Products
Products
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
Free Tools
Free Tools
Build Resilience
Create Transparency
Speed Response

Cofense Phishing Prevention & Email Security Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Power Splunk with Cofense Triage Phishing Indicators

June 28, 2021 by Cofense in Phishing

By Mike Saurbaugh Security and operational technology teams rely on the data in Splunk. It’s also central to critical data used to make business decisions. Regardless of the industry, phishing spares no one. Cofense Triage is a phishing-specific solution to collect and analyze employee-reported phishing emails received by the security operations team (SOC). It makes perfect sense to take all this enriched phishing data and feed it to Splunk for additional reporting and response actions. Enhanced APIs Automate Collection and Indexing Cofense Triage accelerates phishing email analysis, investigation and response by cutting through the noise automatically and surfacing the real...

READ MORE

Is Less Really More for Email Security?

June 23, 2021 by Cofense in Phishing

By Mark Zigadlo, Cofense According to Verizon’s Data Breach Report, 96% of breaches start with a phishing email. Though not news to us at Cofense, the statistic is still alarming. This got me thinking about some of the reasons Cofense customers, myself included, have been largely insulated from ransomware, business email compromise (BEC), credential phishing and other such attacks. While I was reviewing the Threat Policies in the Office 365 Security and Compliance center (what you get as part of your E5 license) in advance of my upcoming Mimecast renewal, I learned that all of the same security controls I was currently leveraging...

READ MORE

Domain Doppelgangers: Your Good Name as Phishing Bait?

June 15, 2021 by Cofense in Phishing

Does your company have an evil twin on the web? Threat actors may be leveraging a lookalike version of your company’s name to deliver malware through phishing that plays off your brand. Say the company name is Cofense, with the internet domain name cofense[.]com. What would happen if someone registered a copycat domain name using, for example, Confense, with the domain confense[.]com? Wouldn’t the search engine just route users to the real deal, or wouldn’t it be obvious quickly that the name was misspelled?    Cofense, Confense. Big deal, right? Wrong. Here’s why.   Every day, attackers are busy registering lookalike, or doppelganger, domains that mimic reputable brands to lure users through phishing emails, malware delivery and more. The domains are designed to trick users into believing they’re...

READ MORE

Power Splunk with Cofense Triage Phishing Indicators

June 28, 2021 by Cofense in Phishing

By Mike Saurbaugh Security and operational technology teams rely on the data in Splunk. It’s also central to critical data used to make business decisions. Regardless of the industry, phishing spares no one. Cofense Triage is a phishing-specific solution to collect and analyze employee-reported phishing emails received by the security operations team (SOC). It makes perfect sense to take all this enriched phishing data and feed it to Splunk for additional reporting and response actions. Enhanced APIs Automate Collection and Indexing Cofense Triage accelerates phishing email analysis, investigation and response by cutting through the noise automatically and surfacing the real...

READ MORE

Is Less Really More for Email Security?

June 23, 2021 by Cofense in Phishing

By Mark Zigadlo, Cofense According to Verizon’s Data Breach Report, 96% of breaches start with a phishing email. Though not news to us at Cofense, the statistic is still alarming. This got me thinking about some of the reasons Cofense customers, myself included, have been largely insulated from ransomware, business email compromise (BEC), credential phishing and other such attacks. While I was reviewing the Threat Policies in the Office 365 Security and Compliance center (what you get as part of your E5 license) in advance of my upcoming Mimecast renewal, I learned that all of the same security controls I was currently leveraging...

READ MORE

Domain Doppelgangers: Your Good Name as Phishing Bait?

June 15, 2021 by Cofense in Phishing

Does your company have an evil twin on the web? Threat actors may be leveraging a lookalike version of your company’s name to deliver malware through phishing that plays off your brand. Say the company name is Cofense, with the internet domain name cofense[.]com. What would happen if someone registered a copycat domain name using, for example, Confense, with the domain confense[.]com? Wouldn’t the search engine just route users to the real deal, or wouldn’t it be obvious quickly that the name was misspelled?    Cofense, Confense. Big deal, right? Wrong. Here’s why.   Every day, attackers are busy registering lookalike, or doppelganger, domains that mimic reputable brands to lure users through phishing emails, malware delivery and more. The domains are designed to trick users into believing they’re...

READ MORE

Remote Access Trojan Uses Sendgrid to Slip through Proofpoint

August 14, 2019 by Marcel Feller in Phishing Defense CenterProofpointSEG Misses

The CofenseTM Phishing Defense CenterTM observed a malware campaign masquerading as an email complaint from the Better Business Bureau to deliver the notorious Orcus RAT, part of the free DNS domain ChickenKiller which we blogged about in 2015. Here’s how it works:

READ MORE

This Phishing Attacker Takes American Express—and Victims’ Credentials

July 16, 2019 by Milo Salvia in Phishing Defense CenterInternet Security AwarenessMicrosoft 365 ATP

Recently, the CofenseTM Phishing Defense CenterTM observed a phishing attack against American Express customers, both merchant and corporate card holders. Seeking to harvest account credentials, the phishing emails use a relatively new exploit to bypass conventional email gateway URL filtering services.

READ MORE

Houdini Worm Transformed in New Phishing Attack

June 14, 2019 by Cofense in Threat IntelligencePhishing Defense CenterSEG MissesSymantec

By Nick Guarino and Aaron Riley The Cofense Phishing Defense Center™ (PDC)  and Cofense Intelligence™ have identified a new variant of Houdini Worm targeting commercial banking customers with campaigns containing either URLs, .zip, or .mht files. This new variant is named WSH Remote Access Tool (RAT) by the malware’s author and was released on June 2, 2019. Within five days, WSH RAT was observed being actively distributed via phishing. Figure 1 shows an example message from this campaign.

READ MORE

The Zombie Phish Is Back with a Vengeance

June 4, 2019 by Milo Salvia in Phishing Defense CenterSEG MissesSymantec

Keep a close on your inboxes—the Zombie Phish is back and it’s hitting hard. Last October, on the eve of Halloween, the CofenseTM Phishing Defense CenterTM reported on a new phishing threat dubbed the Zombie Phish. This phish spreads much like a traditional worm. Once a mailbox’s credentials have been compromised, the bot will reply to long-dead emails (hence, Zombie) in the inbox of the infected account, sending a generic phishing email intended to harvest more victims for the Zombie hoard.

READ MORE