Whalebone

23/04/2026

This week on 🔎🐳

We uncovered yet another large-scale phishing campaign impersonating popular courier services across Europe.

Attackers are sending fake delivery messages that lead users to convincing websites, asking them to reschedule a package and pay a small fee.

What looks like a minor charge is often the first step to capturing personal and payment details, including authentication codes.

Read the full analysis to see how it works and what to watch for.👇

https://eu1.hubs.ly/H0tKvfX0

More findings next week. Stay safe.

20/04/2026

Cyber threats in North America are changing fast, and telcos are in a stronger position than many realize. 🚨

In our webinar tomorrow, Robert Sefr will unpack the attack patterns operators should be watching, how the market for built-in network security is maturing across the US and Canada, and why this is becoming a serious growth opportunity – not just a defensive play.

The session is informed by threat intelligence from more than 30 billion blocked threats in 2025 and direct market experience from North American operators.

Join us if you want a clear, commercial view of where telco cybersecurity is headed next.

Register now: https://eu1.hubs.ly/H0t5ZHx0

13/04/2026

North American telcos do not need to repeat mistakes other operators have already made. 🌍

Some lessons are expensive. Slow launches, weak positioning, and low adoption are three of them.

On April 21 at 12 PM ET, Whalebone CTO Robert Sefr will share what operators in the US and Canada can learn from European telcos, where the North American market differs, and what teams should prioritize if they want stronger results from day one.

Practical takeaways. No theory for theory’s sake.

Register here: https://eu1.hubs.ly/H0t5Y_t0

09/04/2026

This week on 🔎🐋

We detected and blocked a phishing domain imitating Swedbank Lithuania.

This domain was not new to us – it has already been used in past phishing campaigns targeting Lithuanian e-government services (ePaslaugos).

Threat actors often reuse what has worked before, which makes tracking domain history an important part of staying ahead.

DNS-level protection remains a critical control point. 🛡️ By blocking newly registered and suspicious domains at resolution – before users even reach the page – the risk of stolen credentials is significantly reduced.

More findings next week. Stay safe.

08/04/2026

The strongest security services are not always the most complex. They are the ones customers understand, trust, and actually use. 📱

In this webinar, Robert Sefr will look at what matters most in North America right now – no-installation protection, family coverage, fraud prevention, and a service model that is easy to launch and easy to explain.

For telcos, the question is not whether cybersecurity matters. The question is which offer customers will adopt.

Join us on April 21 at 12 PM ET for a practical discussion shaped by real operator experience from the US and Canada.

Save your spot: https://eu1.hubs.ly/H0t5Ycj0

02/04/2026

This week on 🔎🐋

We recently identified and blocked a cluster of domains impersonating Vietcombank, one of the Vietnam’s largest and most established banks.

All domains replicate the Vietcombank login interface. The phishing flow is split into two pages:

1️⃣ A fake login prompting users to submit banking credentials
2️⃣ A “registration” page requiring an uploaded scan of a national ID

The objective is clear – harvest both account access and identity documents in a single campaign.

Cloned banking portals combined with ID collection significantly increase fraud impact, enabling account takeover and identity abuse. Early DNS-level disruption prevents both.

Whalebone was the first to block this particular threat. 🛡️

01/04/2026

Connectivity is no longer enough. North American telcos are now expected to help protect customers, too. 🛡️

That shift creates real pressure, and a real business opening.

On April 21 at 12 PM ET, Whalebone CTO Robert Sefr will break down how the telco cybersecurity market is taking shape across the US and Canada, what customers expect from built-in protection, and where operators can win with services that are simple, credible, and commercially sound.

This session is based on operator research, field experience from North America, and insight from more than 30 billion blocked threats in 2025.

Join us: https://eu1.hubs.ly/H0t5Wlk0

Join Robert Sefr as he discusses the evolving cybersecurity landscape for North American telcos, focusing on market trends, customer expectations, and successful service launches.

26/03/2026

This week on 🔎🐋

We detected and blocked a 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗱𝗼𝗺𝗮𝗶𝗻 𝗶𝗺𝗶𝘁𝗮𝘁𝗶𝗻𝗴 𝗪𝗲𝗹𝗹𝘀 𝗙𝗮𝗿𝗴𝗼 𝗩𝗮𝗻𝘁𝗮𝗴𝗲.

Attackers increasingly target corporate banking portals, where a single compromised account can lead to high-value transactions, invoice fraud, or internal lateral movement.

DNS-level protection remains a critical control point 🛡️

By blocking newly registered and suspicious domains at resolution – before credentials are entered – exposure is significantly reduced.

More findings next week. Stay safe.

19/03/2026

This week on 🔎🐋

Our analysts identified and blocked a 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗱𝗼𝗺𝗮𝗶𝗻 𝗶𝗺𝗽𝗲𝗿𝘀𝗼𝗻𝗮𝘁𝗶𝗻𝗴 𝗡𝗶𝗴𝗲𝗿𝗶𝗮’𝘀 𝗙𝗶𝗱𝗲𝗹𝗶𝘁𝘆 𝗕𝗮𝗻𝗸.

At first glance, the site looked like a standard online banking portal. In reality, it was built for one purpose – 𝗰𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹 𝗵𝗮𝗿𝘃𝗲𝘀𝘁𝗶𝗻𝗴.

In cases like these, attackers rely on speed – register, deploy, harvest, abandon. By the time traditional blocklists react, the domain may already be offline.

👇

This is where DNS-level protection makes the difference.🛡️ Detecting and blocking suspicious domains at the moment of activation – before users interact with them – reduces exposure significantly.

Stay tuned for next week’s findings – and stay safe.

16/03/2026

A strong cybersecurity product can still fail for one simple reason – nobody knows how to sell it. 🧩

Tomorrow, on March 17 at 1:00 pm, we are hosting Paul Miedl (Telefónica Germany) to talk through the ex*****on side of cybersecurity portfolio strategy – the decisions and mechanics that turn “a good idea” into adoption.

We will unpack:

– How O2 chooses cybersecurity investments alongside other digital services
– How they turn protection into an offer people understand and buy
– How sales teams get the playbook – segment, offer, moment, message
– What makes a cybersecurity offer sustainable over time, not just a launch spike

30 minutes + 5 minutes Q&A. ⏱️

Register free: https://eu1.hubs.ly/H0s3LTk0

12/03/2026

This week on 🔎🐋

We were the first to block a malicious domain impersonating the login page of Erste Bank Crna Gora.

The site replicated the bank’s NetBanking interface and prompted users to submit token credentials, targeting online banking access.

Fresh, low-reputation domains continue to be used to clone legitimate banking portals and capture authentication data. Early DNS-level blocking disrupts the attempt before credentials are exposed. 🛡️