Recent Posts

Recent Blog Posts

The PhishLabs Blog

Security Awareness Training and How it Impacts Reported Suspicious Emails

Posted by Dane Boyd on Apr 19, '18

It should not be a surprise, but 95 percent of breaches come through phishing attacks. Nothing more than a simple lure email lands in one of your users inboxes, they click it, and everything unravels from there.

Read More

Topics: security awareness training, Phish, Threat Monitor

How To Avoid Bursting the Buy-In Bubble

Posted by Stacy Shelley on Apr 12, '18

You know the feeling.

You’re excited about something. It’s new, it’s interesting, and you’re ready to go.

But then something happens and all of a sudden that excitement just drains away, to be replaced with a resounding “Meh.”

Read More

Topics: Employee Defense Training, security awareness training

Webinar Announcement: Microlearning for Macro Results

Posted by Elliot Volkman on Feb 28, '18

Training and education models of the past are antiquated and ineffective, and when it comes to the risk of your company and clients that simply isn’t good enough.

Our webinar for March will focus on a new and improved education model that can be built out as part of an organization’s security awareness training.

Read More

Topics: security awareness training

The Case for 24/7 Threat Monitoring

Posted by Elliot Volkman on Feb 8, '18

You wake up, wipe the sleep away from your eyes, among the first things you do is to reach over and grab your phone. Your work day hasn’t officially begun, but you’re already looking through your emails. The night before? A similar process, but in reverse. According to a Good Technology survey, 68 percent of professionals check their work email before 8 am and another 50 percent check it while in bed. It doesn’t end there though, as 38 percent commonly break from the dinner table to look through their work emails, too.

Read More

Topics: security awareness training, Threat Monitor

7 Reasons Why Spotting a Phishing Email is Just the Beginning

Posted by Dane Boyd on Feb 6, '18

bigstock-Portrait-Of-Businessman-With-C-80860418.jpgIn most organizations, a user who can identify and delete phishing emails is considered a huge asset.

And, let’s be honest, they’re certainly a big step in the right direction. Users who can't spot a simple phishing email can easily jeopardize the security of an entire organization, even with a comprehensive set of technical security controls in place.

But in our eyes, there’s still a long way for these users to go. Deleted phish are better than clicked phish, but they shouldn’t be the end goal.

Read More

Topics: Phishing, Employee Defense Training, security awareness training

Why Failure Isn’t the Enemy in the Fight Against Phishing

Posted by Dane Boyd on Jan 29, '18

bigstock-Virus-Detection-92802713-1.jpgTraining users to identify and report phishing emails is far from an overnight fix.

It takes time, persistence, and engagement to make a meaningful impact on user email behaviors.

But you already knew that, didn’t you? In fact, you probably already have a program in place to help users identify potentially malicious emails.

Read More

Topics: Employee Defense Training, security awareness training

The 11 Types of Reported Emails

Posted by Elliot Volkman on Jan 18, '18

You receive an email, you are unfamiliar with the sender’s name or email address, and they are offering you a new service or deal on something. Is it malicious? Not necessarily. Perhaps you forgot about signing up for a newsletter a while back.

Read More

Topics: Phishing, security awareness training, Threat Monitor

What Type of Emails Get Reported the Most?

Posted by Elliot Volkman on Jan 16, '18

In anticipation of our previous threat monitoring and forensics webinar we asked the Twitterverse what happens after they report a suspicious email. Does it fall into a black hole? Does IT check it out to mitigate potential impact? The results are in, and interestingly a majority of polled respondents simply don’t know what happens to their emails after they report it.

Read More

Topics: security awareness training, business email compromise, Threat Monitor

Getting Past Gotcha: Reframing Anti-Phishing Training

Posted by Dane Boyd on Jan 9, '18

If you’ve been following our blog for a while, you’ll already be aware of our stance on anti-phishing training.

Experience has taught us that the only way to reliably improve a user’s ability to spot and report phishing emails is to test them in the real world. To put it another way, they need to see realistic phishing emails in their inbox on a regular basis… and you need to put them there.

It’s tempting (oh so tempting…) to treat this as a gotcha exercise.

Read More

Topics: Phishing, Phishing Simulation, security awareness training

How To Really Change User Email Behaviors (It’s Not About Education)

Posted by Dane Boyd on Dec 15, '17

It’s not exactly a secret that most security awareness training programs are… less than effective.

Something about the 12-month gap between sessions, decade-old content, and total lack of user engagement seems to limit the potential for behavioral change.

We can’t imagine why.

But if you’re reading this, it’s a reasonable bet that you take security awareness more seriously than many of your peers.

Read More

Topics: Phishing, security awareness training

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events

Calendar_Mock_

Posts by Topic

see all