Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

New Tactic Bypasses Existing Security Controls – Most Recent PayPal Phish Reveals Stealthy HTML Attachment

May 25, 2016 by Heather McCalley in Phishing

Incident response is always a cat and mouse game.  Organizations spend heavily on people and technology to help protect their enterprise, while threat actors continue to find new and unique ways to bypass those controls.  We’ve seen this trend continue over time, whether it be with the shift to MHTML files by Locky or the delivery of malicious PowerPoint show files.  The PhishMe intelligence team has noticed another change, this one by the actors who are phishing for login credentials, and their tactics reveal that they are actively working to bypass security controls.

READ MORE

Ransomware targeting US Congress specifically? Probably not.

May 24, 2016 by Cofense in Phishing

In another highly visible ransomware event, Techcrunch recently reported that Congress was warned about ransomware attacks that were impacting the House of Representatives. While ransomware is by no means new, Congress was warned that these attacks were personalized and are specifically targeting third-party email services such as Yahoo or Gmail. Additionally, Congress was warned that their machine could be encrypted by simply clicking the link within the message.

READ MORE

Bolek: Leaked Carberp KBot Source Code Complicit in New Phishing Campaigns

May 19, 2016 by Cofense in Phishing

Reuse of infrastructure supporting malware distribution is a well-documented characteristic of online crime and a key way to track and classify threat actors. While it may seem simplistic for monitoring threat actor activities, the IP addresses, domains, hostnames, and URLs contacted by malware tools betray a significant amount of information about threat actor groups. For some malware attacks, it’s possible to determine the threat actor’s identity based on the infrastructure used, but, other times, the lines are blurred because some organizations harbor cyber criminals.

READ MORE

You spoke, we listened: What’s new for CBFree

May 12, 2016 by Cofense in Internet Security Awareness

You spoke…we listened. PhishMe CBFree Computer Based Learning modules launched in October 2015 and was extremely well received among users.  As an initial launch, we listened heavily to our customer’s feedback and have a new set of modules.

READ MORE

PhishMe’s Gary Warner Featured in Threat Intelligence Thought Leadership Interview on Recorded Future

May 4, 2016 by Cofense in Cofense NewsThreat Intelligence

This week, Recorded Future published another segment in their recent “Threat Intelligence Thought Leadership Series” featuring PhishMe’s Chief Threat Scientist Gary Warner. The article titled Why You Should Launch a Threat Intelligence ‘Hunt’ Team covers a variety of perspectives on threat intelligence, from driving factors in today’s threat intelligence community, actionable intelligence trends and even advice for aspiring threat intelligence analysts on how to navigate today’s information security landscape. 

READ MORE

University W2 Phishing and CEO Impersonation

April 13, 2016 by Cofense in Phishing

At PhishMe we talk frequently about a familiar concept that cyber attacks and phishing emails are very rarely sent to only one organization. While  security teams tend to focus on threats to your organization, PhishMe Intelligence is watching for email-based threats for EVERY organization. As we were gathering information about tax-related phishing scams this year, we noticed that institutes of higher learning were being hit quite broadly by this year’s W2 related scams.

READ MORE

RockLoader – New Upatre-like Downloader Pushed by Dridex, Downloads all the Malwares

April 12, 2016 by Cofense in Phishing

On 4/6, the Phishing Intelligence team came across a wave of phishing emails that contained a .js file packaged inside of a zip file used to deliver malware. This is nothing new, and has been seen being pushed out by resources associated with the Dridex botnet and the Locky encryption ransomware. The interesting piece is that the attackers are using a new piece of malware called RockLoader to download and install the malware on remote systems. Downloaders are nothing new, as Upatre was used with Dyre and Gameover ZeuS in the past. RockLoader has several tricks up its sleeve.

READ MORE

PhishMe April Cybercrime Alert: Ransomware Attacks Expected to Increase

March 31, 2016 by Cofense in PhishingPress Releases

Cybersecurity Experts, Former Federal Law Enforcement Professionals Say Cryptocurrency, Digital Data and Vulnerable Employees May Fuel Largest Crimewave in Modern History LEESBURG, Va. – March 31, 2016 – PhishMe Inc., the leading provider of human phishing defense solutions, today released its April Cybercrime Alert, warning all organizations that its threat researchers expect ransomware attacks to increase as cybercriminals become increasingly aware that: Ransomware is readily-available and changes faster than detection technologies can respond In most cases, paying the ransom is the only way to free hostage data and systems Recent successful ransom situations will only encourage more attempts Cryptocurrencies such...

READ MORE

Tax Time is Phishing Time: Here’s How to Help!

March 31, 2016 by Heather McCalley in Phishing

Important disclaimer: THE IRS DOES NOT INITIATE CONTACT WITH TAXPAYERS BY EMAIL, TEXT MESSAGE, OR SOCIAL MEDIA CHANNELS TO REQUEST PERSONAL OR FINANCIAL INFORMATION. (See: https://www.irs.gov/uac/Report-Phishing ) The IRS has a very active security team, currently part of the U.S. Treasury Inspector General for Tax Administration (TIGTA), that is responsible for fighting phishing and tracking down the criminals who prey on U.S. tax payers.  If you believe you have received a Phishing email, please help them by reporting the email you received to phishing@irs.gov.  Additionally, please also consider sending a copy to our team.  PhishMe Brand Intelligence automatically processes any URLs...

READ MORE

Reclaiming the Edge in the Battle Against Phishing Attackers

March 15, 2016 by Cofense in Phishing

There is a reason that most data breach incidents involve phishing attacks: phishing works.  Attackers know that it is far easier to gain access to a protected network by tricking people into clicking on malicious links and attachments than it is to penetrate sophisticated firewalls and intrusion detection systems.  And they know that they have an edge over the defenders because they only have to win once to gain access. As defenders, we need to stop them every time.  We can’t prevent attackers from soliciting people with phishing emails.  But we can take away their edge.

READ MORE

Rebirth

April 12, 2011 by Cofense in Internet Security Awareness

This is the official rebirth of our blog. For a while now, this blog lay dormant, while the team at PhishMe was anything but. Sales and Marketing has been trying to keep up with the interest while Dev, Operations, and support have consistently delivered the most cutting edge phishing awareness services on the market. It’s a pity the blog hasn’t kept up because we have a lot of interesting thoughts and statistics to share, better late than never. Stay tuned for the latest on phishing news, our lessons learnt from successfully training people to thwart targeted phishing, and anything else we feel like rambling...

READ MORE

RSA Conference: Circus of Vendors

April 16, 2008 by Rohyt Belani in Phishing

In past years I never attended the RSA conference; it always came across as too much of a vendor show to me. This year I didn’t think I would go, until rsnake convinced me otherwise. So I bought myself an Expo Only pass. I had a lot of fun, meeting old time buddies from Foundstone and Mandiant, a bunch of clients, and partners. But I had the most fun just watching the show on the Expo floor. Must have been 300 booths and a gazillion sales people swarming them with those annoying mics trying to outspeak each other like barkers outside...

READ MORE

SCADA hacking? What if they used cofense.wpengine.com?

April 10, 2008 by Cofense in Internet Security Awareness

At this year’s RSA conference Ira Winkler went on to tell the audience about hacking into an energy company (via an authorized penetration test) using a targeted phishing email. Details are in this networkwold article: http://www.networkworld.com/news/2008/040908-rsa-hack-power-grid.html “The penetration team started by tapping into distribution lists for SCADA user groups, where they harvested the e-mail addresses of people who worked for the target power company. They sent the workers an e-mail about a plan to cut their benefits and included a link to a Web site where they could find out more.” Are we surprised they were successful? Absolutely not. We’ve...

READ MORE

Whitepaper: The State of Information Security 2008

February 8, 2008 by Aaron Higbee in Internet Security Awareness

I just got back from The Credit Union Information Security Professionals Association 3rd annual National event in Austin Texas where Rohyt and I were talking to the folks about www.PhishMe.com. I have never attended a CUISPA event before and welcomed the opportunity. It was refreshing to see this industry work together. Credit unions don’t have the budgets larger institutions do and many of their technologists wear multiple hats. Security is a group effort. (as it should be) Two major takeaways I had from the conference: 1.) Credit Union security professionals have a can-do attitude and value networking with their peers...

READ MORE

Phishing with Encoded IP Addresses

January 5, 2008 by Cofense in Phishing

I was adding a little special sauce to Phishme.com this past week and thought this might be fun to share. We have a few different ways a user can craft their phishing links. If he/she chooses the IP address option, then there is also the choice of encoding options. This lets you mask the IP address in an attempt to trick the user into thinking part of the sub directory is perhaps the host name. Or as in the case with my mom… she thinks it is just the phone number so the computer knows where to call. And it’s...

READ MORE

If I was a hacker…err cracker…

December 31, 2007 by Cofense in Internet Security Awareness

I would be very busy the week of Christmas, while IT security staff is probably operating at 20% normal strength. Not only is it the weakness in numbers, but also the holiday mood.  How many of you are actually working full days? IDS logs – thats probably the last thing on your mind now that you have Guitar Hero III in the breakroom. I would get busy if I heard that a company was being acquired. From my experience, most companies put a freeze on all discretionary spending from the time a deal is announced untill it closes. Unfortunately, security...

READ MORE

Baiting the Hook, Sneak Peek at PhishMe.com

October 10, 2007 by Cofense in Phishing

If you’ve been noticing a little silence on the blog recently, it’s been because a lot of the ranting has been going into developing what we think is a great anti-phishing user awareness tool. Take a peek at our main site at www.PhishMe.com Conducting ethical phishing attacks has never been easier. User awareness will be improved, enforced, and for the first time for many users, easy to measure and trend over time. You can sign up for the mailing list right now that will let you know when the full blown service is launched. We will be offering free trial...

READ MORE

Time to Phish your Customers?

September 19, 2007 by Cofense in Phishing

Building employee awareness to social engineering attacks, like Phishing, is clawing its way up the CISO’s priority ladder; and rightly so. But, what good are aware employees if your customers can be directly targeted by such attacks? A month ago, monster.com had to deal with a phishing attack that targeted their clients and did so with some success. Security experts commented in this USAtoday article urging job seekers to expose minimal data and blaming monster.com for not enforcing strong passwords. I don’t want to undermine the soundness of those suggestions. However, I don’t believe they will solve the issue at...

READ MORE

Phishing for User Awareness

September 10, 2007 by Cofense in Internet Security AwarenessPhishing

A recent survey of over 279 IT Executives indicated that the greatest security challenge they faced was building an effective security awareness program and encouraging their employees to embrace it.  Employees, albeit unaware, oblivious or unconcerned, continue to fall prey to conniving social engineers compromising sensitive data protected by millions of dollars worth of technology. The return on investment on building user awareness is apparent and no longer a hard sell for IT security staff. The real problem lies in building an effective program that actually changes the mindset of the employees.  In a society where 90% of recovering coronary...

READ MORE

Dirty Dirty Wi-Fi: AT&T Wi-Fi Service Phishing?

July 30, 2007 by Cofense in Phishing

I’m sitting at Dulles airport right now, at gate C19, on my way to Vegas. I’m excited to catch up with friends and colleagues at BlackHat this year.  I realized a few days ago that my 81 slide presentation for DefCon isn’t for a 75 minute slot.. instead I’ll be trying to fit it into a 50 minute slot! Wish me luck! Public Wifi is so dicey… I would never use it for anything other than entertainment during delays.  If I need to get work done I hop on EVDO.  Captive portals are everywhere… and if you pay much attention to...

READ MORE