Italian DHL-Themed Phishing leads to Ursnif, Spambot

PhishMe Intelligence™ recently intercepted a subtle, DHL-spoofing campaign delivering a heavily-obfuscated JavaScript file. When executed, this JavaScript file downloads and runs a variant of the Ursnif/Gozi-ISFB trojan. Ursnif, in addition to its banker and stealer pedigree, acts as a downloader to serve a nasty surprise to the infected system. This is the first time PhishMe Intelligence has observed Ursnif actively delivering a spambot onto an infected system. Given Ursnif’s usually stealthy tendencies, it is somewhat unusual to see such a pairing.

City, University of London, selects PhishMe to provide the highest degree of phishing and ransomware protection

University employs human behavioural conditioning techniques designed to build student and staff resilience to phishing

LONDON – February 13th, 2018 – Today, PhishMe®, the leading provider of human-focused phishing defence solutions, announced it has been selected by City, University of London to empower over 20,000 staff and students to be an active line of defence and source of attack intelligence in its fight against cybercrime. The university will deploy a dynamic suite of PhishMe solutions – PhishMe Simulator®, PhishMe Triage™ and PhishMe Reporter® – as part of a three-year programme.

PhishMe Attains SOC 2 Type I Compliance Across PhishMe Simulator and hosted PhishMe Triage Product Offerings

LEESBURG, VA. – February 9th, 2018 – PhishMe®, the leading provider of human phishing defense solutions, today announced it has successfully completed a Service Organization Controls (SOC) 2 Type I examination across the PhishMe Simulator® and hosted PhishMe Triage™ product lines, which help organizations address the human sources of risk associated with phishing attacks.

Another wave of Brazilian malspam leads to banking trojan

In October of 2017 we blogged about a phishing campaign specifically targeting Brazilian Portuguese- speaking users.

Back then, the campaign distributed a malicious Chrome browser extension. More recently, we have observed a wave of emails that have remarkably similar characteristics. This time around, the malware of choice is a banking trojan.

PhishMe Honored with Five Wins at the 2018 Cybersecurity Excellence Awards

Company selected as a winner across several cybersecurity product and professional categories

LEESBURG, VA. – February 8, 2018 – PhishMe®, the leading provider of human phishing defense solutions, today announced that the 2018 Cybersecurity Excellence Awards selected it as a winner in five categories.

The 2018 Cybersecurity Excellence Awards honor individuals, products and companies that demonstrate excellence, innovation and leadership in information security. The full list of categories PhishMe was named a finalist in include:

Cybersecurity Product

  • GOLD WINNER – Incident Response: PhishMe Triage™
  • SILVER WINNER – Security Education: PhishMe CBFree™
  • BRONZE WINNER – Security Education Platform: PhishMe Simulator® and PhishMe Reporter®
  • GOLD WINNER – Threat Detection, Intelligence and Response: PhishMe Intelligence™
  • FINALIST – Managed Security Service, PhishMe Professional Services

Cybersecurity Professional

  • SILVER WINNER – Cybersecurity Team of the Year – North America: PhishMe Customer Support

“We are honored that the Cybersecurity Excellence Award team recognized the value of our teams, services and solutions, which help organizations focus on an often-missing piece of the security puzzle – the human element,” said Rohyt Belani, co-founder and CEO of PhishMe. “Our platform allows more Fortune 500s and government agencies than any other to empower employees to recognize and report phishing attacks, while enabling incident response teams to quickly analyze these threats in real time.”

Details about the 2018 Cybersecurity Excellence Awards and the list of finalists in all categories are available at

For more information about PhishMe, please visit:

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.