Categories
Phishing Attacks are Increasingly Sophisticated
on 05/07/2021 11:49 AM
The world of cybersecurity is ever-changing, and bad actors are increasingly coming up with sophisticated social engineering phishing attempts that most people lack the training to identify. As we have touched upon in our previous blog posts, with the increasing rise in remote learning/work, bad actors are launching increasingly sophisticated social engineering and phishing campaigns ut...
Read More
Microsoft tops the list of Most Impersonated Brands in Q1 2021
on 04/28/2021 12:26 PM
According to the Brand Phishing Report for Q1 courtesy of Check Point, Microsoft holds the distinction for being the Most Imitated Brand in Q1 2021. For those not familiar, the report highlights the brands that are frequently imitated by criminals every quarter. The report has Microsoft on top, with 39% of phishing attempts related to the technology company. However, their numbers ...
Read More
Crafting a Solid Security Awareness Training Program
By Liam Rolfe on 04/19/2021 9:00 AM
As the world continues to deal with COVID-19 remote work has exploded to become a new normal for many industries. This new normal presents exciting possibilities for workers yet exposes them to critical security gaps as employees let their guards down when working remotely. As more data and digital communications are shared or stored on cloud servers, avenues for cyberattacks will only increas...
Read More
Spear Phishing Attacks are moving to LinkedIn
By Liam Rolfe on 04/08/2021 12:48 PM
With a COVID-influenced economy, job hunting has become very difficult, and as a result, more and more people are using LinkedIn as a tool to look for remote jobs or local jobs online. However, things might have become more dangerous because these job offers are now the target of cyber criminals. Early this week, security firm eSentire warned LinkedIn users of a new Spear Phishing at...
Read More
Who Trains the Teacher on Phishing?
By Liam Rolfe on 04/02/2021 8:50 AM
According to the IBM X-Force Report, phishing remains one of the leading causes of data breaches outside of ransomware. K–12 education systems are not immune to this reality since elementary and secondary school networks contended with a record number of cybersecurity incidents during 2020. A new report by the K-12 Cybersecurity Resource Center found that the pandemic drove mi...
Read More
New & Updated Phishing Email Templates
By New & Updated Phishing Email Templates on 03/15/2021 8:48 AM
Over the past few weeks, we have been overhauling our phishing email template library. We've sorted through the library and organized our templates based on attack type and difficulty. We've also added a deluge of updated templates. These templates will help our clients conduct realistic phishing simulations at a higher level.
Read More
Local Election Officials Targeted with Suspicious Email
on 10/27/2020 4:25 PM
A report in the Wall Street Journal on October 26th described incidences of election officials within the U.S. at the local level being sent suspicious emails which appear to be purposefully targeting them due to their position within their states. According to the private alert which went out Friday, October 23rd which the WSJ is referring to, one of the emails appears to come from an election di...
Read More
CenturyLink Outage Affecting 3.5% of the Internet
on 09/02/2020 10:01 AM
On Sunday August 30th, 2020 CenturyLink suffered a major outage which affected numerous internet companies including Amazon, Twitter, Microsoft via Xbox Live, EA, Blizzard, Steam, Discord, Reddit, Hulu, NameCheap, OpenDNS, and many others including PhishingBox. One of the major companies affected was also Cloudflare who wrote about the outage on their blog saying, “Globally, we saw a 3.5% dr...
Read More
New Experiment in Google Chrome to Fight Back Against Phishing Websites
on 08/21/2020 11:28 AM
The developers behind the Google Chrome browser have announced in a blog post that they will begin testing a new way to help defend against the increasing threat of phishing attacks. Stemming from a report in collaboration between Google and University of Illinois at Urbana-Champaign, researchers found that "more than 60% of users were fooled when a misleading brand name appeared in a URL&rsq...
Read More
New Research Finds That 7.42% Of Victims Who Visit Phishing Sites Supply Their Credentials
By Ben Strevy on 08/04/2020 9:53 AM
In a new report from the combined efforts of Arizona State University, PayPal, Google, and Samsung, researchers found that at least 7.42% of victims who visit phishing pages input their credentials resulting in compromised accounts and experience fraudulent transactions as a result. The researchers monitored traffic to phishing pages recording over 4.8 million victims who visited phishing pag...
Read More
LastPass Customers Receive Phishing Email In Attempt to Steal Master Password
on 07/21/2020 10:38 AM
In an effort to inform and defend customers, LastPass warned that there had been reports of a Phishing email that was being sent to users using the LastPass platform. The email purports to be from LastPass and contained malicious links which directed recipients to update their master password. It is important to note that despite this email being phishing, LastPass has already stated tha...
Read More
Microsoft Warns About Consent Phishing Applications
on 07/10/2020 9:03 AM
A new post by the Microsoft security team warns about a new type of phishing attack vector targeting users. Consent Phishing, as they refer to it as, targets users by asking for an egregious amount of permissions from Single-Sign-On allowing the bad actors to abuse the accounts they have been granted access to.
Taking advantage of the shift of a large number of employees from working in the off...
Read More
New Phishing Attempt on Instagram for Fake Copyright Violations
on 06/30/2020 10:31 AM
Instagram users should be on the lookout for fake copyright notices that have emerged as a new way to try and phish people into handing over the credentials of their accounts. As reported by Andy Day at Fstopppers and further expanded upon by Michael Zhang at PetaPixel, Day was supposedly sent by The North Face Chile (@thenorthfacechile) a direct message on Instagram
The message...
Read More
Office 365 Users Targeted with Hijacked Oxford Servers using Samsung and Adobe links
on 06/22/2020 10:09 AM
As reported by Checkpoint Research, European users of Office 365 have been targeted with phishing emails sent from seemingly legitimate sources after bad actors hijacked Samsung's Adobe Campaign marketing redirect mechanism to send missed voicemail emails to targets which were able to get the "Message from Trusted Server" at the top of the email due to the combined trusted ...
Read More
Phishing Email Impersonating Black Lives Matter Promotes TrickBot Malware
on 06/12/2020 9:03 AM
As is common with real phishing campaigns, bad actors are using current events to take advantage of people and trick them into opening malicious emails. While the last few months have been dominated by COVID-19 related phishing emails, a new phishing campaign, discovered by Abuse.ch and first reported here has begun taking advantage of the Black Lives Matter movement in an attempt to install ...
Read More
GitLab Employees Had a 59% Failure Rate in a Recent Phishing Test
By Ben Strevy on 05/22/2020 4:25 PM
GitLab.com recently performed a spear phishing campaign where they targeted 50 of their employees in an attempt to see how vulnerable their team members were to phishing attacks. Using the domain "gitlab.company" and GSuite to deliver emails, those targeted were asked to click on a link to accept an upgraded Laptop from their IT department.
Of the 50 empl...
Read More
User Credential Theft Prevention
By Phisher on 09/02/2019 11:43 AM
Social engineering is the process of attacking the human, or employee, rather than the technology directly. Through social tactics, an employee is tricked into performing an action, such as installing malicious software, divulging information, or performing an authorized transaction. The theft of user credentials is a significant risk from social engineering.
According t...
Read More
Anti-Phishing Security Control Checklist
By Thomas Chase Gullett on 08/31/2019 4:00 PM
Phishing is a significant problem for most organizations. As a partner in helping to minimize the impact from phishing attacks on organizations, PhishingBox has created a checklist of controls an organization should implement. This anti-phishing checklist is designed primarily for the technical administrators along with other members of an organization’s security team or partne...
Read More
Verizon Data Breach Investigations Report (DBIR) - 2019
By Phisher on 08/28/2019 8:43 AM
The 2019 Verizon Data Breach Investigations Report (DBIR) provides valuable information on the threats facing organizations today. The DBIR is produced by Verizon with a collaboration of many security entities. The following is a summary of finding that relate to the human element of security.
Through the analysis from Verizon, and the report contributors, several threats emer...
Read More
Ten Steps to Creating a Phishing Awareness Campaign
By Phisher on 08/26/2019 2:52 PM
The following slideshare, authors Christopher Hadnagy and Michele Fincher outline ten steps to creating a phishing awareness campaign for an organization. PhishingBox provides the tools needed to easily implement such a program.
10 Steps to Creating a Corporate Phishing Awareness Program from Wiley
Please contact us if you have any questions about develo...
Read More