PhishMe Unveils New Features to Address APT at RSA 2013

CHANTILLY, Va., Feb. 21, 2013 — PhishMe Inc., the leading provider of security behavior management services that improve employees’ resilience towards spear phishing, malware, and drive-by attacks, today announced the availability of several new features based on patent pending technologies. These new additions include: PhishMe’s Highly Visible Targets Identifier, Benchmarking, and a new simulation type, the Double Barrel, or the ability to emulate an interactive attacker engaged in conversational phishing using multiple messages.

PhishMe Appoints Nick Lantuh to Board of Directors

CHANTILLY, Va., Feb. 14, 2013 /PRNewswire/ — PhishMe Inc., today announced the appointment of Nick Lantuh to its Board of Directors. PhishMe Inc. offers a turnkey service that helps improve employee behavior in responding to targeted phishing, malware, and drive-by attacks – the most common methods used to compromise corporate and government networks today.

PhishMe’s 2013 RSA Conference Preview

PhishMe (along with our giant bowl of Swedish Fish) will be attending the RSA conference this month for the second time, and we’re pretty excited to be returning to the City by the Bay. We’ve grown a lot since last year’s conference, and this year provides us with a chance to show off how PhishMe has evolved – both as a product and company.

Who better to help us preview our first big event of the year than our founders, CEO Rohyt Belani and CTO Aaron Higbee? I conducted short interviews with each outlining what they are looking forward to, not only about returning to the conference but also about visiting San Fran itself.

Planes, Trains, Automobiles and… Spear Phishing?

With 2013 upon us, it will be a busy year at PhishMe, as we are already scheduled to appear at around 70 events. That means another year of heavy traveling for our sales and marketing team. While it’s definitely exciting to visit new places and introduce new people to PhishMe, as with anything else in life, there are risks involved. Does your organization have employees that travel frequently? If so, they are probably being targeted by phishers.

12 Days of Phishless Christmas recap

Happy Day After Christmas everyone! Thankfully the world didn’t end last Friday, and we were able to finish the 12 Days of Phishless Christmas campaign. Hopefully you are spending today on the couch nursing your eggnog and Christmas cookie hangover, out at the mall returning that Cosby sweater your Aunt gave you, or getting ready to watch the Little Caesar’s Bowl.

Phishless Christmas Halfway Point Update

We’re at the halfway point of our 12 Days of Phishless Christmas campaign, and we have been having a great time interacting with our followers while also raising money for some great charities. We’d like to recognize our first five winners, as well as the charities they have chosen for their donations.

On the first day of Phishless Christmas, PhishMe gave to me…

It’s been an excellent year for us all here at PhishMe, and to celebrate the holidays and give thanks, we’re giving our followers a chance to earn money for charity through what we are calling the 12 Days of Phishless Christmas. Starting Friday, December 14, and continuing each day until Christmas Day, we’ll be tweeting every day with a new opportunity for our followers to win a donation to charity in their name.

Cyber Monday phishing scams could affect the workplace

If you’re like me, then the idea of fighting the midnight crowds on Black Friday holds limited appeal, even if it means getting an 80% discount on a big screen TV. But thanks to Cyber Monday, people can get ridiculous deals without peeling themselves away from their computers – or offices.

Presidential Phishing Scams: Examining Voter Vulnerability

With emotions running high during election season, an email with the name Romney or Obama in the subject line could make even an experienced user click on a malicious link. Spammers are taking advantage of the Presidential election buzz and using malware-laden emails to target users. Many of these emails don’t have any visible consequences, so users may not even realize when malware is infiltrating their personal computers or mobile devices. But what about the potential danger this malware can bring into your workplace from these spear phishing scams?

Anatomy of a vulnerability based spear phishing attack

Anatomy of a vulnerability based phishing attack
This week SC Magazine named  the Chrome vulnerabilities the Threat of the month.  So, how would an attacker use this vulnerability in a spear phishing scam you ask?

They know their audience

Advanced threats know who they want to target, it doesn’t matter that your Skype handle is @kukubunga998 – they know you work for the organization they are targeting.  They also deduce (the same way a marketer does) that you are a Chrome user, or that you have it installed for some reason or another.  They know that your organization is big on BYOD but still has IE 9 as it’s default browser (ie. they may not be paying attention to Chrome).

They set the trap

It could be “Critical Chrome Update required”, or “Click here to view the best new twitter app” or “best new home brew formulas” – again they know you, the email will be crafted to you, not to the person in the cube next to you.

You respond

You follow the link, phew you are using IE!  Do you really think they didn’t think about this already?  The page says “We’re sorry, our application only works with Google Chrome, please reopen this page in Google Chrome or click here to download it”.  You do as instructed because it is Google Chrome, the best and most secure browser on the interwebs, right?  Poof – you’re owned, best part is that you don’t know it – they follow through on the promise that the email made, you are none the wiser and now you, your personal data, and your organization’s data are at risk.

Seems a bit too easy, right?  Protect yourself, protect your customers and protect your organization – knowledge is power (Sir Francis Bacon).