About Cofense
About Cofense
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog


5 Cybersecurity Trends that Will Dominate 2020

December 20, 2019 by Aaron Higbee in PhishingThreat Intelligence

By Aaron Higbee, CTO, Cofense The threat landscape continues to evolve at a rapid pace, with new threat vectors emerging and increasing in sophistication. Which ones should you watch most closely as 2020 unfolds? Based on insights collected from our Cofense research teams, here are five trends we see dominating next year. Ransomware will continue becoming more targeted to reap more sizeable payouts. Many people are under the impression that ransomware is slowing down, but in reality it’s simply being used in a more targeted fashion. So many private and public organizations, as well as government entities, have been infiltrated...


This Phishing Attacker Takes American Express—and Victims’ Credentials

July 16, 2019 by Milo Salvia in Internet Security AwarenessMicrosoft 365 ATPPhishing Defense Center

Recently, the CofenseTM Phishing Defense CenterTM observed a phishing attack against American Express customers, both merchant and corporate card holders. Seeking to harvest account credentials, the phishing emails use a relatively new exploit to bypass conventional email gateway URL filtering services.


Houdini Worm Transformed in New Phishing Attack

June 14, 2019 by Cofense in Phishing Defense CenterSEG MissesSymantecThreat Intelligence

By Nick Guarino and Aaron Riley The Cofense Phishing Defense Center™ (PDC)  and Cofense Intelligence™ have identified a new variant of Houdini Worm targeting commercial banking customers with campaigns containing either URLs, .zip, or .mht files. This new variant is named WSH Remote Access Tool (RAT) by the malware’s author and was released on June 2, 2019. Within five days, WSH RAT was observed being actively distributed via phishing. Figure 1 shows an example message from this campaign.


The Zombie Phish Is Back with a Vengeance

June 4, 2019 by Milo Salvia in Phishing Defense CenterSEG MissesSymantec

Keep a close on your inboxes—the Zombie Phish is back and it’s hitting hard. Last October, on the eve of Halloween, the CofenseTM Phishing Defense CenterTM reported on a new phishing threat dubbed the Zombie Phish. This phish spreads much like a traditional worm. Once a mailbox’s credentials have been compromised, the bot will reply to long-dead emails (hence, Zombie) in the inbox of the infected account, sending a generic phishing email intended to harvest more victims for the Zombie hoard.


Jigsaw Ransomware Returns With Extortion Scam Ploys

January 23, 2019 by Cofense in Phishing Defense Center

By Lucas Ashbaugh Want to play a game? Jigsaw ransomware does, and it’s going to run you $400… or you could just download the free decrypter online. Jigsaw, featuring Billy The Puppet from Saw, was first released in 2016. It not only encrypts the victim’s files but deletes them at a continuously increasing rate until a payment in bitcoin can be confirmed against the bitcoin blockchain. Now, Jigsaw has been observed again, this time delivered through scam tactics. The Delivery Each email starts off with a ploy about how the threat actor somehow compromised the victim’s financial accounts. After shocking and...


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our Privacy Policy. By clicking ‘I Understand,’ you acknowledge and consent to our use of all cookies on our website.

Cookie settings

Below you can choose which kind of cookies you allow on this website. Click on the "Save cookie settings" button to apply your choice.

FunctionalOur website uses functional cookies. These cookies are necessary to let our website work.

OtherOur website places 3rd party cookies from other 3rd party services which aren't Analytical, Social media or Advertising.