Cofense Logo - Email Security Solutions

Available Today: The Cofense Intelligence Q1 2020 Phishing Review

Share Now


By Mollie MacDougall, Cofense Intelligence

Today, Cofense Intelligence released its Q1 2020 Phishing Review. This report highlights key phishing trends uncovered by Cofense Intelligence analysts, who spend every day analyzing current phishing campaigns and producing actionable phishing intelligence. This intelligence keeps our customers proactively defended against emerging phishing tactics, techniques and procedures (TTPs). Our analysts focus on campaigns that reach enterprise user inboxes, and report on the TTPs designed to evade secure email gateways (SEGs) and other network defense technology.

Report Highlights

The first quarter of 2020 began with a continued seasonal lull in malware volume and ended with a drastic spike in the quarter’s last six weeks, as the COVID-19 virus evolved from emerging crisis to global pandemic. While Emotet volume overall was lower than expected, phishing campaigns leveraging COVID-19 and remote work themes surged in March 2020.

Figure 1: Credential phishing campaign that leveraged COVID-19

While the widespread use of ransomware has not returned to its peak, Cofense Intelligence analyzed targeted ransomware campaigns using themes that leveraged the global pandemic. Ransomware operators have also upped the ante on several campaigns, combining ransomware infection with a data breach and releasing sensitive data if ransom is not paid. This strategy has garnered a great deal of attention in recent headlines, as it further extorts organizations who are prepared to recover from ransomware campaigns and otherwise would not pay off their attackers.

Several campaigns discovered by Cofense Intelligence last quarter used trusted sources to evade perimeter defenses. Organizations rely on trusted platforms and services to conduct efficient business operations, and threat actors are eager to abuse these trusted services to compromise users. Cofense Intelligence has analyzed multiple campaigns that have used trusted sources as a part of the infection chain. These sources include, but are not limited to, cloud services, customer/employee engagement surveys, and third-party connections.

Read our Q1 2020 Phishing Review for more detailed trends identified by Cofense Intelligence and to see our phishing predictions for the  months ahead. Spoiler alert: phishing campaigns are likely to increasingly focus on the upcoming United States general election as well as the global pandemic and the work and lifestyle shifts it has precipitated. We also assess that ransomware campaigns will very likely continue to increase. Finally, we predict that Emotet will again resume phishing campaigns in Q2.

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.