Cofense Phishing Prevention & Email Security Blog

Claim Your Phish Now

Home Buyers Beware – Tax-Themed Phish Hosted on Typeform

Computer Based Training: More of a Good Thing for More Audiences

For many businesses, security awareness training is a regulatory requirement. When this training must be computer based (CBT) and SCORM-complaint, as well as fresh and relevant with best-in-class simulation, where do you go? On a tight budget and not ready to engage a new vendor? Cofense can help. The Cofense Security Awareness Library has been updated with a clean new look for an improved learner experience in the latest (v6) edition of CBFree. Look for 18 new CBT modules in English, with other languages, including Arabic, coming later this year. The new modules are available now for SCORM delivery. For current,...

Cofense Acquires Cloud-Native, AI-Based Email Security Provider Cyberfish

The future of email security…today Today, Cofense announced the acquisition of Cyberfish Security, an email security startup provider of next-generation phishing protection powered by Computer Vision and advanced artificial intelligence (AI) technology. The combination of Cofense’s automation and phishing intelligence from over 26 million human reporters around the world and Cyberfish’s cloud-native AI-based protection technology will eliminate the need for legacy, expensive and slow-to-deploy email security solutions. Computer Vision Sees the Threat The powerful combined solution will leverage artificial intelligence and crowd-sourced data to protect, detect and respond to email attacks ensuring that they are removed proactively from customer environments. The Cyberfish...

It Starts with a Phish

By Tonia Dudley Just as we were getting ready to put a bow on 2020, we were hit with the news of SolarWinds. Incident Response teams were barely coming up for air after the CISA advisory regarding Ryuk. Our incident response teams are exhausted. And now its Microsoft Exchange vulnerability affecting on-premises servers. While organizations have been migrating to hosted O365, there is still the need to maintain a hybrid model. Year after year, the annual Verizon Data Breach Investigations Report (DBIR) points to phishing as the top vector leading to a breach. While the past few months of incidents...

Beware of File-Share Phish

COVID 19 Vaccine Phishing Email: Can’t Vaccinate Against This Phish – Or Can You?

Cofense Intelligence ThreatHQ: Enabling Your Best Phishing Defense

“American Rescue Plan” Used as Theme in Phishing Lures Dropping Dridex

The Ryuk Threat: Why BazarBackdoor Matters Most

GuLoader Rises as a Top Malware Delivery Mechanism in Phishing

“You’re Invited!” to Phishing Links Inside .ics Calendar Attachments

Practice Makes Perfect

New Mass Logger Malware Could Be Massive

Zoom Phish Zooming Through Inboxes Amid Pandemic

Phishers Cast a Wider Net in the African Banking Sector

MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password

A Not So Relieving Tax Relief Email: Threat Actors Take Aim at US Stimulus Efforts

Claim Your Phish Now

Home Buyers Beware – Tax-Themed Phish Hosted on Typeform

Computer Based Training: More of a Good Thing for More Audiences

For many businesses, security awareness training is a regulatory requirement. When this training must be computer based (CBT) and SCORM-complaint, as well as fresh and relevant with best-in-class simulation, where do you go? On a tight budget and not ready to engage a new vendor? Cofense can help. The Cofense Security Awareness Library has been updated with a clean new look for an improved learner experience in the latest (v6) edition of CBFree. Look for 18 new CBT modules in English, with other languages, including Arabic, coming later this year. The new modules are available now for SCORM delivery. For current,...

Cofense Acquires Cloud-Native, AI-Based Email Security Provider Cyberfish

The future of email security…today Today, Cofense announced the acquisition of Cyberfish Security, an email security startup provider of next-generation phishing protection powered by Computer Vision and advanced artificial intelligence (AI) technology. The combination of Cofense’s automation and phishing intelligence from over 26 million human reporters around the world and Cyberfish’s cloud-native AI-based protection technology will eliminate the need for legacy, expensive and slow-to-deploy email security solutions. Computer Vision Sees the Threat The powerful combined solution will leverage artificial intelligence and crowd-sourced data to protect, detect and respond to email attacks ensuring that they are removed proactively from customer environments. The Cyberfish...

It Starts with a Phish

By Tonia Dudley Just as we were getting ready to put a bow on 2020, we were hit with the news of SolarWinds. Incident Response teams were barely coming up for air after the CISA advisory regarding Ryuk. Our incident response teams are exhausted. And now its Microsoft Exchange vulnerability affecting on-premises servers. While organizations have been migrating to hosted O365, there is still the need to maintain a hybrid model. Year after year, the annual Verizon Data Breach Investigations Report (DBIR) points to phishing as the top vector leading to a breach. While the past few months of incidents...

Beware of File-Share Phish

COVID 19 Vaccine Phishing Email: Can’t Vaccinate Against This Phish – Or Can You?

Cofense Intelligence ThreatHQ: Enabling Your Best Phishing Defense

“American Rescue Plan” Used as Theme in Phishing Lures Dropping Dridex

“You’re Invited!” to Phishing Links Inside .ics Calendar Attachments

Practice Makes Perfect

Zoom Phish Zooming Through Inboxes Amid Pandemic

Phishers Cast a Wider Net in the African Banking Sector

MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password

A Not So Relieving Tax Relief Email: Threat Actors Take Aim at US Stimulus Efforts

Phishers Continue to Spoof WebEx

Want to simulate a holiday phish? This one’s from your friends at Emotet.

By Tonia Dudley Tis the season when organizations are looking to send out the year’s last phishing simulation. Often the Security Awareness team lands on a holiday theme – holiday party, holiday raffle, or even the fun ugly sweater lure. In the past, when I worked with teams to advance their phishing defense programs, I would recommend staying away from holiday themed scenarios. I’ll explain why in a moment. But my opinion has changed, thanks to the threat actors behind Emotet.

Trickbot Is Using Google Docs to Trick Proofpoint’s Gateway