PhishMe Blog

STAY CURRENT ON INDUSTRY TRENDS & PHISHME NEWS

Security Awareness: 4 tips on Trusting Technology

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

Part 3 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.

READ MORE

0 comments

Malicious Chrome Extension Targets Users in Brazil

BY Oscar Sendin IN Malware Analysis, Phishing, Phishing Defense Center

Our Phishing Defense Center recently detected a significant increase in the number of emails with malware designed  exclusively to target users in Brazil.

READ MORE

0 comments

Locky or TrickBot? Depends Where You Are. Malicious Payload Delivery Tailored by Geographic Location

BY phishme IN Internet Security Awareness, Malware Analysis, Phishing

BY NEERA DESAI AND VICTOR CORNELL It is not uncommon for threat actors to deploy malicious payloads from multiple malware families during a single phishing campaign. These malware tools may include ransomware, a financial crimes trojan, or other botnet malware. However, it is not as common for those attackers to deploy different malware tools based upon the geographic location of their victim.

READ MORE

0 comments

To Raise Security Awareness, Don’t Trust the Process.

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

Part 2 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month. 

READ MORE

0 comments

Rock the 80’s and More at PhishMe Submerge 2017!

BY phishme IN Cyber Incident Response, Internet Security Awareness, Phishing

An 80’s party, PhishMe Simulator™ Certification and savings of $100. They’re three great reasons to attend PhishMe® Submerge 2017, our second annual User Conference and Phishing Defense Summit, Nov. 29 – Dec. 1, Gaylord Hotel, Washington National Harbor.

READ MORE

0 comments

Heads Up: This Netflix Phish Targets Business Email, Not Just Home Accounts

BY Chase Sims IN Malware Analysis, Phishing, Phishing Defense Center

PhishMe® analyzes phishing attacks intended for corporate email all the time—phishing for corporate email credentials, malware delivery, etc. However, we also analyze phishing for consumer service credentials—think online shopping or Netflix—since it is also a part of the threat landscape.

READ MORE

0 comments

The Phishing Kill Chain – Triage and Mitigation

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

Part 6 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 5 we looked at the importance of reporting and associated best practices for implementation and measuring success at both the simulation and program trending level. Now let’s shift the focus from the development of our user base as reporters to a more traditional security skill set of detection, analysis and mitigation of threats.

READ MORE

0 comments

Don’t be so emotional. (It hurts security awareness.)

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

Part 1 in a weekly blog series, “How Attackers Target Trust,” running during October, National Cyber Security Awareness Month and European Cyber Security Month.  While modern technology and pervasive media can make all things appear new, they really aren’t. As we continue the battle against advanced persistent threats, malware and fraud, it’s important to remember that confidence men and women have been at this game for a long time.

READ MORE

0 comments

The Phishing Kill Chain – Reporting

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

Part 5 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 4 we looked at Simulation Delivery, and stress the importance of utilizing methods that model malicious actors and advanced persistent threats. We will now take a closer look at developing reporters in your company environment.

READ MORE

0 comments

Team Up Against Phishing at PhishMe Submerge 2017

BY phishme IN Cyber Incident Response, Internet Security Awareness, Phishing

Anti-phishing, like all security, is a team sport. (Apologies for that metaphor, but football season is here.) So join PhishMe® and other security professionals at PhishMe Submerge 2017, our second annual User Conference and Phishing Defense Summit, Nov. 29 – Dec. 1, Gaylord Hotel, Washington National Harbor.

READ MORE

0 comments

Take Advantage of Our Free Tools and Resources During National Cyber Security Awareness Month

BY phishme IN Internet Security Awareness, Phishing

It’s fitting that National Cyber Security Awareness Month ends on Halloween. October is the time to contemplate scary things, whether ghouls, folks in lederhosen stumbling about with steins or real-deal cyber threats: phishing emails loaded with ransomware.

READ MORE

0 comments

The Phishing Kill Chain – Simulation Delivery

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

Part 4 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 3 we looked at Simulation Design, where we discussed utilization of simulation results analysis and active threat intelligence in anti-phishing programs. We will now take a closer look at simulation delivery practices.

READ MORE

0 comments

A Song of Ice and Ransomware: Game of Thrones References in Locky Phishing

BY Victor Cornell IN Cyber Incident Response, Malware Analysis, Phishing

We rarely find out the identities of online attackers. As a result, it is often easy to picture attackers as impartial and emotionless devices instead of humans or groups of people. However, attackers often reveal small bits of information about themselves and their personalities in the tactics, techniques, and procedures they select.

READ MORE

0 comments

Tune Your Phishing Defense at Submerge 2017

BY phishme IN Cyber Incident Response, Internet Security Awareness, Phishing

Attention incident responders: PhishMe® Submerge is for you. Submerge 2017, our second annual User Conference and Phishing Defense Summit, offers over a dozen sessions on phishing defense alone. Overall the event will offer 30+ sessions, including another track covering phishing resilience.

READ MORE

0 comments

TrickBot Targeting Financial and Cryptocurrency Data

BY Brendan Griffin IN Internet Security Awareness, Malware Analysis, Phishing

While a great deal of focus for research into botnet trojans is on the multipurpose utility of this malware, many of these same tools are still utilized for direct financial crimes and fraud. This configuration data, provides a prima-facie insight into some of the preferred means for monetary gains by threat actors. An example of this can be found in the most recent rounds of TrickBot malware configurations. These XML documents describe the targeted login pages for online services and the action the malware is to take when a victim visits one. Many of the targeted resources reference the login…

READ MORE

0 comments

5 Reasons Our UK Phishing Report Would Make Winston Churchill Scowl

BY phishme IN Cyber Incident Response, Internet Security Awareness, Phishing

The US and UK share a lot of things. History. Political traditions. A language, if one is feeling generous. And now some worrisome phishing data that jumps out of two reports PhishMe® has commissioned, most recently in the UK.

READ MORE

0 comments

Endpoint Phishing Incident Response with PhishMe and Carbon Black

BY phishme IN Cyber Incident Response, Phishing, Threat Intelligence

Hunting Phished Endpoints with PhishMe Intelligence™ and Carbon Black® Response While sipping coffee and reading the morning headlines, the CISO notices a global mass-phishing campaign that took place overnight. Picking up the phone and calling the SOC, the CISO asks; “Are there any computers that may have been infected with ‘X’ that I read about this morning? I need answers before my meeting in an hour”.

READ MORE

0 comments

Customized Phishing Simulations Keep You “Left of Breach”

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

Part 3 in a series on being “Left of Breach” in the Phishing Kill Chain. In part 2 we looked at Self-Enumeration, assessing security and business process gaps that phishing attackers exploit. It’s the first step in being “Left of Breach” (see figure below), the process that builds a proactive phishing defense strategy.

READ MORE

0 comments

Phishing Incident Response: Get Started in 3 Steps

BY phishme IN Cyber Incident Response, Internet Security Awareness, Phishing

So, you want to improve your response to phishing threats? Smart idea. PhishMe®’s recent report on phishing response trends shows that phishing is the #1 security concern, but almost half of organizations say they’re not ready for an attack.

READ MORE

0 comments

Identity Crisis – The Real Cost of a PII Data Breach

BY John Robinson IN Cyber Incident Response, Internet Security Awareness, Phishing

As the success of phishing attacks continues to broaden and gain traction in the modern news cycle, it’s important that we understand the differences in impacts based on the type of breach.

READ MORE

0 comments