Cofense Logo - Email Security Solutions
  • Stop Threats

    End-to-End Email Security

    Defend your organization with a complete email security solution designed to identify, protect, detect & respond to threats.

    Security Awareness Training

    Condition your workforce against today’s latest threats and transform them into your front line of defense.

    Global Intelligence Network

    Protect your organization with our deep analysis into the current threat landscape and emerging trends.

    Cofense vs. The Competition

    See why the Cofense Intelligent Email Security suite stands out against the competition 

    Business Email Compromise (BEC)

    BEC amounts to an estimated $500 billion-plus annually that’s lost to fraud. Ensure your business is protected.

    Ransomware & Malware

    Phishing is the #1 attack vector for ransomware attacks. Stop phishing attacks in their tracks.

    Credential Theft

    Protect your user’s credentials and avoid a widespread, malicious attack.

  • Solutions

    Email Security for the Enterprise

    Complete threat protection, detection and response tailored for enterprise businesses.

    Email Security for the Mid Market

    Security awareness training + email security protection purpose-built for your mid-market organizations.

    Email Security for Managed Service Providers (MSPs)

    Best-in-Class Phishing Protection and Simulations designed for MSPs, from the ground up.

    Managed Email Security Solutions

    Protect your organization from attacks with managed services from the Cofense Phishing Defense Center™.

    Detect and Stop Attacks

    Automatically identify and quarantine email threats across your organization in minutes.

    Analyze & Remediate Reported Threats

    Accelerate threat detection and response, empowering fast resolution.

    Actionable Insight into Emerging Threats

    Protect your organization with our deep analysis into the current threat landscape and emerging trends.

    Security Awareness Training

    Condition your workforce against today’s latest threats and transform them into your front line of defense.

    Security Awareness Training + Threat Protection

    Growing companies can get protection, realistic simulations and security awareness training all in one platform.

    Easily Report Suspected Threats

    Report suspicious threats with just one click.

    Empower Your Team

    Train employees through an with award-winning Learning Management System.

  • Clients

    Industries We Serve

    Businesses from all industries rely on Cofense to safeguard their teams.

    What Our Customers Say

    Global organizations trust Cofense to protect their most critical assets.

  • Resources

    Knowledge Center Hub

    Check out our resource library of solution content, whitepapers, videos and more.

    Events & Webinars

    Come see us at a local event or join us at an upcoming webinar.

    Blog

    Stay current on cybersecurity trends, market insights and Cofense news.

    Check Your SEG

    See the real threats that are currently evading your Secure Email Gateway (SEG).

  • About

    About Cofense

    Cofense stops email security threats and protects your company through our network of 35+ Million human reporters.

    News Center

    See the latest articles, press releases and more in our news center.

    Awards

    It’s an honor to be recognized in the cybersecurity market. Check out our recent awards.

    Partners

    Grow your business, drive new revenue streams, and improve your competitive posture through our Partner Program.

    Careers

    We’re looking for passionate people to join us in our mission to stop all email security threats for organizations around the globe.

    Management Team

    Get to know our management team.

Get a Demo

Beware of File-Share Phish

Share Now

Facebook
Twitter
LinkedIn

By Kyle Duncan, Cofense Phishing Defense Center

There will always be a document to sign or a file to share. With the pandemic still raging and employees resorting to a work-from-home lifestyle, file shares provide a reasonably safe and effective way to get a document from one person to another. Threat actors have taken notice, as seen by the Cofense Phishing Defense Center with the discovery of fraudulent file-share emails to deceive users. In this campaign, the threat actor has taken steps to appear as a trusted contact.

Figure 1: Email Body

The email seen in Figure 1 originated from a compromised account. Judging from the domain of the email, the user, “Harvey,” is in the same career field as the recipient. Presumably the threat actor sent this phish email to contacts in the compromised user’s account. Sending malicious emails to contacts through a compromised account allows the threat actor to abuse contacts’ trust while bypassing SPF and/or DKIM checks. These counter address spoofing but not a compromised account, as is the case here.

The email body is typical of any other file-share email. Under the file-share box is the contact detail information for the compromised user, including their name, role, phone number and a confidentiality notice to lend legitimacy to the email.

Hovering over the “View Shared Documents” button in the email shows that the intended destination is to a Piktochart presentation. However, this is not an original tactic. In fact, the use of third-party hosting sites such as Piktochart to host malicious pages has become increasingly common as the services are generally free and are rarely blocked by SEGs.

Figure 2: Phishing Page

When the link is clicked, users are redirected to the Piktochart presentation seen in Figure 2. On this page is another declaration of the compromised user’s company sharing a secured document followed by a reiteration of the name, title, and contact information of the sender seen in the email previously. Notably there is a discrepancy between the name of the person who published this Piktochart document and the name of the sender – a loose end the threat actor seems to have overlooked.

Hovering over the PDF icon reveals the destination address:

hXXps://buiewrsd[.]tk/%23%24%25%5E%26