine anti-phishing experts? We think not.

Read More

Topics: Phishing, security awareness training

Holiday Phishing Scams Target Job Seekers

Posted by Amanda Kline on Nov 21, '17

'Tis the season for shopping, time spent with friends and family, and preparations to celebrate the holidays. As most of us plan for the coming season, cyber criminals are looking for opportunities to catch victims off guard and steal valuable personal information. People looking to supplement their gift-giving budget with a seasonal holiday job should take a close look at job listings before pursuing offers found online or in their email inboxes. Job scams target those looking for part-time holiday work, specifically aiming to steal personally identifiable information that is often requested on applications for employment. We have observed mass spam email-based job scams using branding from well-known retailers such as Target and Walmart that commonly offer seasonal employment. 

Read More

Topics: Phishing, Holiday Scams

Have We Conditioned Web Users to be Phished?


Have the well-meaning recommendations of the security community made web users more vulnerable to cyber attacks? Have we conditioned people to be phished?

The HTTPS Paradox

You know that little green padlock symbol that appears in your browser’s URL bar every now and then? What do you think it means?

Read More

Topics: Phishing, Cyber Security Awareness Month

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all