News & Blog

Our stories.

Updated User Guide - v4.2

Updated User Guide highlighting the new platform features. New Template Library and Template Editor Functionality

EY Global Information Security Survey - 2018

EY is a global leader in in assurance and advisory services. For several decades EY has been conducting a Global Information Security Survey (GISS). The 2018 security survey from EY provides some valuable insight into the cybersecurity threat. Cyb

Symantec Internet Security Threat Report 2018

The Symantec Internet Security Threat Report continues to be a valuable resource for companies to understand current threat vectors. The report highlights current threats and provides specific statistics related to these threats.

PhishingBox Launches ‘Phishing Reply Tracking’ Feature

PhishingBox launches 'Phishing Reply Tracking' to combat against CEO Fraud and Business Email Compromise phishing scams to help companies spot these attacks and allow them to deploy the necessary employee training and awareness to lower risk.

Phishing Alert - The Domain Name Renewal Scam

The PhishingBox team has recently noticed a surge in phishing scams related to renewing domain names, web/email hosting, etc., and we want to give some insights on ways to identify the scam and protect yourself from falling victim.

New Position: Account Manager

We are accepting applications for a full-time Account Manager, to work alongside the existing sales team in Lexington, KY. Experience in sales is required. Technology or software sales experience is a plus, but not required.

APWG Phishing Activity Trends Report | 4th Quarter 2016

The APWG Phishing Activity Trends Report for 4th Quarter 2016 indicates that the total number of phishing attacks in 2016 was 1,220,523, which is a 65% increase over 2015. Phishing activity in early 2016 was the highest ever recorded by APWG since i

Ransomware Completely Shuts Down Ohio Town Government

The Licking County government offices in Ohio, including the police force have been shut down by ransomware. It's clear that someone in the office caught a bug in a phishing scam or by downloading it and now their servers are locked up.

Social Engineering Attacks Keep Evolving

Internet fraud has been around for just about as long as the Internet itself.  According to a Kaspersky Lab 2016 Report, each year, cybercriminals come up with new techniques and tactics to fool their potential victims.  Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc.  The aim of these emai...

Verizon Data Breach Investigations Report (DBIR) 2016

The Verizon Data Breach Investigations Report (DBIR) highlights key information related to social engineering. In its ninth year of publication, the “Verizon Data Breach Investigations Report” analyzes more than 2,260 confirmed data breaches.

Advanced Persistent Threat (APT) Kill-Chain

According to Netswitch Technology Management, the Advanced Persistent Threat (APT) kill-chain looks like the following: Social Engineering: Identify individuals that have the needed access privileges. Spear Phishing: Attackers send spoofed e-mails with malicious links to download malware and infect high-value employee machines. Malware Infection: malware is downloaded on a system within ...

The Six Steps of an APT Attack

To improve your cyber security and successfully prevent, detect and resolve advanced persistent threats, you need to know how APTs work: The cyber-criminal or threat actor gains entry through an e-mail, network, file or application vulnerability and inserts malware into an organizational network. The network is considered compromised, but not breached. The advanced malware probes for addit...

Advanced Persistent Threats

Advanced Persistent Threat (APT) campaigns comprise a growing part of the current threat landscape. Some APT campaigns remain active, in fact, even after drawing extensive media attention. APT Campaign routines may vary over time but their primary goal remains the same – to gain entry to a target organization’s network and obtain confidential information.There are two ways to look...

Spear Phishing

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or website with a broad membership base, such as eBay or PayPal. In the case of spear phishing, the apparent source of t...


Phishing is the attempt to acquire sensitive informative such as usernames, passwords and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. Phishing is the illegal attempt to acquire sensitive information for malicious reasons.Traditional phishing attacks are usually conducted by sending malicious e-mails to as many people...

Anti-Phishing Work Group Phishing Trends

Semi-annually, the Anti-Phishing Working Group (APWG) publishes the Phishing Activity Trends Report. These reports address phishing trends and underscore the significance of phishing by quantifying the scope of the global phishing problem.Key findings in the APWG Phishing Trends Report for Q4 2015: The Retail/Service sector became the most-targeted industry sector in the fourth quarter...

Symantec Internet Security Threat Report: 2016

The Symantec Internet Security Threat Report includes vast information on security related issues. Spam, phishing and malware data are captured through a variety of sources. These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze and provide informed commentary on emerging trends in attacks, malicious code activity, phishing and spam. The annual ...