Why Customers Love Our Board Reports on Their Phishing Defense
August 8, 2018 by Professional Services Team in Internet Security AwarenessLast year, a Cofense™ customer wanted to show his board the results of his phishing-defense program. Specifically, the customer was looking for a board-report template. The customer did a quick Google search and found…nothing.
Another Tax-Rebate Phishing Scam, This Time in Canada
August 7, 2018 by Dilen Thakuri in Phishing Defense CenterThe CofenseTM Phishing Defense Center has observed a phishing email targeting Canadian taxpayers, similar to HMRC scams we recently reported in the United Kingdom. It’s the latest in a surge of tax-rebate phishing scams seen across the globe, prompting tax-collection agencies to issue consumer warnings.
Abusing Microsoft Windows Utilities to Deliver Malware for Fun and Profit
August 6, 2018 by Max Gannon in Malware AnalysisLast year, Cofense Intelligence™ observed an increase in abuse of features built into platforms that are all but ubiquitous throughout the corporate world. An overview of these developments in 2017 was covered in our 2017 Malware Review, which highlighted the abuse of Microsoft features such as Object Linking and Embedding (OLE) and Dynamic Data Exchange (DDE) to deliver malware. Since last year, this trend has continued as threat actors are exploiting a greater variety of features as well as combining multiple techniques into one campaign.
Cofense Shortlisted for Three UK Computing Technology Product Awards
August 3, 2018 by Cofense in PhishingWe are delighted to share the news that CofenseTM has been shortlisted for not just one but three Computing Technology Product Awards! Some of the most prestigious awards on the UK IT industry’s calendar, the Computing Technology Product Awards aim to recognise the very best in technology and shine a spotlight on the winners. Following are the categories we are shortlisted for. Best Business Security Provider This recognizes our history and reputation in defining and leading the space. Since 2007, Cofense has pioneered the phishing defense industry. While we began in phishing awareness with what was then called PhishMe Simulator™,...
Geodo and TrickBot Malware Morph into Bigger Threats
August 2, 2018 by Max Gannon in Threat IntelligenceIt may be time to rethink the Geodo and Trickbot malware. These botnets have recently become more of a threat by increasing in activity and in their variety of delivery mechanisms, utilities, and behaviors.
The Headlines Make the Case for More Efficient Phishing Response
August 1, 2018 by Tonia Dudley in Cyber Incident ResponseLast week, Brian Krebs released a blog post about the recent news of a Virginia Bank being breached—not once, but twice. And he didn’t bury the headline. It was right up front: “Hackers used phishing emails to break into a Virginia Bank….”
Customer Satisfaction Survey Leads to Credential Phishing
July 31, 2018 by Marcel Feller in Phishing Defense CenterThe CofenseTM Phishing Defense Center (PDC) has observed a phishing campaign masquerading as a Customer Satisfaction Survey from Cathay Pacific. Fake surveys are an old tactic, but the PDC has recently seen an increase in their use. Examining the following email will show you what to look out for. At first look, the email appears to be a legitimate Satisfaction Survey. It is not uncommon to receive a reward for completing a survey, so that alone is not an Indicator of Phishing (IoP). However, as shown in Figure 1, the “Click here – Participate and Win” link feels out of...
The El Camino Effect in Anti-Phishing Training
July 30, 2018 by Cofense in Internet Security AwarenessToo often in anti-phishing training, or phishing defense in general, companies look for the wrong threats. That’s understandable to a degree, given that attackers constantly shift their tactics. But it’s a still a problem if, to use a bank heist metaphor, you’re looking for robbers who drive a Camaro vs. an El Camino. Without training based on the latest and most relevant threats, you’ll increase the odds the bad guys get away. Sometimes when that happens, users unfairly get blamed. Not cool. As anti-phishing program administrators, it’s our responsibility to empower folks to succeed. Understanding the El Camino Effect To...
Why You Need to Keep Brands Out of Phishing Simulations
July 26, 2018 by Tonia Dudley in Internet Security AwarenessThe top 4 brands in the world—Apple, Google, Microsoft, and Facebook—are worth over $500B. Not the operations of those brands, not their proprietary technology, or their real estate—the brands alone. When something is that valuable, companies protect it zealously. They monitor how their brands are used and take action to defend them. Cofense stands firm on not allowing 3rd party brands or logos to be utilized in our phishing simulations without prior express permission. There are times when we may partner directly with specific brands and organizations on the official inclusion of their brand assets in simulation content where it...