The PhishLabs Blog

Password Manager Breach, Phone Scams on the Rise, Hijacked Medical Devices and more | TWIC - June 19, 2015

Posted by Lindsey Havens on Jun 19, '15
TWIC_branding

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Read More

Topics: Phishing, The Week in Cybercrime, Vishing, Crimeware, Data Breach, Ransomware, Hacked

Top blog posts from PhishLabs: 2014 review

Posted by Lindsey Havens on Dec 30, '14

It has been an eventful year in cybercrime. We hope you have been able to follow our blog for updates in the cyber security arena but in case you missed one or two, we’ve compiled the most popular posts published by PhishLabs in 2014:

Read More

Topics: Phishing, Malware, ZeuS, Hacker Tools, Vishing, Vawtrak, Banking Trojan

As expected, Shellshock is being used for phishing attacks

Posted by Stacy Shelley on Oct 17, '14

Via Lancope, a botnet built by exploiting the Shellshock vulnerability is being used for phishing attacks:

Read More

Topics: Phishing, Vishing, Shellshock

Vishing campaign steals card data from customers of dozens of banks

Posted by John LaCour on Apr 29, '14

Vishing is alive and well -- and impacting midsize banks

Multiple recent vishing attacks (Voice over IP phishing) have been stealing payment card data from the customers of U.S. banks. In an attack last week, customers of a midsize bank received SMS text messages claiming their debit card was deactivated and requesting they provide the card and PIN numbers to reactivate it. 

PhishLabs investigated the attack and uncovered a cache of stolen payment card data belonging to customers of dozens of financial institutions. Based on analysis of the recovered cache, we estimate the vishing crew responsible for the attack has stolen the data of 250 cards per day in this vishing campaign. Further investigation also indicated that one of the phone numbers used in the campaign has likely been used in vishing attacks since October of 2013. 

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Vishing

How to stop a vishing or SMiShing attack (Part 1)

Posted by Stacy Shelley on Jan 24, '14

You’ve just been alerted to fraudulent phone calls or text messages claiming to be from your company that try to get your customers to provide their account information. What do you do? How do you respond? How do you stop them?

To answer these questions, it’s helpful to understand what a vishing or SMiShing attack entails. Sometimes referred to as phone phishing or VoIP phishing, vishing exploits the trust your customers have in your telephone communications to steal information that can be used to take over personal or business accounts.

Here’s an example of a phone phishing scenario:
Read More

Topics: Vishing, SMiShing, Phone Fraud

   

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events

Calendar_Mock_