The PhishLabs Blog

Phishing @Home: Phishers set up sites on residential broadband hosts

Posted by Don Jackson, Director of Threat Intelligence

Apr 16, '14

PhishLabs is studying a wave of phishing attacks that utilize spam to distribute links to phishing sites installed and hosted on the personal computers of residential broadband customers.

The attackers start by scanning residential service IP address space for open RDP (Remote Desktop) ports and brute-force default, common, or otherwise weak passwords.  Once access is gained, the attackers install web server software and upload a number of different phishing pages, the links to which are sent out via spam email messages.

Read More

Topics: Phishing, Threat Analysis, Threat Intelligence, Spam

Phishing up 60%, Chart-Topping Scam App, and... oh yeah, Heartbleed! | TWIC - April 11, 2014

Posted by Stacy Shelley

Apr 11, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Not much to add to Heartbleed that has not already been said, other than to expect malicious "Reset your Password due to Heartbleed" emails from phishers, spammers and the like. With so many legit password reset emails in their inboxes, users and customers are more susceptible to well-crafted email lures.

Read More

Topics: The Week in Cybercrime

Phishers expand their target list | APWG 2H2013 Global Phishing Survey

Posted by Stacy Shelley

Apr 10, '14

As usual, there's some good data in the 2H2013 Global Phishing Survey released by the APWG today. 

Phishing attacks grew quite a bit, up 60% from the first half of 2013. Still short of the peak observed in the last half of 2012, but a significant increase nonetheless.

How else did the phishing landscape change in the last half of 2013? 

Read More

Topics: Phishing, APWG

Phishing Takedown < Anti-Phishing < Phishing Protection

Posted by John LaCour

Apr 8, '14

Phishing is a prevalent problem for businesses, particularly financial institutions. Over the years, many services have emerged to help organizations address phishing attacks that are targeting their customers' accounts. When seeking solutions, businesses find they have several options to choose from. These fall into three categories:

  • Phishing takedown services
  • Anti-phishing services
  • Phishing protection services

These categories may seem interchangeable, but there are some key distinctions between them that make a big difference.

Read More

Topics: Phishing, Strategy

1,700+ Google Docs Phish, New FFIEC DDoS Guidance | The Week in Cybercrime - April 4, 2014

Posted by Stacy Shelley

Apr 4, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Over the past several months, we've noticed a growing number of "all-in-one" webmail phishing sites using Google Docs or Google Drive as bait. More than 1,700 are active as of this posting, many of which have been up for months. 

Earlier this week, the members of the FFIEC issued guidance to financial institutions regarding the steps they should take to mitigate the risk of DDoS attacks. It's interesting that they now "expect each financial institution to address DDoS readiness." This isn't news for the big institutions, but many community banks and credit unions should take note and re-evaluate their DDoS risk accordingly.

Read More

Topics: The Week in Cybercrime

1,700+ Google Docs and Drive phishing scam sites currently active

Posted by Brad Warneck

Apr 3, '14

Over the past several months, we've noticed a growing number of "all-in-one" webmail phishing sites using Google Docs or Google Drive as bait. More than 1,700 are active as of this posting, many of which have been up for months.

Read More

Topics: Phishing, Threat Analysis, Spam

New MitM attacks, Facebook's ThreatData - The Week in Cybercrime - March 28, 2014

Posted by Stacy Shelley

Mar 28, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted. 

There is a great deal of threat data out there being generated by the good guys. But the data is far from uniform in structure and quality, making it difficult to consume and apply the data in truly meaningful ways to protect users. The good news is that it's a known problem that several groups are trying to address. Earlier this week, the security team at Facebook jumped in with the ThreatData framework for capturing intelligence data, storing it, and applying it to security processes.

Read More

Topics: The Week in Cybercrime

New Man-in-the-Middle attacks leveraging rogue DNS

Posted by Don Jackson, Director of Threat Intelligence

Mar 26, '14

New MitM attacks impersonate banking sites without triggering alerts

PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted.

Read More

Topics: Malware, Fraud, Threat Analysis, Threat Intelligence, Rogue DNS, Crimeware

No more Full Disclosure, EA server used for phishing - The Week in Cybercrime - March 21, 2014

Posted by Stacy Shelley

Mar 21, '14

Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).

Highly-regarded threat researcher Don Jackson joins to serve as Director of Threat Intelligence and security analytics innovator Christopher O'Rourke joins as our Senior Product Manager. 

The longstanding mailing list for publishing vulnerabilities has closed it's doors. Full Disclosure has seen it's fair share of controversy over the years, and the announcement from admin John Cartwright credits a recent dispute with an "individual researcher" as the tipping point for the decision. 

Read More

Topics: The Week in Cybercrime

Two veteran cybercrime experts join PhishLabs

Posted by John LaCour

Mar 19, '14

On behalf of the PhishLabs team, I am very excited to announce that two senior cybercrime experts have joined us in the fight against cybercrime. 

Don Jackson is a veteran cybercrime expert with extensive experience researching and investigating advanced cybercrime malware. As the discoverer of the Gozi Trojan and one of the foremost authorities on modern banking Trojans such as ZeuS and Citadel, Don is a recognized thought leader in the industry and is frequently featured in major media outlets for his expertise. 

Read More

Topics: General, Company News

    

Subscribe to Email Updates