Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Here at Lookout, our Threat Intelligence Services teams work with a massive data set that enables them to proactively hunt for threats and conduct forensic investigations. While our findings are used to protect Lookout customers, we also pride ourselves in contributing to the cybersecurity community ensuring that everyone’s security and privacy are safeguarded.

True Login phishing kits are continuously being developed by threat actors to improve their TTPs in luring victims. By using true login kits, the phishing operators have a higher chance of making potential victims believe they are logging into the real website. True login kit developers are abusing publicly available APIs of the banking company to be able to query login information to be shown to potential victims, in turn luring the victim even further into the operations.

While remote work has many benefits, it can increase the risk of employees suffering from directed attention fatigue (DAF), where they find themselves unable to focus due to constant distractions. This is due primarily to isolation and the constant bombardment of emails and instant messages. In fact, one of the most worrying types of DAF for security professionals is email fatigue.

'Email is dead. It's a thing of the past.' In the IT industry, this statement, or something like it, is said regularly — usually corresponding with the rise of a new communication or collaboration platform. Each time this happens, it's prudent to remember a general rule around tools: as long as they retain specific advantages for the human beings using them, they generally endure.

In recent years the outbreak and spread of COVID-19 have left many people with fears and questions. With various medical opinions, news outlets spreading varied statistics, case number and death reports, and safety recommendations that varied between countries, states, cities, and individual businesses, people often felt desperate for information.

Many Gmail users were recently greeted with a message that alerted them that 2-step verification will be required to log into their accounts starting on November 9th (today). While many in the security community have been advising people to turn on 2-factor, 2-step, or any other secondary security method on every account as a way to protect the login process, the Twitterverse showed that many people were unhappy with Google’s implementation of this mandatory change.

I realized early on that if I didn’t teach my kids how to identify and avoid likely attacks on their laptops and phones, that no one would. Nevertheless, when I see an opportunity for a “teachable security moment” I grab it, and last week this mobile phishes appeared on my phone. I captured a screen shot to share with my children and we played a little “spot the phish” game, where they would point out all the things that made this text suspicious.