Phishing
SOC | 4 min read
Stories from the SOC: The curious case of termination noticesOur new "Stories from the SOC" series shares real-world attacks we've seen and stopped. This one covers a phishing attack on a university.
Threat intel | 6 min read
Cache smuggling: When a picture isn’t a thousand wordsWe recently observed an innovative campaign using the ClickFix attack tactic for cache smuggling. Here's what you need to know.
SOC | 3 min read
Stories from the SOC: When threats come from inside the houseMDR email coverage is more than just flagging spam to contain threats. Here's what happens when malicious emails come from within an org.
Rapid response | 4 min read
Phishing in Teams: the new ransomware frontlineExpel's SOC has seen a spike in Microsoft Teams phishing messages. Here's what you need to know and how to stop it.
Threat intel | 5 min read
Expel Quarterly Threat Report, Q1 2025: Cloud-based service trendsVolume II of our Q1 2025 Quarterly Threat Report summarizes key findings for cloud-based services. Learn what to focus on right now.
Product | 2 min read
Expel launches proactive defense for email threatsExpel's new integrations expand our comprehensive MDR coverage against phishing, business email compromise (BEC), and inbox-based attacks.
Data & research | 2 min read
It’s here: Expel’s 2025 Annual Threat ReportThis year’s Annual Threat Report describes the major attack trends we saw last year, advice to safeguard your org, and predictions for 2025.
MDR | 10 min read
Beware QR code phishing, subscription bombing, and other Grinchy scams this holiday seasonDon't let cyber Grinches steal your holidays. Be aware of phishing scams targeting your data and credentials this season.
Current events | 2 min read
A secure world is built together: closing out Cybersecurity Awareness MonthIt's the end of Cybersecurity Awareness Month, but these resources are useful every month of the year to enhance resilience and stay secure.
Data & research | 3 min read
Expel Quarterly Threat Report Q3 2024, volume IV: Suspicious infrastructure from phishing-as-a-service (PhaaS) platformsVolume IV of our Q3 2024 Quarterly Threat Report focuses on phishing-as-a-service (PaaS). Learn what to focus on right now.
Data & research | 2 min read
Expel Quarterly Threat Report, volume I: Q3 2024 by the numbersVolume I of our Quarterly Threat Report summarizes key findings and stats from Q3 of 2024. Learn what to focus on right now.
Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume IV: Phishing trendsPhaaS platforms make phishing easy. In this volume in our series, we share what these are, how they work, and how they can be counteracted.
Data & research | 3 min read
Expel Quarterly Threat Report Q2 2024 volume II: Attackers advance with AIVolume II of our Quarterly Threat Report covers how attackers are advancing with AI in Q2 of 2024. Learn what to focus on right now.
MDR | 3 min read
How phishing threat actors are using AI: a real world exampleOur phishing team intercepted an email that appears to contain AI-generated code. Here's what it can teach you.
Current events | 2 min read
Beware this new-ish attacker tactic: QR code attacksThere’s been an increased use in QR codes driving users to malicious URLs, aka qishing. Here’s how to avoid it.
Rapid response | 2 min read
Security alert: Okta “support user” data theftOkta recently determined an attacker stole user support system info in October 2023. Here’s what Okta customers need to do right now.
Product | 5 min read
How we built it: the app that gives our analysts more time to fight cyber evilAuto-close marketing emails is a feature that frees up time for our analysts and offers insights into app development using machine learning.
Data & research | 3 min read
Expel 2023 Q3 Quarterly Threat Report: the top five findingsThe 2023 Q3 Quarterly Threat Report findings are based on incidents our SOC identified. Here are a few of the top trends.
Current events | 4 min read
AiTM attacks and business email compromise attacks: what to watch forAttackers commonly defeat MFA by using credential harvesters for an AITM attack. Here's advice on how to short-circuit it.
MDR | 3 min read
How phishing opens the door to business email compromiseBusiness email compromise shares similarities with phishing emails, but the two are distinct in some important ways. Here's what's different.
Current events | 3 min read
Customer context: beware the homoglyph attackHomoglyph attacks trick users with lookalike characters (ạ vs. a). Learn why human eyes don't notice. Automation is the only real defense.
Current events | 2 min read
How we spotted it: A Silicon Valley Bank phishing attemptWe’re starting to spot fraud attempts in the wake of SVB’s collapse. Learn how we spotted one attempt through a custom detection.
MDR | 4 min read
Attacker-in-the-middle phishing: how attackers bypass MFAA new "attacker-in-the-middle" (AitM) phishing tactic can end-run your MFA defenses. Get our analysis and learn how to protect your org.
MDR | 12 min read
Detection and response in action: an end-to-end coverage storyThis dramatized case study illustrates how our MDR, phishing, and threat hunting services work, and most importantly, how they work together.
Rapid response | 6 min read
Incident report: how a phishing campaign revealed BEC before exploitationAfter 89 phishing alerts, we knew a large-scale campaign was underway. This case study walks you through what happened and how we responded.
MDR | 14 min read
MORE_EGGS and some LinkedIn resumé spearphishingThis post details how we recently detected and disarmed a clever LinkedIn resume spearphishing attack.
Rapid response | 5 min read
Attack trend alert: Email scams targeting donations to UkraineBad actors are using Ukrainian relief efforts for phishing scams. Learn how to spot them to ensure your donations help those in need.
Cloud security | 4 min read
Attack trend alert: AWS-themed credential phishing techniqueAttackers are phishing with fake AWS log-in pages. See how our crew identified and triaged a malicious email to protect a customer.
Expel culture | 8 min read
A new way to recruit: Our approach to building Expel’s Phishing teamSee how our focused Phishing team is designed to protect MDR service continuity while boosting diversity in cybersecurity.
Product | 4 min read
How we use VMRay to support Expel for PhishingSmart people and great tech tackle phishing. See how our analysts use VMRay to triage and analyze malicious emails from customers.
MDR | 5 min read
The top phishing keywords in the last 10k+ malicious emails we investigatedStop phishing attacks. Check out the top keywords attackers are using in emails, and learn our best recommendations for building resilience.
Data & research | 4 min read
Swimming past 2FA, part 1: How to spot an Okta MITM phishing attackIs your MFA safe? Learn how our SOC detected a new attack that bypassed multiple-factor authentication and get tips to stop phishing.
Product | 7 min read
Come sea how we tackle phishing: Expel’s Phishing dashboardGet a tour of Expel's Phishing dashboard. See how a senior UX designer developed it for our managed phishing service customers.
Product | 7 min read
Enhancing phishing protection: analyst & customer securitySafeguard your team. Learn how Expel's robust phishing protection measures secure analysts and customers against dangerous email threats.
Product | 2 min read
Introducing Expel for phishingIntroducing Expel for Phishing! Go beyond automated triage and find out how our new offering helps customers come up for air from endless phishing emails.