Cofense Blog

Phishes Found in Proofpoint-Protected Environments – Week Ending May 24, 2020

Chronology of COVID-19 Phish Found in Environments Protected by Proofpoint During the Pandemic

Phishes Found in Proofpoint-Protected Environments – Week Ending May 17, 2020

MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password

New Phishing Scam Targets Teleworkers with Bogus Microsoft Teams Notification

Keeping You Ahead of Phishing Attacks with SEG-Evasion Based Threat Intelligence

Phishes Found in Proofpoint-Protected Environments – Week Ending May 10, 2020

A Not So Relieving Tax Relief Email: Threat Actors Take Aim at US Stimulus Efforts

Phishers Continue to Spoof WebEx

Staff Members’ Inbox Positive for Coronavirus Themed Phish

MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password

A Not So Relieving Tax Relief Email: Threat Actors Take Aim at US Stimulus Efforts

Phishers Continue to Spoof WebEx

Available Today: The Cofense Intelligence Q1 2020 Phishing Review

Coronavirus-Themed Phish Continue to Surge

Coronavirus Redefines the Phishing Threat Landscape

This Employee Satisfaction Survey is Not so Satisfying… Except for the Credential Phishing Actors Behind It.

Threat Actors Innovate to Exploit COVID-19, Delivering OpenOffice .ODP Attachments on a Shoestring Budget

Threat Actor Uses OneNote to Learn Credential Phishing and Evade Microsoft and FireEye Detection

Phishers Are Using Google Forms to Bypass Popular Email Gateways

Phishes Found in Proofpoint-Protected Environments – Week Ending May 24, 2020

Chronology of COVID-19 Phish Found in Environments Protected by Proofpoint During the Pandemic

Phishes Found in Proofpoint-Protected Environments – Week Ending May 17, 2020

MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password

New Phishing Scam Targets Teleworkers with Bogus Microsoft Teams Notification

Keeping You Ahead of Phishing Attacks with SEG-Evasion Based Threat Intelligence

Phishes Found in Proofpoint-Protected Environments – Week Ending May 10, 2020

A Not So Relieving Tax Relief Email: Threat Actors Take Aim at US Stimulus Efforts

Phishers Continue to Spoof WebEx

Staff Members’ Inbox Positive for Coronavirus Themed Phish

MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password

A Not So Relieving Tax Relief Email: Threat Actors Take Aim at US Stimulus Efforts

Phishers Continue to Spoof WebEx

Want to simulate a holiday phish? This one’s from your friends at Emotet.

By Tonia Dudley Tis the season when organizations are looking to send out the year’s last phishing simulation. Often the Security Awareness team lands on a holiday theme – holiday party, holiday raffle, or even the fun ugly sweater lure. In the past, when I worked with teams to advance their phishing defense programs, I would recommend staying away from holiday themed scenarios. I’ll explain why in a moment. But my opinion has changed, thanks to the threat actors behind Emotet.

Trickbot Is Using Google Docs to Trick Proofpoint’s Gateway

Remote Access Trojan Uses Sendgrid to Slip through Proofpoint

The CofenseTM Phishing Defense CenterTM observed a malware campaign masquerading as an email complaint from the Better Business Bureau to deliver the notorious Orcus RAT, part of the free DNS domain ChickenKiller which we blogged about in 2015. Here’s how it works:

Phishing Attackers Are Abusing WeTransfer to Evade Email Gateways

This Phishing Attacker Takes American Express—and Victims’ Credentials

Recently, the CofenseTM Phishing Defense CenterTM observed a phishing attack against American Express customers, both merchant and corporate card holders. Seeking to harvest account credentials, the phishing emails use a relatively new exploit to bypass conventional email gateway URL filtering services.

UK Banking Phish Targets 2-Factor Information

Under the Radar – Phishing Using QR Codes to Evade URL Analysis