PhishLabs – Computer Security Articles

Tricky Phish Angles for Persistence, Not Passwords

January 7, 2020 admin jeff jones, Latest Warnings, login.microsoftonline.com, michael tyler, Microsoft Office 365, microsoftonline.com, PhishLabs, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Tue, 07 Jan 2020 21:35:40 +0000

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even after the victim has changed their password.

Independent Krebs

Should Failing Phish Tests Be a Fireable Offense?

May 29, 2019 admin A Little Sunshine, Cofense, John LaCour, PhishLabs, phishme, Rohyt Belani

Credit to Author: BrianKrebs| Date: Wed, 29 May 2019 17:39:26 +0000

Would your average Internet user would be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach).

Independent Krebs

Half of all Phishing Sites Now Have the Padlock

November 26, 2018 admin A Little Sunshine, Bibox, IDN, internationalized domain names, John LaCour, Latest Warnings, phishing, PhishLabs, Punycode, SSL

Credit to Author: BrianKrebs| Date: Mon, 26 Nov 2018 14:57:53 +0000

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

Independent Krebs

Phishers Are Upping Their Game. So Should You.

December 7, 2017 admin Crane Hassold, Latest Warnings, Let's Encrypt, PhishLabs, phishtank.com

Credit to Author: BrianKrebs| Date: Fri, 08 Dec 2017 00:35:24 +0000

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.