Recent Posts

Recent Blog Posts

The PhishLabs Blog

The 11 Types of Reported Emails

Posted by Elliot Volkman on Jan 18, '18

You receive an email, you are unfamiliar with the sender’s name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.

Read More

Topics: Phishing, security awareness training, Threat Monitor

What Type of Emails Get Reported the Most?

Posted by Elliot Volkman on Jan 16, '18

In anticipation of our previous threat monitoring and forensics webinar we asked the Twitterverse what happens after they report a suspicious email. Does it fall into a black hole? Does IT check it out to mitigate potential impact? The results are in, and interestingly a majority of polled respondents simply don’t know what happens to their emails after they report it.

Read More

Topics: security awareness training, business email compromise, Threat Monitor

Getting Past Gotcha: Reframing Anti-Phishing Training

Posted by Dane Boyd on Jan 9, '18

If you’ve been following our blog for a while, you’ll already be aware of our stance on anti-phishing training.

Experience has taught us that the only way to reliably improve a user’s ability to spot and report phishing emails is to test them in the real world. To put it another way, they need to see realistic phishing emails in their inbox on a regular basis… and you need to put them there.

It’s tempting (oh so tempting…) to treat this as a gotcha exercise.

Read More

Topics: Phishing, Phishing Simulation, security awareness training

How To Really Change User Email Behaviors (It’s Not About Education)

Posted by Dane Boyd on Dec 15, '17

It’s not exactly a secret that most security awareness training programs are… less than effective.

Something about the 12-month gap between sessions, decade-old content, and total lack of user engagement seems to limit the potential for behavioral change.

We can’t imagine why.

But if you’re reading this, it’s a reasonable bet that you take security awareness more seriously than many of your peers.

Read More

Topics: Phishing, security awareness training

The Targeted Approach to Anti-Phishing: Improving Core Skills

Posted by Dane Boyd on Dec 1, '17

Wouldn’t it be great if every one of your users could be turned into an anti-phishing specialist?

Like sleeper agents, they’d be ready at any moment to drop their day jobs and sniff out every last malicious email that makes it past your perimeter defenses.

It’s an enticing fantasy.

But is it reasonable to expect your users to become genuine anti-phishing experts? We think not.

Read More

Topics: Phishing, security awareness training

Healthcare Security Awareness Training: Don't Fear Failure, Learn From It

Posted by Dane Boyd on Jun 23, '17

The past few years has seen an explosion of cyber attack activity in the healthcare industry.

But that shouldn’t come as a surprise. Healthcare records are a goldmine for enterprising hackers, and with low security budgets across the industry it’s no wonder that healthcare organizations are considered a soft target.

A cursory glance at the industry’s security profile tells us everything we need to know. There are weaknesses everywhere, and hackers all over the world know it.

Incredibly, from a single successful healthcare breach, a hacker stands to earn anything from $285,000 to $1.7 million.

Read More

Topics: security awareness training, Healthcare

Why Your Security Awareness Training Isn't Working and What to Do Instead

Posted by Dane Boyd on Jun 22, '17

At this point, everybody knows phishing is a threat.

But then, it’s difficult to deny. As Verizon points out, over 90 percent of data breaches include a phishing or social engineering component, including many of the high profile breaches we all read about each week.

In fact, from a security perspective, phishing is the single greatest threat to most organizations, whether they’re tiny family owned businesses or huge multinational conglomerates.

So what are most organizations doing to defend against phishing?

Read More

Topics: security awareness training

Coming Soon - Healthcare Security Awareness Training, the 2017 Buyer’s Guide

Posted by Lindsey Havens on Jun 2, '17

Historically, security awareness training (SAT) in the healthcare industry… isn’t great. In fact, if you start talking about SAT to a healthcare CISO, you can see the frustration on their face almost immediately.

Back in February we attended HIMSS, one of the biggest healthcare IT shows in the US. We wanted to find out exactly what healthcare providers needed from a SAT program, and show them that (done properly) SAT can have a tremendous positive effect on the operational security of healthcare organizations.

Read More

Topics: security awareness training

7 Things the Healthcare Industry Needs from Security Awareness Training: HIMSS Feedback

Posted by Lindsey Havens on Mar 30, '17

Mention security awareness training in a healthcare setting and stress levels start to rise.

But it doesn’t have to be that way.

Last month we attended HIMSS, one of the largest healthcare specific IT conferences in the US. We wanted to show healthcare providers that security awareness training doesn’t have to be a huge burden, and that (done well) it can have a profound impact on a healthcare organization’s security profile.

But to do that, we needed to have frank conversations with as many healthcare providers as possible. We needed to find out what healthcare security professionals require from their security awareness training in terms of structure, content, and results.

And that’s exactly what we did.

Read More

Topics: security awareness training

The Phishing Email that Fooled Thousands of Trained Users

Posted by Dane Boyd on Mar 9, '17

It’s a sobering moment.

You work long and hard to prepare your users. You train them. You test them. And over time, you see amazing results.

But then it happens.

Just when you think your users are becoming rockstars at identifying phishing emails, threat actors throw a new tactic at you… and everybody falls for it.

Read More

Topics: security awareness training

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all