PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

New Enhancements Help Streamline Incident Response with PhishMe Triage

BY phishme IN Phishing

With security analysts pulled in many directions, they must be able to prioritize and invoke incident response on ransomware, business email compromise (BEC), malware infections, and credential-based theft emails. The key to this is the automation and streamlining of the incident response. PhishMe Triage™ has been updated with new features to help security analysts and incident response teams streamline their processes and secure administrative access. Key Features this Release Tighter Integration – Authenticated API for integration across the incident response team Additional Security – Two-factor authentication for PhishMe Triage users More Accountability – Audit logs are generated for all users…

READ MORE

0 comments

Zeus Panda Prominent in Italian-Language Phishing Throughout 2017

BY Mollie Holleman IN Malware Analysis

In 2017, PhishMe® analyzed over 40 Italian-language phishing campaigns that targeted victims with Zeus Panda. This popular multipurpose banking trojan is primarily designed to steal banking and other credentials, but is capable of much more as it provides attackers with a great deal of flexibility. Although some variation was observed, many of these campaigns demonstrated a large degree of shared tactics, techniques and procedures (TTPs).  Given the prolific nature of these campaigns, it is likely that Italian-language phish will continue to deliver Zeus Panda in 2018. Organizations should be alert to the indicators of compromise and phishing TTPs to prevent…

READ MORE

0 comments

Recent Sigma Ransomware Campaign Demonstrates Danger in the Simplest of Changes to Malware Delivery

BY Mollie Holleman IN Malware Analysis

On 1 December 2017, PhishMe Intelligence™ identified a new delivery technique for Sigma ransomware, which was most likely employed to evade automated detection and mitigation by email and anti-malware defenses. Potential victims received phishing emails with an embedded image as the message body that also included an attached Microsoft Office document containing a malicious macro. The embedded image contained a password that could be used to open the Microsoft Office document.

READ MORE

0 comments

Phishing defense: do you know your capabilities?

BY John Robinson IN Internet Security Awareness

As phishing continues to spread, executive teams across the globe are asking: “How well does our company recognize, report and respond to the threat?”

READ MORE

0 comments

In 2018, learn to call attackers’ bluffs.

BY John Robinson IN Internet Security Awareness

People often ask me about the future of phishing. What can we expect to see and how should we prepare?

READ MORE

0 comments

PhishMe Reporter: 5 Reasons Why 10M Users Are a Big Deal

BY phishme IN Internet Security Awareness

Okay, so it’s not billions of burgers. But when PhishMe Reporter® recently hit the 10 million mark—now deployed to 10 million end users’ work stations—the milestone was more than just a big number. A few reasons why:

READ MORE

0 comments

Report: beware consumer scams that target users at work

BY phishme IN Internet Security Awareness

Back in October, PhishMe® reported a Netflix email scam appearing in office in-boxes. Now our 2017 Phishing Resiliency and Defense Report confirms the danger: based on millions of simulated phishes across PhishMe customers, the study shows the most tempting workplace scams have a consumer flavor.

READ MORE

0 comments

Free training bundle: help your users spot the top holiday scams.

BY phishme IN Internet Security Awareness

The holidays are here and you know what that means. “Merry Phish-mas!” from every scammer who wants to bilk your business.

READ MORE

0 comments

Locky-Like Campaign Demonstrates Recent Evolving Trends in Ransomware

BY Neera Desai IN Malware Analysis

Over the US Thanksgiving holiday, PhishMe Intelligence™ observed a recent ransomware campaign, Scarab, that shares some similarities in behavior and distribution with Locky. In this campaign, Scarab was delivered by the Necurs botnet, which made headlines due to its distribution of Locky, which was one of the most prolific ransomware families of 2016 and 2017. Like Locky, Scarab can encrypt targets via both online and offline encryption.

READ MORE

0 comments

Here’s How Boards Should Measure Anti-Phishing Programs

BY John Robinson IN Phishing

In board rooms across the globe, directors are asking the question, “How is phishing affecting the organization and are we able to handle the risks?”

READ MORE

0 comments

URL Shorteners are the Fraudster’s Friend

BY Heather McCalley IN Malware Analysis

URL shorteners are a great tool to share a web address without a lot of typing. PhishMe Intelligence™ recently observed malicious actors using these services to evade security controls. They use these services to conceal the actual URL and bypass controls put in place to block known malicious domains.

READ MORE

0 comments

Microsoft Word DDE Abuse Tactics Spreads to Locky, Trickbot, and Pony Malware Campaigns

BY Mollie Holleman IN Malware Analysis

In a recent Strategic Analysis, we outlined how malicious actors leveraged Microsoft Office’s Dynamic Data Exchange (DDE) protocol functionality to compromise victims with Chanitor malware within days of SensePost publicly disclosing the risks. PhishMe® has since observed the weaponization of this tactic to deliver other types of malware in several campaigns that support some of the most lucrative current online criminal operations.

READ MORE

0 comments

“But It Looked Like It Came from IT!” – Focusing on Credential Phishing Trends

BY Heather McCalley IN Malware Analysis

Phishing websites are designed to steal usernames, passwords, and additional PII when unsuspecting victims are enticed to log in. Credential phishing intelligence is used to hunt, detect, and block access attempts to spoofed sites as well as to raise awareness about the latest tactics, techniques, and procedures used with credential and malware phishing campaigns. The new credential phishing feature from PhishMe Intelligence™ delivers additional information to help defend against credential-gathering attacks. The credential phishing intelligence is available via the PhishMe Intelligence API and portal. This blog is the first in a series about credential phishing in the enterprise. Credential Phishing…

READ MORE

0 comments

Black Friday Spam Alert: How to Shop Safe Online this November

BY Gary Warner IN Internet Security Awareness

As Black Friday draws near, it seems that every company with anything to sell is sending emails to advertise their specials. Consumers can expect to see emails from all sorts of major retailers: Amazon, Dell, Fry’s, Home Depot, Khol’s, Microsoft, and everyone under the sun, with some really great deals. However, mixed into this pile of email are a tremendous number of messages touting shady deals that could lead consumers to give up personal information, money, or just land them with fake products instead of what they were shopping for. Here are two major categories of trouble that you might…

READ MORE

0 comments

Vulture Stealer: What Banload Misses, Chrome Extension Receives

BY Max Gannon IN Malware Analysis

PhishMe Intelligence™ has uncovered a phishing campaign that delivers a new loader/browser plugin combination that we have dubbed Vulture Stealer. Vulture Stealer is a two-stage data stealer that includes a version of Banload banking trojan malware. However, paired with an extensive secondary stealer it can target and gather information beyond Banload’s reach within Google Chrome—effectively gathering any information entered within the compromised Chrome browser.  This campaign, which uses Portuguese-language phishing messages, may be targeting Brazilian banks and their customers. This is the first time PhishMe® has observed Banload coupled with a malicious browser extension.

READ MORE

0 comments

Be Careful Who You Trust: Impersonation Emails Deliver Geodo Malware

BY Marcel Feller IN Malware Analysis, Phishing Defense Center

Over the past weeks, the Phishing Defence Centre has observed several reports that pretend to come from an internal sender. While this impersonation tactic is not new, we have only recently observed an influx in emails used to deliver the Geodo botnet malware. Figure 1 demonstrates an example of an email we have received.

READ MORE

0 comments

Threat Actors Put a Greek Twist on Ransomware with Sigma

BY Chase Sims IN Malware Analysis, Phishing Defense Center

When we think of Greek-themed malware, the trojan family generally comes to mind. Not anymore, Sigma is a new ransomware delivered via phishing email.

READ MORE

0 comments

Real Estate Phishing Scams…Part 2

BY Heather McCalley IN Malware Analysis

Part 2 In part 1, we looked at the trend of phishing attacks targeting the real estate business, including home buyers who unwittingly wired money (millions) to criminals. Recently, CNBC reported the story and followed up with an interview of PhishMe® CEO and Co-founder Rohyt Belani.

READ MORE

0 comments

“All-in-One” Phish Gives Malaysians a Choice…of Phony Sites

BY Heather McCalley IN Malware Analysis

Recently, PhishMe® recorded suspicious messages that spoofed bnm.gov.my, the domain for the central bank of Malaysia, Bank Negara. The emails concerned a Funds transfer. Figure 1  Initial phishing message Red Flags Right Away The spoofed sending address belongs to a U.S.-based employee account on a high-reputation .ORG domain.  (Red Flag number 1: The friendly portion of sender name does not match the email address.)  Addresses on .ORG and addresses on university (.EDU) domains are frequently used to bypass spam filters that are set to allow messages through only when they appear to be coming from a sending domain with a…

READ MORE

0 comments

More Languages? Czech. Our CBT’s Are Truly Global.

BY phishme IN Internet Security Awareness

Back in June, PhishMe® launched our free computer-based training module on GDPR compliance. The feedback has been great, including urgent requests to make the training available in other languages.

READ MORE

0 comments