Products
Products
Response
Intelligence
About Cofense
About Cofense
Leadership

Cofense Phishing Prevention & Email Security Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

The New Cofense Resource Center

December 1, 2020 by Cofense in Cofense NewsPhishing

By Carolyn Merritt  Today, Cofense officially launched its new Resource Center. Formerly known as Community, the new Resource Center features a completely redesigned interface, smarter search capabilities and integrated support ticketing.    This initiative has been in the works for some time. We heard from internal and external users alike that the old Community was difficult to navigate, and that information was challenging to locate. We believe those issues have been solved with our new interface, an integration with our Zendesk ticketing system, and a new set of capabilities designed to improve the user experience.  Also, we organized the new Resource Center by product to make it easier to search and navigate...

READ MORE

Keeping Santa’s Helpers Out of Your Inbox

November 25, 2020 by Cofense in Phishing

As with everything else this year, the holiday shopping season will be open to more cyber threats as we shift from hitting the brick-and-mortar retail outlets to the online store front. Threat actors have your wallet and credentials on their shopping list. When it comes to preparing your users, friends and family for the holiday shopping season, we’ll cover some basics to remind everyone to remain calm and protect their wallets and credentials. Gift Cards The ease of sending gift cards makes these a top purchase. While retailers have made it easier to purchase online and send electronically, threat actors...

READ MORE

Variants of Emotet Malware

November 9, 2020 by Cofense in Phishing

READ MORE

What’s Up With Malware? Find Out In Our Q3 Report

October 23, 2019 by Cofense in Threat Intelligence

By Alan Rainer and Max Gannon On the malware front, the summer of 2019 was quiet and steady-state. But the end of Q3 saw the infamous Emotet resurface, presaging a malware uptick in Q4. Read all about it in the Cofense Q3 2019 Malware Trends Report. Maintaining a relative lull when Emotet suspended activity, threat actors in Q3 stuck to tried-and-true practices of intrusion. Phishing emails containing keyloggers (namely ‘Agent Tesla’) slightly rose in popularity, while information stealers like Loki Bot fell. Threat actors continue to seek the easiest, most efficient way of infiltrating users. Agent Tesla, for example, offers...

READ MORE

Agent Tesla Keylogger Is Now a Top Phishing Threat

October 18, 2019 by Cofense in Threat IntelligenceMalware Analysis

By Aaron Riley, Cofense IntelligenceTM The Agent Tesla keylogger is an increasingly widespread piece of malware in the phishing threat landscape, targeting multiple industries and using multiple stages within its infection chain. Currently, threat actors prefer archived files or weaponized Microsoft Office productivity documents to deliver this malicious software to the endpoint. Agent Tesla is sold as a commercial subscription license and offers a 24/7 support team. With an easy to use and abundant feature set—like a document exploit builder embedded into the malware management web panel—this keylogger lends itself to all levels of threat actors. A typical theme for...

READ MORE

This Credential Phish Masks the Scam Page URL to Thwart Vigilant Users

October 17, 2019 by Cofense in Cyber Incident ResponsePhishing

By Milo Salvia, Cofense Phishing Defense CenterTM The Cofense Phishing Defense Center (PDC) has observed a phishing campaign that aims to harvest credentials from Stripe, the online payment facilitator handling billions of dollars annually, making it an attractive target for threat actors seeking to use compromised accounts to gain access to payment card information and defraud consumers. The phish prevents email recipients from seeing the destination of an embedded link when they try to hover over the URL. Instead, what they see is a bogus account message. Here’s how the campaign works. Email Body The email pretends to be a notification...

READ MORE

Emotet Malicious Phishing Campaigns Return in Force

September 18, 2019 by Cofense in Threat Intelligence

By Alan Rainer and Max Gannon The infamous malware family Emotet—also known as Geodo—has fully resurfaced and resumed sending phishing campaigns that trick users into clicking on links and downloading attachments that contain malicious macros. Many of the emails feature common financial themes that capitalize on an existing reply chain or contact list impersonation. In most cases, subjects for these phishing emails are rather mundane, such as “RE: Re: Contract/Invoice Count” and “Customer Statement 09/16/2019”, with attachments that use Microsoft Office macros to install malware. Upon installation of the Emotet executable, the banking Trojan TrickBot may be placed onto the...

READ MORE

Astaroth Uses Facebook and YouTube within Infection Chain

September 11, 2019 by Aaron Riley in Threat Intelligence

  All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.

READ MORE

The New Cofense Resource Center

December 1, 2020 by Cofense in Cofense NewsPhishing

By Carolyn Merritt  Today, Cofense officially launched its new Resource Center. Formerly known as Community, the new Resource Center features a completely redesigned interface, smarter search capabilities and integrated support ticketing.    This initiative has been in the works for some time. We heard from internal and external users alike that the old Community was difficult to navigate, and that information was challenging to locate. We believe those issues have been solved with our new interface, an integration with our Zendesk ticketing system, and a new set of capabilities designed to improve the user experience.  Also, we organized the new Resource Center by product to make it easier to search and navigate...

READ MORE

Keeping Santa’s Helpers Out of Your Inbox

November 25, 2020 by Cofense in Phishing

As with everything else this year, the holiday shopping season will be open to more cyber threats as we shift from hitting the brick-and-mortar retail outlets to the online store front. Threat actors have your wallet and credentials on their shopping list. When it comes to preparing your users, friends and family for the holiday shopping season, we’ll cover some basics to remind everyone to remain calm and protect their wallets and credentials. Gift Cards The ease of sending gift cards makes these a top purchase. While retailers have made it easier to purchase online and send electronically, threat actors...

READ MORE

Variants of Emotet Malware

November 9, 2020 by Cofense in Phishing

READ MORE

Customer Satisfaction Survey Leads to Credential Phishing

July 31, 2018 by Marcel Feller in Phishing Defense Center

The CofenseTM Phishing Defense Center (PDC) has observed a phishing campaign masquerading as a Customer Satisfaction Survey from Cathay Pacific. Fake surveys are an old tactic, but the PDC has recently seen an increase in their use. Examining the following email will show you what to look out for. At first look, the email appears to be a legitimate Satisfaction Survey. It is not uncommon to receive a reward for completing a survey, so that alone is not an Indicator of Phishing (IoP). However, as shown in Figure 1, the “Click here – Participate and Win” link feels out of...

READ MORE

A Very Convincing Tax-Rebate Phishing Campaign Is Targeting UK Users

July 19, 2018 by Milo Salvia in Phishing Defense Center

The Cofense™ Phishing Defence Center has observed a convincing new phishing campaign targeting taxpaying UK nationals. The threat actors posing as Her Majesty’s Revenue and Customs (HMRC) have imitated the Government Gateway tool which is commonly used by UK citizens to access government services online. The threat actor attempts to convince victims that they are due a tax rebate of £458.21 using the lure below.

READ MORE

This “Man in the Inbox” Phishing Attack Highlights a Concerning Gap in Perimeter Technology Defenses

July 18, 2018 by Nick Guarino in Phishing Defense Center

“Man in the Inbox” phishing attacks come from compromised email accounts. They look like someone from within a business, for example the HR director, sent an email directing employees to do something legitimate—like logging onto a fabricated page to read and agree to a corporate policy. When employees log on, the attackers harvest their credentials. These attacks are yet another example of increasingly sophisticated credential phishing.  

READ MORE

Attackers Use a Bag of Tricks to Target Greek Banking Customers

June 27, 2018 by Milo Salvia in Phishing Defense Center

Recently, the Cofense™ Phishing Defense Center has observed a phishing campaign targeting Greek-speaking users and customers of Alpha Bank. Alpha Bank is the fourth-largest Greek bank. We observed threat actors using multiple tactics to gain login credentials which include user names, passwords, and secret questions. This information would allow threat actors to access unsuspecting victims’ accounts draining funds and perhaps reusing those credentials on other websites.

READ MORE

Another Global Phishing Campaign Distributes Malware Via Fake Invoices

June 25, 2018 by Marcel Feller in Phishing Defense Center

On Thursday June 14th, the Cofense™ Phishing Defense Center (PDC) noted a campaign targeting UK customers with several emails containing the same subject, “Invoice INV-03056,” and prompting the user to view a supposed invoice. The next day, we saw a very similar campaign that delivered French language phishing emails. Upon analyzing the emails, the PDC notified customers that received them, so they could respond as needed. We also notified all our UK customers of the IOC’s.

READ MORE

We Helped a Customer Block this Open Directory Phishing Attack

June 1, 2018 by Chance Caldwell in Phishing Defense Center

On May 22, 2018, the Cofense Phishing Defense Center observed a Microsoft credential phishing attack that was received by one of our Managed Service customers. The Phishing Defense Center’s goal is to provide our customers all the relevant information on an attack against their employees, within an hour of an email being reported, so customers can take the necessary steps to prevent further attacks. By doing a deep dive investigation into this attack we were able to find multiple other phishing attacks listed on the site, the kits used to create the phishing pages, and several other domains created by...

READ MORE

Hackers Analyse Your Capabilities. Use this Matrix to Do the Same

May 16, 2018 by David Mount in Phishing Defense Center

Regular followers of Cofense™ know that phishing threats evolve. For detailed evidence, read the Cofense Malware Review 2018 and see the techniques threat actors employ to keep security teams on their toes.

READ MORE

Russian “Troldesh” AKA Encoder.858 or Shade is back!

April 27, 2018 by Dilen Thakuri in Cyber Incident ResponseInternet Security AwarenessMalware AnalysisPhishing Defense Center

On the 19th of April, the Cofense Phishing Defense Center received an email crafted to appear to be from “Sberbank Russia.” In fact, it was a phishing email containing the Troldesh malware, a variant of Russian Ransomware first seen in mid-2015. The PDC hadn’t seen this variant for quite some time.

READ MORE

5 ways we boost your anti-phishing program’s ROI.

April 25, 2018 by Zach Lewis in Phishing Defense CenterCyber Incident ResponseInternet Security Awareness

If you’re shopping for a vendor to help with phishing awareness training, you might be thinking, “They all seem pretty similar. What’s the difference?”

READ MORE