PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Kovter Ad Fraud Trojan Now Shipping with Locky Ransomware

BY Paul Burbage IN Phishing

Over the past couple of months, the PhishMe Research Team has observed Locky ransomware being distributed alongside the Kovter ad fraud trojan. We have looked at this malware distribution channel in the past, and since then, the threat actors have evolved from using a fake file encryption threat to using a well known and effective ransomware family: Locky. In this post we will examine the history of the Kovter actors’ experimentation with ransomware and walk through a sample campaign that our PhishMe Threat Intelligence Team captured. Ransomware Evolution The distributors behind Kovter have been experimenting with “ransomware” since as early as January 2016. We place the word…

READ MORE

0 comments

With apologies to Led Zeppelin fans: The (BEC) Song (Still) Remains the Same

BY Heather McCalley IN Phishing

Almost three months have passed since I last updated you on the Business Email Compromise scam, also known as the CEO Fraud scam.   Though the volume of these attacks remains high, the information security community has continued to collaborate well regarding this type of fraud, preempting the transfer of millions of dollars and identifying numerous mules in control of bank accounts around the world. Just last week, yet another phisher tried to phish PhishMe.  Our CTO, Aaron Higbee, reported on early attempts in September 2015 when he also described the use of PhishMe Reporter to phish-back and collect details of…

READ MORE

0 comments

Fortifying Defenses with Human-Verified Phishing Intelligence

BY Mike Saurbaugh IN Blog

Mining Phish in the IOCs PhishMe® and Palo Alto Networks® are providing security teams with the ability to ingest human-verified phishing intelligence in a standard format that can be automatically enforced as new protections for the Palo Alto Networks Next-Generation Security Platform through the MineMeld application. Through this integration, PhishMe and Palo Alto Networks are providing a powerful approach to identifying and preventing potentially damaging phishing attacks. The challenge of operationalizing threat intelligence Ransomware, business email compromise (BEC), malware infections, and credential-based theft all primarily stem from a single vector of compromise – phishing. Operationalizing threat intelligence, especially when it…

READ MORE

0 comments

An Open Enrollment Reminder – Phishers Want Your HSA Money!

BY Gary Warner IN Blog

As the end of the year approaches, many companies are communicating with their employees about benefits and Health Savings Accounts via email. Criminals realize this and have decided to get in on the action!  More consumers than ever are using HSAs as a way to save pre-tax income for future medical expenses. A report released by Devenir Research shared that, as of August 2016, 18.2 million HSA accounts currently hold $34.7 billion in assets – a 22% growth over 2015, and projects that by the end of 2018, more than $50 billion will be on deposit in HSA accounts. That’s…

READ MORE

0 comments

A Warning on Christmas Delivery Scams

BY phishme IN Blog

The time of year has once again arrived when post offices are busier than the freeway on a Friday evening. We buy gifts, online and in stores, and we send and expect packages to and from the far corners of the country, continent, and even the world. Yet behind this frenzy of merriment skulk a series of dangers. Although Christmas is still more than a month away, scammers of this kind have already been active in various areas across the US. For a number of years, security experts have grown to expect a hike in the number of internet scams being…

READ MORE

0 comments

SC Magazine Awards Recognize PhishMe as Finalist in Best IT Security-Related Training Platform Category for the Second Year in a Row

BY phishme IN Blog

Fresh off our win in the same category last year, we’re thrilled that PhishMe Simulator has been chosen as a finalist once again in the 2017 SC Magazine Awards for Best IT Security-Related Training Platform. The award highlights companies and organizations that provide end-user awareness training programs for enterprises to ensure that employees are knowledgeable and supportive of IT security and risk management plans. We’ve worked hard to live up to the honor of winning this prestigious award and many others such as being named a leader in the Gartner Magic Quadrant for Security Awareness Computer Based Training. This industry…

READ MORE

0 comments