News & Blog

Our stories.

Verizon Data Breach Investigations Report - 2018

In its eleventh edition, the Verizon Data Breach Investigations Report (DBIR) continues to be a wealth of information for security professionals. Email threats, such as phishing, continue to be a problem.

Symantec Internet Security Threat Report 2018

The Symantec Internet Security Threat Report continues to be a valuable resource for companies to understand current threat vectors. The report highlights current threats and provides specific statistics related to these threats.

PhishingBox Launches ‘Phishing Reply Tracking’ Feature

PhishingBox launches 'Phishing Reply Tracking' to combat against CEO Fraud and Business Email Compromise phishing scams to help companies spot these attacks and allow them to deploy the necessary employee training and awareness to lower risk.

Phishing Alert - The Domain Name Renewal Scam

The PhishingBox team has recently noticed a surge in phishing scams related to renewing domain names, web/email hosting, etc., and we want to give some insights on ways to identify the scam and protect yourself from falling victim.

New Position: Account Manager

We are accepting applications for a full-time Account Manager, to work alongside the existing sales team in Lexington, KY. Experience in sales is required. Technology or software sales experience is a plus, but not required.

APWG Phishing Activity Trends Report | 4th Quarter 2016

The APWG Phishing Activity Trends Report for 4th Quarter 2016 indicates that the total number of phishing attacks in 2016 was 1,220,523, which is a 65% increase over 2015. Phishing activity in early 2016 was the highest ever recorded by APWG since i

Ransomware Completely Shuts Down Ohio Town Government

The Licking County government offices in Ohio, including the police force have been shut down by ransomware. It’s clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up.

Email Phishing Scams

The style of identity theft is extremely widespread because of the ease with which unsuspecting people share personal information. Phishing scams often lure people with spam email and instant messages requesting people to verify their account or confirm their billing address through what is actually a malicious website. Email phishing scams are carried out by tech-savvy con artists and identity th...

Kaspersky Lab 2016 Report

Internet fraud has been around for just about as long as the Internet itself.  According to a Kaspersky Lab 2016 Report, each year, cybercriminals come up with new techniques and tactics to fool their potential victims.  Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc.  The aim of these em...

Verizon Data Breach Investigations Report Summary 2016

The Verizon Data Breach Investigations Report Summary highlights key information related to social engineering. Now in its ninth year of publication, the “Verizon 2016 Data Breach Investigations Report” analyzes more than 2,260 confirmed data breaches and more than 100,000 reported security incidents in this year’s report – the highest since the report’s inception in ...

Advanced Persistent Threat (APT) Kill-Chain

According to Netswitch Technology Management, the Advanced Persistent Threat (APT) kill-chain looks like the following: Social Engineering: Identify individuals that have the needed access privileges. Spear Phishing: Attackers send spoofed e-mails with malicious links to download malware and infect high-value employee machines. Malware Infection: malware is downloaded on a system within ...

The Six Steps of an APT Attack

To improve your cyber security and successfully prevent, detect and resolve advanced persistent threats, you need to know how APTs work: The cyber-criminal or threat actor gains entry through an e-mail, network, file or application vulnerability and inserts malware into an organizational network. The network is considered compromised, but not breached. The advanced malware probes for addit...

Advanced Persistent Threats

Advanced Persistent Threat (APT) campaigns comprise a growing part of the current threat landscape. Some APT campaigns remain active, in fact, even after drawing extensive media attention. APT Campaign routines may vary over time but their primary goal remains the same – to gain entry to a target organization’s network and obtain confidential information.There are two ways to look...

Spear Phishing

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or website with a broad membership base, such as eBay or PayPal. In the case of spear phishing, the apparent source of t...

Phishing

Phishing is the attempt to acquire sensitive informative such as usernames, passwords and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Phishing is the illegal attempt to acquire sensitive information for malicious reasons.Traditional phishing attacks are usually conducted by sending malicious e-mails to as many people...

Anti-Phishing Work Group (APWG)

Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Phishing Activity Trends Report. These reports address phishing trends and underscore the significance of phishing by quantifying the scope of the global phishing problem.Key findings in the APWG Phishing Trends Report for Q4 2015: The Retail/Service sector became the most-targeted industry sector in the fourth quarter...

Symantec Internet Security Threat Report: 2016

The Symantec Internet Security Threat Report includes vast information on security related issues. Spam, phishing and malware data are captured through a variety of sources. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze and provide informed commentary on emerging trends in attacks, malicious code activity, phishing and spam. The annual ...

Verizon Data Breach Investigations Report Summary 2015

Since the 90s, phishing continues to evolve and continues to trick, especially those in communications, legal and customer service areas.  According to the Verizon 2015 Data Breach Investigations Report, 23% of recipients open phishing messages and 11% click on attachments to those messages.  Of more concern, 50% of recipients open e-mails and click on phishing links within the first h...

Summary of Global Phishing Survey 2H 2014

Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Global Phishing Survey. This report addresses phishing trends and underscores the significance of phishing by quantifying the scope of the global phishing problem. In this report, APWG examines all the phishing attacks detected in the second half of 2014, July 1 through December 31).Major findings were as follow: In th...

Symantec Report Shows 82% Of Social Media Attacks Are Fake Offerings

The monthly Symantec Intelligence Report identifies their latest analysis of the security landscape concerning malware, spam, and other cyber threats. There are several interesting facts identified in this report. 82 percent of all social media attacks so far in 2013 have been fake offerings. This is up from 56 percent in 2012. The global phishing rate is up in August, comprisi...

Summary of Global Phishing Survey 1H 2013

Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Global Phishing Survey: Trends and Domain Name Use. This reports addresses phishing trends and underscores the significance of phishing by quantifying the scope of the global phishing problem. In this report, the APWG examines all the phishing attacks detected in the first half of 2013 (“1H2013”, January 1 to June...

Phishing Activity Trends Summary 2013

The Anti-Phishing Working Group (APWG) Phishing Activity Trends Report 2013 analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website and by e-mail submissions. The APWG also measures the evolution, proliferation, and propagation of crimeware by drawing from the research of its member companies. This rep...

Security Awareness Training vs. Testing: Who's doing what?

Security awareness training is important. In today’s business environment, information security is important.  Securing information helps keep competitive advantages, meet regulatory compliance, and satisfy customer expectations.  Security compromises can be expensive in direct expenditures, such as fixing a vulnerability, and indirect costs, such as damage to reputation.  A...

White Box Or Black Box For Social Engineering Testing, Which Is Better?

When conducting social engineering testing as part of an audit or security assessment, should the client provide a listing of employees to test? Doing so is generally termed white box testing, as detailed information is provided to the auditor. The term “white box testing” was originally used to describe a form of software testing where detailed information on the software applicatio...

Social Engineering Attacks Are A Significant Business Risk

Social engineering attacks, or attacks on the human component of security, are a significant threat to businesses. With the proliferation of online tools and resources or attackers, the threat continues to grow. Although a business can spend money on firewalls, cameras, locks, and other security systems, it cannot ignore the human element. Without addressing the human component of the security s...

Cybercrime Victimization Rates Vary Between 1 And 17 Percent

The United Nations Office on Drugs and Crime was tasked with conducting a comprehensive study of the problem of cybercrime. The study, Comprehensive Study on Cybercrime, was conducted from February 2012 to July 2012, with information received from 69 member states. The study covered eight topics, organized into chapters: (1) Connectivity and cybercrime; (2) The global picture; (3) Legislati...

Are We Entering The Fourth Great Era Of Digital Crime?

BAE Systems Detica commissioned a report, Organized Crime In The Digital Age, by the John Grieve Centre for Policing and Security at London Metropolitan University to look in detail at the structure of organized digital crime groups, how they are using information and communications technology to perpetrate their crimes, and how these new threats can be tackled. As the report indicate, digi...

Cisco Research On Targeted Phishing Attacks

Cisco research on targeted phishing attacks explains why email remains the primary attack vector for cyber criminals.The research from Cisco points out, cybercriminal business models have shifted toward low-volume targeted attacks. The report, Email Attacks – This Time Its Personal, documents that email remains the primary attack vector, the annualized cybercrime business activity c...

Survey of IT Professionals Social Engineering Risks

In 2011, Dimensional Research and Check Point conducted a survey of IT Professionals on The Risk Of Social Engineering On Information Security. The report provides some key insights into security professionals concerns related to social engineering risks and what they are doing about such threats.The report was based on a global survey of 853 IT professionals conducted in the United Sta...

Summary of The Kaspersky Report On The Evolution of Phishing Attacks

The report from Kaspersky Labs is on the evolution of phishing attacks from 2011-2013. The information was collected from the Kaspersky Security Network cloud service used to gain a better understanding of the global landscape of phishing threats from a variety of angles. It is important to note that this study addressed only attacks that were intercepted using heuristic security technologies bu...

Spear-Phishing and Advanced Persistent Threat Campaigns

Spear-phishing is the most prevalent delivery method for advanced persistent threat (APT) attacks. Today’s cyber criminals launch APT attacks with sophisticated malware and sustained, multi-vector and multi-stage campaigns to achieve a particular objective. In a typical spear-phishing attack, a specially crafted email is sent to specific individuals from a target organization. “APT cam...

Symantec Internet Security Threat Report: Social Engineering Facts

The Symantec Internet Security Threat Report includes vast information on security related issues, including social engineering facts.  Spam, phishing, and malware data is captured through a variety of sources.  These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in att...

Gartner Survey On The Cost of Phishing Attacks

Although a few years old, a survey from Gartner shows the cost of phishing attacks. The threat to business and consumers is substantial.  Since the survey was completed, there has been no let up on the volume of social engineering attacks, including phishing.  As RSA pointed out earlier this year there was a 59 percent increase in phishing attacks from 2011 to 2012.  As such,...

Symantec Security Report Turns Conventional Wisdom Upside Down

Symantec security report turns conventional wisdom upside down.  Small businesses thought they were immune from social engineering attacks. Not so.It is understandable for many small businesses to consider themselves relatively immune from highly complex and sophisticated malware, phishing, and social engineering attacks.  After all, the logic goes, the bad guys are after the &ldqu...

RSA Phishing Report For 2012

RSA, a division of EMC, publishes a monthly report details statistics related to online fraud. The January 2013 report, The Year In Phishing, includes summary data on phishing attacks for 2012. The RSA phishing report for 2012 findings demonstrate that phishing and other social engineering tactics remain a significant concern for business and security professionals. Some of the key findings incl...

Types Of Phishing Defined

The types of phishing are defined in this post. This list defines phishing, spear-phishing, clone phishing, and whaling.If you’re reading this blog you probably already know a good bit about security. But for those of you who are just getting started in this field, or those who want to learn a little more about the types of phishing, we’ve pulled to a list of some of the various ...

Symantec Addresses New and Unique Facebook-Specific Attacks

Symantec addresses new and unique Facebook-specific attacks. A typical characteristic of phishing attacks is their ability to adapt with the times. With the rise of social media, the bad guys have found seemingly infinite opportunities to scam unsuspecting users. After all, social media is predicated on the unfiltered exchange of information; would-be victims are easy targets given how accustome...

Phishing Attacks Primary Target May Surprise You

Kaspersky Lab, a provider of antivirus and Internet security software, recently published its review of e-mail spam malicious attacks across 2012.  The results are a classic mix of good news and bad news.First, the good news.  The amount of e-mail spam fell throughout the course of the year.  By the end of the year, the average amount of spam in email stood at 72.1 percen...

Social Engineering Attack Prevention and Mitigation

When Microsoft security experts offer advice, organizations should listen, particularly with regards to social engineering attacks. Microsoft has provided insight into social engineering attack prevention and mitigation.Social engineering attacks are becoming increasingly sophisticated, and as a result, far more difficult to control since the attackers generally prey on the human element rat...

On-site or Offsite Social Engineering Testing

Should we perform on-site or offsite social engineering?Although there is value in onsite social engineering, for the money offsite social engineering, such as that provided by PhishingBox is much more cost effective. Only in rare circumstances, will attackers attempt anything that require their physical presence. As such, most organizations do not need onsite testing.According to a rece...

Password Weaknesses Are Exploited By Social Engineering

Password weaknesses can be exploited. Today, users are susceptible to social engineering because they access more web-based systems. With the increased adoption of cloud computing, users are logging into more internet-based systems. How can your company reduce risk to social engineering? The FFIEC states, “Controls against these attacks [social engineering] involve strong identification po...