We've previously reported on how, due to the rise in phishing attempts leveraging SSL certificates, the icon in your web browser gives your users a false sense of security. The threat, however, doesn't end with your web browser. Although first observed as early as 2016, PhishLabs analysts have observed a dramatic uptick in the imitation of flags, banners, and other markup used by applications to...

You are affected by social engineering tactics every day. Okay, let me explain. From an information security standpoint, Wikipedia says that social engineering is the psychological manipulation of people into performing actions or divulging confidential information [1] . That's true, but social engineering isn't limited to information security; it's something we all experience, every day. In most...

Phishing attacks are supposed to be visible. If you can't see them, how could anyone possibly fall for them? Since the dawning of time for phishing attacks there has been a constant struggle between the threat actors creating phishing sites and the individuals and organizations combating them. This has caused phishing attacks to evolve in to more complicated and stealthy traps over time. Phishing...

Healthcare data breaches are among the most costly of any industry, and phishing attacks are the number one cause. Security technologies, while essential, are not enough to mitigate the threat posed by phishing. Over 90 percent of data breaches contain a phishing component, and the average cost to remediate a data breach is $3.86 million. However, the silver lining is that with an effective...

We've recently noticed two significant changes in C2 tactics used by the threat actors behind BankBot Anubis, a mobile banking trojan. First is the use of Chinese characters to encode the C2 strings (in addition to base64 encoding). The second is the use of Telegram Messenger in addition to Twitter for communicating C2 URLs. Previously reported by PhishLabs , the criminals behind BankBot Anubis...

This month the largest recorded data dump in history, 87GB filled with passwords and user credentials, was made available. Dubbed Collection #1 consists of 1,160,253,228 unique combinations of email addresses and passwords. Though historic, there are two positive notes regarding this information: The first is that this data set was circulated on hacking forums back in December of 2018 and is...

It happens on a daily basis, it's even likely that at some point it happened to you: social media account takeovers. A quick Google search shows a new batch of celebrities, politicians, companies, and other high profile users becoming the victim of account takeovers on a weekly basis. It's concerning, it can cause a ruckus, and depending on what happened after the fact it can even cause damage to...

Since 2015 there has been a steady increase in threat actors' use of SSL certificates to add an air of legitimacy to malicious websites. By the end of 2017 almost a third of phishing sites had SSL certificates, meaning their URLs began with HTTPS:// and (most) browsers displayed the all-important padlock symbol. In recent months, however, our team has observed an even more dramatic increase in the...

Phishing simulations come with a range of emotions for the users who interact with them. Some will simply ignore them, others may fail by clicking on a link or attachment, and for the well-trained, they may even report them. Even if there is a negative outcome, training leads and organizations should not be worried, yet. Just like in school, these simulations are just that, simulations or quizzes...

Since September 21, PhishLabs analysts have detected a number of phishing sites hosted on emoji domains. So far, all detected sites have a few things in common: They are hosted on the .WS Top Level Domain (TLD) They utilize domains with numerous subdomains (also emojis) They make use of redirects to avoid detection At the time of writing, PhishLabs analysts are investigating active phishing...

There are many misconceptions about the dark web and what goes on in the digital underground. Though the dark web is usually associated with criminal activities including drug dealing, human trafficking, selling counterfeit consumer goods and many other malicious acts, not everything in the dark web is completely dark. Many questions are frequently asked about the dark web and to further...

The most likely way that you will be compromised online is through a simple phish or a socially engineered attack. Today, these two techniques are often combined to create an even more threatening attack, an intelligently targeted phish. Thanks to the wealth of information that we all leave behind us as we use the Internet, it is easier than ever for a social engineer to learn our name, address...

Exposing your geolocation information publicly can lead to increased personal and business risk. This is particularly important to note in the wake of Google's location tracking , even if you explicitly told them not to. It is remarkable how freely we tell the world one of the most important things about ourselves: where we are. The everyday use of geotagging and geolocation data has enabled many...

Over the past few years mobile banking trojans have been a persistent threat. While Windows desktops and laptops once made up the lion's share of Internet traffic, mobile devices (particularly Android) have long since become the most common means of browsing the web. With banking trojans now incorporating such a wide range of malicious functionality, it's hardly surprising they have become a...

In the Oscar-winning movie The Sting, Harry Gondorff (played by Paul Newman) explains to his apprentice Johnny Hooker (Robert Redford) that the con that they set up must be so convincing that their mark, Doyle Lonnegan (Robert Shaw) won't even realize that he's been taken. Today, Gondorff and Hooker might not have needed to use a past-posting scheme to con Lonnegan. Instead they might have used a...

As a marketer I am all too familiar with how social media can benefit or damage a brand. On the one hand, social media offers an easy and (sometimes) free way to communicate with customers, prospects, and partners that many brands have used to great advantage. But on the other hand, it's yet another source of potential threats to an organization's infrastructure and reputation. And for the most...

Reported phishing emails are useful for plenty of reasons. They help you measure cyber risk, study common attack trends, and even provide inspiration for your own phishing simulations. One of the security functions that benefit most from reported phishing emails is threat hunting, the process of identifying threats quickly so they can be contained before any major damage is done. Reported phishing...

Let's be honest, employees make mistakes. And sometimes those mistakes have catastrophic consequences. Everybody has heard stories about people accidentally leaving an unencrypted work laptop on the train, or on the seat of their car. Heck, on a busy day we could even imagine ourselves doing it. But with industry regulators finally starting to find their teeth — and the GDPR is now in full force —...

Each day the average person spends around 135 minutes on social media . We know what you're thinking. That's a heck of a lot of time spent liking things, laughing at memes, and watching baby animal videos. But it's not all fun and games. In today's world we are more connected than ever, and social media platforms encourage us to share what was once private information in a very public way. From...