About Cofense
About Cofense
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog


Phishing defense: do you know your capabilities?

December 19, 2017 by Cofense in Internet Security Awareness

As phishing continues to spread, executive teams across the globe are asking: “How well does our company recognize, report and respond to the threat?”


In 2018, learn to call attackers’ bluffs.

December 18, 2017 by Cofense in Internet Security Awareness

People often ask me about the future of phishing. What can we expect to see and how should we prepare?


PhishMe Reporter: 5 Reasons Why 10M Users Are a Big Deal

December 15, 2017 by Cofense in Internet Security Awareness

Okay, so it’s not billions of burgers. But when PhishMe Reporter® recently hit the 10 million mark—now deployed to 10 million end users’ work stations—the milestone was more than just a big number. A few reasons why:


Report: beware consumer scams that target users at work

December 14, 2017 by Cofense in Internet Security Awareness

Back in October, PhishMe® reported a Netflix email scam appearing in office in-boxes. Now our 2017 Phishing Resiliency and Defense Report confirms the danger: based on millions of simulated phishes across PhishMe customers, the study shows the most tempting workplace scams have a consumer flavor.


Free training bundle: help your users spot the top holiday scams.

December 12, 2017 by Cofense in Internet Security Awareness

The holidays are here and you know what that means. “Merry Phish-mas!” from every scammer who wants to bilk your business.


Locky-Like Campaign Demonstrates Recent Evolving Trends in Ransomware

December 7, 2017 by Cofense in Malware Analysis

Over the US Thanksgiving holiday, PhishMe Intelligence™ observed a recent ransomware campaign, Scarab, that shares some similarities in behavior and distribution with Locky. In this campaign, Scarab was delivered by the Necurs botnet, which made headlines due to its distribution of Locky, which was one of the most prolific ransomware families of 2016 and 2017. Like Locky, Scarab can encrypt targets via both online and offline encryption.


Here’s How Boards Should Measure Anti-Phishing Programs

December 6, 2017 by Cofense in Phishing

In board rooms across the globe, directors are asking the question, “How is phishing affecting the organization and are we able to handle the risks?”


URL Shorteners are the Fraudster’s Friend

November 21, 2017 by Heather McCalley in Malware Analysis

URL shorteners are a great tool to share a web address without a lot of typing. PhishMe Intelligence™ recently observed malicious actors using these services to evade security controls. They use these services to conceal the actual URL and bypass controls put in place to block known malicious domains.


Microsoft Word DDE Abuse Tactics Spreads to Locky, Trickbot, and Pony Malware Campaigns

November 21, 2017 by Mollie Holleman in Malware Analysis

In a recent Strategic Analysis, we outlined how malicious actors leveraged Microsoft Office’s Dynamic Data Exchange (DDE) protocol functionality to compromise victims with Chanitor malware within days of SensePost publicly disclosing the risks. PhishMe® has since observed the weaponization of this tactic to deliver other types of malware in several campaigns that support some of the most lucrative current online criminal operations.


“But It Looked Like It Came from IT!” – Focusing on Credential Phishing Trends

November 21, 2017 by Heather McCalley in Malware Analysis

Phishing websites are designed to steal usernames, passwords, and additional PII when unsuspecting victims are enticed to log in. Credential phishing intelligence is used to hunt, detect, and block access attempts to spoofed sites as well as to raise awareness about the latest tactics, techniques, and procedures used with credential and malware phishing campaigns. The new credential phishing feature from PhishMe Intelligence™ delivers additional information to help defend against credential-gathering attacks. The credential phishing intelligence is available via the PhishMe Intelligence API and portal. This blog is the first in a series about credential phishing in the enterprise. Credential Phishing...


Four Ways Phishing Has Evolved in 2014

August 20, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

Phishing isn’t exactly a new kid on the block. Phishing is one of the most common email-based threats. It is a tried and tested tactic that continues to deliver impressive results for cybercriminals. That’s why phishing continues to grow in popularity. In the month of June 2014 alone, phishing activities totaled $400 million in losses, which could be annualized at $102 million per year. While it has been around for years, phishing has evolved considerably and has increased in efficiency and effectiveness. In the last six months (as compared to 2013), we’ve seen several differences in the type, size and...


Small but powerful — shortened URLs as an attack vector

July 31, 2014 by Cofense in PhishingThreat Intelligence

Using tiny URLs to redirect users to phishing and malware domains is nothing new, but just because it’s a common delivery tactic doesn’t mean that attackers aren’t using it to deliver new malware samples. We recently received a report of a phishing email from one of our users here at PhishMe that employed a shortened google URL, and led to some surprising malware. Through the power of user reporting, we received the report, discovered the malicious nature of the shortened URL, and reported the issue to Google – all within a span of 30 minutes. Google reacted quickly and took...


The New GameOver Zeus Variant (newGOZ) Spams Again

July 22, 2014 by Cofense in Malware Analysis

Almost two weeks ago, PhishMe identified a new Trojan based almost entirely on the notorious GameOver Zeus variant. The new GameOver Zeus variant demonstrated many of the same behaviors and characteristics of the original. The most notable change between these two Trojans was the abandonment of the peer-to-peer botnet used by the older GameOver Zeus. Instead, the new variant used a new fast-flux infrastructure. However, much of the behavior—and malicious capabilities— of the original was retained in this newer form of the malware. Today, a large number of spam emails were received and analyzed by PhishMe in one of the...


Slava Ukraini: Dyre Returns

July 17, 2014 by Cofense in Threat Intelligence

It has been a few weeks since the original discovery of the Dyre malware, and the attackers have sent another wave of phishing. This time, the phishing campaign only went to one senior level individual within our enterprise.


Breaking: GameOver Zeus Mutates, Launches Attacks

July 10, 2014 by Cofense in Malware Analysis

Today, PhishMe’s analysts identified a new banking Trojan that is based heavily on the GameOver Zeus binary. The GameOver Zeus mutation was distributed as an attachment in three spam email templates, utilizing the simplest method of infection to compromise end users’ systems. The E-mail spam campaign From 9:06 AM to 9:55 AM we intercepted spam messages claiming to have been sent from NatWest Bank. One of the email messages used to distribute the new GameOver Zeus variant is listed below. As you can see, the message uses a common social engineering technique. It alerts the recipient to the risk of...


Attackers using Dropbox to target Taiwanese government

July 1, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

While we have previously mentioned cyber-crime actors using Dropbox for malware delivery, threat actors are now using the popular file-sharing services to target nation-states. According to The Register, attackers targeted a Taiwanese government agency using a RAT known as PlugX (also known as Sogu or Korplug). From an anti-forensics perspective, PlugX is a very interesting piece of malware. One of the main ways it loads is by using a technique similar to load order hijacking.


Dyre Banking Trojan: What You Need to Know

June 18, 2014 by Cofense in Threat Intelligence

Beware of the Dyre banking Trojan! – A new malware threat that steals financial information such as login credentials. News of rhe Dyre banking Trojan has been circulating the web recently, following its discovery. Dyre or Dyreza as it is also known exhibits classic banking Trojan behaviors such as using “man-in-the-middle” attacks to steal private information from victims. It is also being used on customers of certain banks in targeted attacks. PhishMe identified this new malware on June 11, 2014. The Trojan is distributed via spam email messages that used similar email templates to other banking Trojan and malware distribution campaigns. Rather...


Project Dyre: New RAT Slurps Bank Credentials, Bypasses SSL

June 13, 2014 by Cofense in Internet Security AwarenessThreat Intelligence

When analyzing tools, tactics, and procedures for different malware campaigns, we normally don’t see huge changes on the attackers’ part. However, in the Dropbox campaign we have been following, not only have the attackers shifted to a new delivery domain, but they have started to use a new malware strain, previously undocumented by the industry, named “Dyre”. This new strain not only bypasses the SSL mechanism of the browser, but attempts to steal bank credentials.


You’re infected! Ransomware with a twist

May 22, 2014 by Cofense in Ransomware

Your computer is infected! Pay $50 USD in order to remove the malware. The FBI has been tracking you for visiting inappropriate sites. Please pay $250 to avoid higher court costs and appearances. Ransomware is nothing new, and typically comes in many shapes and sizes. For years, users have been visiting websites, only to be redirected to a ransomware site and scared into paying fees that amounted to nothing more than lost money. With the advent of CryptoLocker, however, attackers have felt a need to “give” back to their victims. Once they infect a system and encrypt the data, they...


What we’re reading about the Chinese hacking charges

May 21, 2014 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

While the full implications from yesterday’s DoJ indictment of five Chinese hackers on charges of cyber crime are yet to be fully seen, these charges have already succeeded in elevating cyber crime from a niche discussion to an important debate in society at-large. Furthermore, just as last year’s APT1 report did, the court documents provide a detailed glimpse at the tactics China is using to steal trade secrets from the world’s largest corporations (not surprisingly, phishing continues to be the favored attack method). There has been a lot of media attention on this story, so we’ve put together a list...


PhishMe Technology Alliance Program Creates Integrated Ecosystem of World’s Leading Security Providers

March 2, 2016 by Cofense in Cofense NewsPhishingPress Releases

Join PhishMe at RSA 2016 (S1021) to Learn How Joint Customers Maximize Investments in FireEye, HP Enterprise, IBM, LogRhythm, Splunk, OpenDNS and Recorded Future LEESBURG, VA & SAN FRANCISCO — March 2, 2016—PhishMe® Inc., the leading provider of human phishing defense solutions, today announced the launch of the PhishMe Technology Alliance Program (TAP), comprised of an ecosystem of leading security providers and multiple, key technical integrations. The alliance provides joint customers with easy and effective integrations that strengthen security, improve operational workflow and manageability, maximize security investments and reduce the risk of falling victim to phishing-driven cyberattacks.


More Tax Time Scams

March 1, 2016 by Cofense in Phishing

Every year, attackers try to find some way to innovate and steal more money come tax time. Last year, attackers took advantage of e-filing, which led TurboTax to put a halt on all refunds due to a surge in fraudulent state tax returns. Here is a screenshot of a phishing email that the attackers are using to try and obtain W2’s for all employees: Be on the lookout for these types of scams! Snapchat recently fell victim to one of these scams and did the responsible thing by notifying the affected parties and called on the assistance of the FBI....


PhishMe Unveils Fully Integrated Phishing Defense Solution to Combat Multi-Billion Dollar Phishing Problem

March 1, 2016 by Cofense in Cofense NewsPhishingPress Releases

Human Conditioning, Intelligence and Incident Response Overcome Failing Automation Technology Patchwork LEESBURG, VA & SAN FRANCISCO — March 1, 2016— PhishMe® Inc., the leading provider of human phishing defense solutions, today announced during RSA Conference 2016 that it has fully integrated its powerful product suite comprised of Simulator, Reporter, Triage and Intelligence. The integration delivers customers with a comprehensive solution for attack identification, human-verified intelligence and incident response that turns employees into the most powerful line of defense against phishing. As the top attack vector in use today, spear phishing is responsible for more than 90 percent of all breaches...


PhishMe® Triage Integrates with Recorded Future’s® OSINT Platform for Investigative Incident Response

February 29, 2016 by Cofense in Phishing

Phishing Incident Response – Back to the Past, Present, and Recorded Future Attackers like to boast about their accomplishments as well as announce their plans. They leave trails of evidence across the open web just waiting to be discovered, if you’re looking in the right places. Similarly, as events occur, researchers and those attacked begin to share information. Employees within our organizations are a primary target of attackers with well-crafted spear phishing emails and some of which may stem from over sharing or whatever is personally newsworthy. Indicators of compromise (IOCs) help security teams in their incident response process. Has...


PowerPoint and Custom Actions

February 23, 2016 by Cofense in Phishing

We’ve recently observed a Phishing attack which uses PowerPoint Custom Actions instead of macros to execute a malicious payload. Although using PowerPoint attachments is not new, these types of attacks are interesting as they generally bypass controls that assert on macro enabled Office attachments.


Locky – New Malware Borrowing Ideas From Dridex and Other Ransomware

February 17, 2016 by Cofense in Phishing

On February 16, 2016, PhishMe’s Intelligence team identified a number of significantly large sets of emails delivering Word documents containing macro scripts used to download a malware payload. This malware delivery technique has been ubiquitous among many threat actors over the past year but has been most prolifically used by threat actors delivering the Dridex financial crimes trojan. The scope of Locky’s delivery in its first full day of deployment is staggering. As our friends at Palo Alto Networks have shown, over 400,000 endpoints around the world were affected by this encryption ransomware in mere hours. As we pointed out...


Dridex Experimenting with New Attack Vectors

February 10, 2016 by Cofense in Phishing

A few weeks ago, we posted an article about how Dridex is experimenting with different families of malware and techniques. When one threat actor starts shifting TTP’s, it’s usually a big deal. Attackers get comfy in their infrastructure, some survive sinkholes, and they continue spamming or stealing money. One shift takes time, effort, and money on the attackers part. The part that people often forget is that attackers need people to maintain backends, code the malware, code panels, and patch exploits as researchers find them, or else they are going to be exploited by said researchers.


FluxerBot: Nginx Powered Proxy Malware

February 4, 2016 by Cofense in Phishing

What first appeared last week to be yet another malspam campaign solely spread to infect victims with Andromeda, also downloaded some interesting second stage payloads; including several keyloggers and what was later discovered to be labeled as the Fluxer proxybot. The initial malspam lures contained Italian language informing its victims that he or she has received an invoice as the message attachment. The message attachment is a ZIP archive which contained the Andromeda malware installer. More information about this campaign can be found by ThreatHQ customers in Threat ID 5316.


PhishMe® Triage Integrates with OpenDNS’ Investigate API for Intelligent Incident Response

January 28, 2016 by Cofense in Phishing

The APIs have it – Emphasis on ‘I’– Individuals, Integrate, Investigate, and Incident Response Everyday, PhishMe is helping enterprise employees change their behavior against the top threat leading to many of today’s high profile breaches – phishing. Our customers empower their employees to report suspicious email thereby creating a rich source of actionable intelligence for incident responders. Triage provides security operations center (SOC) analysts and incident responders a way to automate the identification, prioritization, and remediation of these phishing threats. This threat intelligence can then be shared with other teams to better protect your enterprise.


Phishing Scams Cost UK Consumers £174m In 2015

January 22, 2016 by Cofense in Phishing

In response to the findings that Phishing Scams Cost UK Consumers £174m last year, Ronnie Tokazowski, senior researcher at PhishMe have the following comments on it. Read More


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our Privacy Policy. By clicking ‘I Understand,’ you acknowledge and consent to our use of all cookies on our website.

Cookie settings

Below you can choose which kind of cookies you allow on this website. Click on the "Save cookie settings" button to apply your choice.

FunctionalOur website uses functional cookies. These cookies are necessary to let our website work.

OtherOur website places 3rd party cookies from other 3rd party services which aren't Analytical, Social media or Advertising.