Italian DHL-Themed Phishing leads to Ursnif, Spambot

PhishMe Intelligence™ recently intercepted a subtle, DHL-spoofing campaign delivering a heavily-obfuscated JavaScript file. When executed, this JavaScript file downloads and runs a variant of the Ursnif/Gozi-ISFB trojan. Ursnif, in addition to its banker and stealer pedigree, acts as a downloader to serve a nasty surprise to the infected system. This is the first time PhishMe Intelligence has observed Ursnif actively delivering a spambot onto an infected system. Given Ursnif’s usually stealthy tendencies, it is somewhat unusual to see such a pairing.

City, University of London, selects PhishMe to provide the highest degree of phishing and ransomware protection

University employs human behavioural conditioning techniques designed to build student and staff resilience to phishing

LONDON – February 13th, 2018 – Today, PhishMe®, the leading provider of human-focused phishing defence solutions, announced it has been selected by City, University of London to empower over 20,000 staff and students to be an active line of defence and source of attack intelligence in its fight against cybercrime. The university will deploy a dynamic suite of PhishMe solutions – PhishMe Simulator®, PhishMe Triage™ and PhishMe Reporter® – as part of a three-year programme.

PhishMe Attains SOC 2 Type I Compliance Across PhishMe Simulator and hosted PhishMe Triage Product Offerings

LEESBURG, VA. – February 9th, 2018 – PhishMe®, the leading provider of human phishing defense solutions, today announced it has successfully completed a Service Organization Controls (SOC) 2 Type I examination across the PhishMe Simulator® and hosted PhishMe Triage™ product lines, which help organizations address the human sources of risk associated with phishing attacks.

Another wave of Brazilian malspam leads to banking trojan

In October of 2017 we blogged about a phishing campaign specifically targeting Brazilian Portuguese- speaking users.

Back then, the campaign distributed a malicious Chrome browser extension. More recently, we have observed a wave of emails that have remarkably similar characteristics. This time around, the malware of choice is a banking trojan.

PhishMe Honored with Five Wins at the 2018 Cybersecurity Excellence Awards

Company selected as a winner across several cybersecurity product and professional categories

LEESBURG, VA. – February 8, 2018 – PhishMe®, the leading provider of human phishing defense solutions, today announced that the 2018 Cybersecurity Excellence Awards selected it as a winner in five categories.

The 2018 Cybersecurity Excellence Awards honor individuals, products and companies that demonstrate excellence, innovation and leadership in information security. The full list of categories PhishMe was named a finalist in include:

Cybersecurity Product

  • GOLD WINNER – Incident Response: PhishMe Triage™
  • SILVER WINNER – Security Education: PhishMe CBFree™
  • BRONZE WINNER – Security Education Platform: PhishMe Simulator® and PhishMe Reporter®
  • GOLD WINNER – Threat Detection, Intelligence and Response: PhishMe Intelligence™
  • FINALIST – Managed Security Service, PhishMe Professional Services

Cybersecurity Professional

  • SILVER WINNER – Cybersecurity Team of the Year – North America: PhishMe Customer Support

“We are honored that the Cybersecurity Excellence Award team recognized the value of our teams, services and solutions, which help organizations focus on an often-missing piece of the security puzzle – the human element,” said Rohyt Belani, co-founder and CEO of PhishMe. “Our platform allows more Fortune 500s and government agencies than any other to empower employees to recognize and report phishing attacks, while enabling incident response teams to quickly analyze these threats in real time.”

Details about the 2018 Cybersecurity Excellence Awards and the list of finalists in all categories are available at

For more information about PhishMe, please visit:

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.

Meltdown and Spectre: Prospects for Impact and Steps to Protect Yourself

The recent disclosure of critical CPU vulnerabilities, Meltdown and Spectre, have rocked the information security industry due to the catastrophic consequences they have for data protection. Meltdown and Spectre exploit critical vulnerabilities present in almost all modern processors, creating the potential for leaks in sensitive data as it is processed on a computer or server. A malicious program exploiting these vulnerabilities would be able to access data stored in the memory of other running programs, such as passwords stored in a password manager or browser, personal emails or photographs, and other sensitive data. The vulnerabilities extend to personal computers, mobile devices, and the cloud, where it may be possible to steal data from other cloud customers—essentially anything using an Intel, AMD, or ARM processor.

Identify, Prioritize, and Respond to Phishing Threats Faster with PhishMe and ServiceNow

Improve the Phishing Incident Response Workflow with PhishMe Triage™ and ServiceNow® Security Operations

Security leaders are bolstering their resiliency to phishing attacks. It starts with conditioning employees to recognize and report suspicious email. Take for example “Alice,” the CISO for a Fortune 100 company. Alice’s team regularly simulates real-world phishing on employees at all levels. The program involves behavioral conditioning that requires employees to report simulated and real attacks.

Love Hurts – But Catphishing Doesn’t Have To

For the past few years we have discussed the power of emotion in phishing emails. This is never more valuable to understand than during the upcoming Valentine’s season. The traditions of gift giving to current partners and the romanticized notions of hearing from a secret admirer are so firmly ingrained in our minds that we become easy targets for scam artists.