Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response
Resources
Resources

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Tax Time is Phishing Time: Here’s How to Help!

March 31, 2016 by Heather McCalley in Phishing

Important disclaimer: THE IRS DOES NOT INITIATE CONTACT WITH TAXPAYERS BY EMAIL, TEXT MESSAGE, OR SOCIAL MEDIA CHANNELS TO REQUEST PERSONAL OR FINANCIAL INFORMATION. (See: https://www.irs.gov/uac/Report-Phishing ) The IRS has a very active security team, currently part of the U.S. Treasury Inspector General for Tax Administration (TIGTA), that is responsible for fighting phishing and tracking down the criminals who prey on U.S. tax payers.  If you believe you have received a Phishing email, please help them by reporting the email you received to phishing@irs.gov.  Additionally, please also consider sending a copy to our team.  PhishMe Brand Intelligence automatically processes any URLs...

READ MORE

Reclaiming the Edge in the Battle Against Phishing Attackers

March 15, 2016 by Ed O'Neill in Phishing

There is a reason that most data breach incidents involve phishing attacks: phishing works.  Attackers know that it is far easier to gain access to a protected network by tricking people into clicking on malicious links and attachments than it is to penetrate sophisticated firewalls and intrusion detection systems.  And they know that they have an edge over the defenders because they only have to win once to gain access. As defenders, we need to stop them every time.  We can’t prevent attackers from soliciting people with phishing emails.  But we can take away their edge.

READ MORE

PhishMe CTO Aaron Higbee Discusses Ransomware Dangers on CNBC SquawkBox

March 14, 2016 by Cofense in Phishing

Aaron Higbee, PhishMe co-founder and CTO, was featured on a recent CNBC SquawkBox broadcast segment discussing recent ransomware trends plaguing the healthcare space. During the attack, a phishing email is sent to the user’s inbox prompting them to click a malicious link that begins encrypting files and storage drives on your computer. Once the files are encrypted, the only way to retrieve the data from the malicious actors is to pay a ransom in BitCoin. In the video (seen below), Higbee dives deeper into the various motivations for these types of attacks and how businesses can better prepare themselves to...

READ MORE

Ransomware Rising – Criakl, OSX, and others – PhishMe Tracks Down Hackers, Identifies Them and Provides Timeline of Internet Activities

March 10, 2016 by Ronnie Tokazowski in Phishing

Over the last few months, the Phishing Intelligence team has observed a huge increase of ransomware. Many attackers are starting to experiment with ransomware as an alternative to quickly monetize. Dridex has employed a new family of ransomware named Locky, which is a pretty drastic shift in what this group is known for doing. We’re even seeing attackers go after OSX with ransomware, something that was once thought to be immune from malware, however there were nearly 6,500 users who downloaded the compromised BitTorrent client. Follow along with us as we deconstruct a recent ransomware attack and hack the hackers behind the...

READ MORE

PhishMe’s Rohyt Belani Honored as a CEO of the Year in Info Security Products Guide’s 2016 Global Excellence Awards

March 10, 2016 by Cofense in PhishingPress Releases

Judges Recognize PhishMe CEO for Leadership Excellence and Significant Contributions to the Cybersecurity Community LEESBURG, VA – March 10, 2016 – PhishMe® Inc., the leading provider of human phishing defense solutions, today announced that CEO and co-founder Rohyt Belani has been honored as a “CEO of the Year” category winner of the 2016 Info Security Products Guide Global Excellence Awards®. These prestigious global awards, put on by the industry’s leading information security research and advisory guide, recognize security and IT vendors with advanced, ground-breaking products and solutions that are helping set the bar higher for others in all areas of...

READ MORE

PhishMe Takes Home 2016 SC Magazine Award for Best IT Security-Related Training Program

March 3, 2016 by Cofense in Cofense NewsPhishingPress Releases

Judges Recognize Human Phishing Defense Solution Used by Fortune 500 Enterprises to Protect Data and Systems Against Multi-Billion Dollar Phishing Threat LEESBURG, Va. & SAN FRANCISCO – March 3, 2016 – PhishMe® Inc., the leader in human phishing defense solutions, today announced that SC Magazine honored the company with a 2016 SC Award for Best IT and Security Training Program. Winners of this prestigious award were chosen after undergoing a rigorous judging process that included testimonials, industry assessments and additional research. PhishMe was hand-picked by a panel of judges for its outstanding service, qualifications and advancements to the cybersecurity industry.

READ MORE

PhishMe Releases Channel-Exclusive Human Phishing Defense Solution for SMBs for Launch of Formal Channel Program

March 3, 2016 by Cofense in Cofense NewsPhishingPress Releases

Trusted Leader in Phishing Defense Expands Offerings to Global Customers Through Expanded Distribution Channels and New Product Offering LEESBURG, Va. & SAN FRANCISCO – March 3, 2016 – PhishMe® Inc., the leading provider of human phishing defense solutions, today unveiled during RSA 2016 the PhishMe Channel Alliance, a formalized channel distribution program designed to bring premier PhishMe security solutions to the global market. Following PhishMe’s record-breaking 892 percent growth over the last three years, the company is kicking off its global channel efforts by releasing a new solution available exclusively through the channel and made specifically for small and medium-sized...

READ MORE

PhishMe Technology Alliance Program Creates Integrated Ecosystem of World’s Leading Security Providers

March 2, 2016 by Cofense in Cofense NewsPhishingPress Releases

Join PhishMe at RSA 2016 (S1021) to Learn How Joint Customers Maximize Investments in FireEye, HP Enterprise, IBM, LogRhythm, Splunk, OpenDNS and Recorded Future LEESBURG, VA & SAN FRANCISCO — March 2, 2016—PhishMe® Inc., the leading provider of human phishing defense solutions, today announced the launch of the PhishMe Technology Alliance Program (TAP), comprised of an ecosystem of leading security providers and multiple, key technical integrations. The alliance provides joint customers with easy and effective integrations that strengthen security, improve operational workflow and manageability, maximize security investments and reduce the risk of falling victim to phishing-driven cyberattacks.

READ MORE

More Tax Time Scams

March 1, 2016 by Ronnie Tokazowski in Phishing

Every year, attackers try to find some way to innovate and steal more money come tax time. Last year, attackers took advantage of e-filing, which led TurboTax to put a halt on all refunds due to a surge in fraudulent state tax returns. Here is a screenshot of a phishing email that the attackers are using to try and obtain W2’s for all employees: Be on the lookout for these types of scams! Snapchat recently fell victim to one of these scams and did the responsible thing by notifying the affected parties and called on the assistance of the FBI....

READ MORE

PhishMe Unveils Fully Integrated Phishing Defense Solution to Combat Multi-Billion Dollar Phishing Problem

March 1, 2016 by Cofense in Cofense NewsPhishingPress Releases

Human Conditioning, Intelligence and Incident Response Overcome Failing Automation Technology Patchwork LEESBURG, VA & SAN FRANCISCO — March 1, 2016— PhishMe® Inc., the leading provider of human phishing defense solutions, today announced during RSA Conference 2016 that it has fully integrated its powerful product suite comprised of Simulator, Reporter, Triage and Intelligence. The integration delivers customers with a comprehensive solution for attack identification, human-verified intelligence and incident response that turns employees into the most powerful line of defense against phishing. As the top attack vector in use today, spear phishing is responsible for more than 90 percent of all breaches...

READ MORE

Baiting the Hook, Sneak Peek at PhishMe.com

October 10, 2007 by Cofense in Phishing

If you’ve been noticing a little silence on the blog recently, it’s been because a lot of the ranting has been going into developing what we think is a great anti-phishing user awareness tool. Take a peek at our main site at www.PhishMe.com Conducting ethical phishing attacks has never been easier. User awareness will be improved, enforced, and for the first time for many users, easy to measure and trend over time. You can sign up for the mailing list right now that will let you know when the full blown service is launched. We will be offering free trial...

READ MORE

Time to Phish your Customers?

September 19, 2007 by Cofense in Phishing

Building employee awareness to social engineering attacks, like Phishing, is clawing its way up the CISO’s priority ladder; and rightly so. But, what good are aware employees if your customers can be directly targeted by such attacks? A month ago, monster.com had to deal with a phishing attack that targeted their clients and did so with some success. Security experts commented in this USAtoday article urging job seekers to expose minimal data and blaming monster.com for not enforcing strong passwords. I don’t want to undermine the soundness of those suggestions. However, I don’t believe they will solve the issue at...

READ MORE

Phishing for User Awareness

September 10, 2007 by Cofense in Internet Security AwarenessPhishing

A recent survey of over 279 IT Executives indicated that the greatest security challenge they faced was building an effective security awareness program and encouraging their employees to embrace it.  Employees, albeit unaware, oblivious or unconcerned, continue to fall prey to conniving social engineers compromising sensitive data protected by millions of dollars worth of technology. The return on investment on building user awareness is apparent and no longer a hard sell for IT security staff. The real problem lies in building an effective program that actually changes the mindset of the employees.  In a society where 90% of recovering coronary...

READ MORE

Dirty Dirty Wi-Fi: AT&T Wi-Fi Service Phishing?

July 30, 2007 by Cofense in Phishing

I’m sitting at Dulles airport right now, at gate C19, on my way to Vegas. I’m excited to catch up with friends and colleagues at BlackHat this year.  I realized a few days ago that my 81 slide presentation for DefCon isn’t for a 75 minute slot.. instead I’ll be trying to fit it into a 50 minute slot! Wish me luck! Public Wifi is so dicey… I would never use it for anything other than entertainment during delays.  If I need to get work done I hop on EVDO.  Captive portals are everywhere… and if you pay much attention to...

READ MORE

Harry Potter Phishing Attack: Fact or Fiction?

July 16, 2007 by Cofense in Phishing

On June 19th a spoiler for the next Rowling book Harry Potter and the Deathly Hallows was posted to the full disclosure mailing list: http://seclists.org/misc/harrypotterspoilers.html (WARNING: If you’re a Harry Potter fan you may want to hold off reading it.) The spoiler was nothing more than a summary of which main characters allegedly die in battle with Voldemort and other rivals. What is more interesting is how this book was allegedly obtained. The author of the messages claims he launched a phishing attack against Bloomsbury Publishing. “The attack strategy was the easiest one. The usual milw0rm downloaded exploit delivered by...

READ MORE

iPhone Phishing Bait: would you like fries with that?

July 11, 2007 by Cofense in Phishing

We’ve all heard there’s no such thing as a free lunch, but this is not always easily remembered when online. The latest example of that is the number of iPhone related phishing messages that had flooded my inbox while I was on vacation. Some of the links didn’t even need to claim it was a ‘free’ deal; just a site claiming to have the cool tool in stock was enough to get clicks. Of course this is nothing new. Go back and replace ‘iPhone’ with ‘Wii’ or ‘PSP’ or ‘Nano’ and you get similar results. As a gadget geek, I’m always at least a...

READ MORE

McAfee’s “Groundbreaking” Phishing Study

July 5, 2007 by Cofense in Phishing

Recently, I came across a press release by McAfee citing the results of a “groundbreaking” study that talks about the psychological games played by phishers and email scam artists. The results of the study indicated that “cyber criminals use fear, greed and lust to methodically steal personal and proprietary financial information”. Frankly, I didn’t see anything groundbreaking in those results. Don’t we all know that social engineers (including phishers) have to play with people’s psyches to get them to click on links and submit personal information? The study did however quote some interesting statistics from a 2006 Gartner study: Cumulative loses stemming...

READ MORE