Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Spam is Spam, Phishing is Phishing, but Phishing is not Spam

April 3, 2017 by Aaron Higbee in PhishingInternet Security Awareness

Problems arise when we use the terms Spam and Phishing interchangeably. At the risk of sounding persnickety, I’m going to try to build the case of why we need to stop confusing Spam and Phishing.

READ MORE

Tales from the Trenches:  Loki Bot Malware

March 23, 2017 by Cofense in Phishing Defense Center

On March 15, 2017, our Phishing Defense Center observed several emails with the subject line “Request for quotation” pretending to award Shell Oil Company contracts – a very targeted subject tailored to the receiver. As with most phishing emails, there is a compelling call to action for the receiver, in this case a contract award from a well-known organization. And, an added bonus unknown to the receiver, the emails also contained a malicious attachment designed to siphon data from its targets. Included is an example of one of these emails along with basic Triage header information. Each email analyzed contained instructions...

READ MORE

What is Actionable Intelligence?

March 23, 2017 by Cofense in Threat IntelligenceInternet Security Awareness

Do you know what is actionable intelligence? Do you know the difference between threat intelligence and actionable intelligence? If not, read on. The term actionable intelligence has joined the ranks of threat intelligence, big data and more words that are used in well-meaning ways, but are ultimately meaningless. Don’t get us wrong, like many other vendors, we use these phrases to describe what we do. However, because there are so many companies out there using these terms with their own meanings attached to them, we feel the need to write this blog post and hopefully do right by the technology and service...

READ MORE

Tax-time Phishing: A Global Problem

March 9, 2017 by Cofense in Phishing

I don’t think anyone likes to do taxes… unless you’re an accountant. Maybe. Collecting all the documents, knowing which ones are needed, completing them in time, and handing over payments is a headache for individuals and companies alike. Phishing threat actors know this and will try to take advantage. The United States Internal Revenue Service provides lots of resources about recent and relevant phishing attacks and scams targeting American taxpayers. Their international counterparts in the United Kingdom and Australia also provide extensive resources on recent attacks impacting their taxpayers. One important aspect of the material provided by these organizations is...

READ MORE

PhishMe Triage Integrates with Palo Alto Networks WildFire Cloud to Combat Phishing

February 13, 2017 by Cofense in Phishing

Integration Pairs Efficient and Expedient Phishing Incident Response with Integrated Threat Analysis and Prevention PhishMe® and Palo Alto Networks® technologies equip security teams with enhanced protection against phishing threats. Conditioning employees to detect and report suspicious email is a strategy security leaders have adopted to protect the business and empower employees to become a defensive asset. PhishMe Triage™ ingests employee-reported suspicious email – allowing security teams to quickly assess and respond to threats. PhishMe Triage now integrates with Palo Alto Networks WildFire™ cloud-based threat analysis and prevention capabilities to provide an even more formidable approach to identifying and preventing potentially...

READ MORE

The Rise of RaaS: Satan

February 8, 2017 by Cofense in Malware Analysis

RaaS, or Ransomware as a Service, enables threat actors that lack the skillset to write their own malware the capacity to infect people’s computers with ransomware through a service, holding the victims’ files hostage for Bitcoin payments. One of the latest RaaS offerings is Satan, a ransomware variant that is easily accessible on a hidden website when browsing with the TOR browser. The website allows anyone to create a ransomware sample which in turn takes a cut of the ransom proceeds from its victims’ payments. Builder The TOR hidden service website allows for anyone to create a Satan loader sample...

READ MORE

Sage and Locky Ransomware Now Sharing Delivery Infrastructure in Phishing Attacks

February 2, 2017 by Cofense in Internet Security AwarenessPhishing

BY BRENDAN GRIFFIN AND GARY WARNER Threat actors have demonstrated that despite the past two years’ explosion in new ransomware varieties, ransomware developers still believe that the market has not reached the point of saturation. Examples of encryption ransomware like Sage have made notable appearances on the phishing threat landscape in the early days of 2017, continuing the ransomware trend from 2016.

READ MORE

Kovter Ad Fraud Trojan Now Shipping with Locky Ransomware

January 16, 2017 by Cofense in Phishing

Over the past couple of months, the PhishMe Research Team has observed Locky ransomware being distributed alongside the Kovter ad fraud trojan. We have looked at this malware distribution channel in the past, and since then, the threat actors have evolved from using a fake file encryption threat to using a well known and effective ransomware family: Locky. In this post we will examine the history of the Kovter actors’ experimentation with ransomware and walk through a sample campaign that our PhishMe Threat Intelligence Team captured. Ransomware Evolution The distributors behind Kovter have been experimenting with “ransomware” since as early as January 2016. We place the word...

READ MORE

With apologies to Led Zeppelin fans: The (BEC) Song (Still) Remains the Same

December 21, 2016 by Heather McCalley in Phishing

Almost three months have passed since I last updated you on the Business Email Compromise scam, also known as the CEO Fraud scam. Though the volume of these attacks remains high, the information security community has continued to collaborate well regarding this type of fraud, preempting the transfer of millions of dollars and identifying numerous mules in control of bank accounts around the world. Just last week, yet another phisher tried to phish PhishMe. Our CTO, Aaron Higbee, reported on early attempts in September 2015 when he also described the use of PhishMe Reporter to phish-back and collect details of the phisher’s...

READ MORE

Build Phishing Countermeasures to Protect Your Brand

May 22, 2013 by Cofense in PhishingThreat Intelligence

Corporations fight phishing each and every day. Large and recognizable financial institutions, retail companies, internet service providers/telecommunication companies are among those most heavily targeted victims of phishing. While the aftermath of a phishing attack is costly and yields long-term consequences, it’s quite difficult to keep up with cybercriminals. It’s shockingly easy for cybercriminals to create a phishing site targeted at your brand, so easy that the cybercriminal simply needs to unpack and upload a pre-built “phishing kit” in order to create a new phishing website. Just one phishing kit can produce hundreds of phishing URLs. With just a few clicks...

READ MORE

DMARC Failed to Protect Against Walmart Spam

May 20, 2013 by Cofense in Internet Security Awareness

Think that DMARC is all that you need to prevent your company from email spam? Think again. Last week, there was a spam campaign that imitated a Walmart.com receipt. An email was sent to Walmart customers falsely confirming the purchase of a large flat screen TV costing approximately $1,000. The cinematic home experience was to be enjoyed by someone else, since the receipt showed the item was being shipped to an address that would be unfamiliar to the customer. Upon receiving this email, the natural reaction would be to click on the link in email to find out more about...

READ MORE

Do young employees present a phishing risk?

May 7, 2013 by Aaron Higbee in Phishing

Spring. For some it signals rejuvenation, rebirth, everything blooming…but for security administrators it can mean new security risk. Spring means that the next round of college seniors will be entering the workforce soon, which for phishers means a fresh group of targets. Hopefully their college educations have prepared them for the majority of challenges they will face, but when it comes to phishing that is unlikely. The types of phishing emails students and consumers receive are quite different from what employees receive, and without training, young employees can’t be expected to avoid tactics they haven’t seen.

READ MORE

2-factor authentication wouldn’t have prevented AP Twitter hack

April 23, 2013 by Aaron Higbee in Internet Security AwarenessPhishing

When a hacked Twitter account spreads false news of an explosion at the White House and causes hysteria that spurs a 140 point drop in the stock market, it should encourage calls for Twitter to bolster its security measures, so it’s no surprise that many are clamoring for Twitter to offer 2-factor authentication. One problem with this – news outlets are reporting that hackers gained access to the AP’s account through a phishing attack. While 2-factor authentication makes it more difficult to phish an account, it will not prevent this type of attack from being successful (nor will a more...

READ MORE

How to defend against longline phishing attacks

April 12, 2013 by Cofense in Phishing

A report from ProofPoint released at the RSA conference discussed what is supposedly a new phishing technique dubbed “longline” phishing.  The report touts “longlining” as the newest way criminals are sending phishing emails in efforts to bypass technical controls.  Mass customization of emails allows criminals to fly under the radar of most email filters and successfully deliver spear-phishing emails to a larger number of email users at a single organization.  This tactic combines the best of both worlds from the criminal’s standpoint, but it doesn’t really change the game in terms of defending against phishing attacks, as your users still...

READ MORE

Phishing and Brand Reputation: What’s the Damage?

March 18, 2013 by Cofense in Internet Security Awareness

There has been a lot of talk recently about phishing and brand reputation, specifically how phishing attacks often have a major negative effect on how customers view a particular brand. After a phishing attack, many customers lose trust in a brand. What happens when you lose your customers’ trust? Successful brands are built on trust. You’ve spent years building your brand and earning your customers’ trust. Don’t leave your brand equity vulnerable to an attack that could cost you your current and future customers. Your Brand is at Risk It’s with good reason that, according to Frost & Sullivan, 71% of...

READ MORE

Defining a Sophisticated Attack

March 18, 2013 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

What do nearly all of the recent high-profile data breaches have in common? They have all been traced to sophisticated threats and cyber criminals. While there are many disagreements in the security industry, after every significant breach nearly everyone agrees that it was sophisticated (Twitter, Apple, and the Department of Energy are some of the unfortunate organizations to be compromised by a sophisticated attack recently). On the surface, it isn’t hard to see why. First, technology vendors need attackers to be super sophisticated, because simple tactics couldn’t circumvent their products, right? For victims of a breach, it is advantageous for...

READ MORE

The New York Times breached… a PhishMe Sales Pitch?

February 1, 2013 by Aaron Higbee in Phishing

Most of you are probably aware of the breach that occurred at the New York Times. Employee passwords and sensitive information related to an investigative news story covering the finances of Wen Jiabao, China’s Prime Minister, were compromised. The New York Times’research helps give them a competitive advantage in their industry, it is their proprietary information. It is the equivalent to the theft of financial reports, blueprints and customer data. The headlines roll in…  The NYTimes breached by spear-phishing! Symantec AV fails to detect attackers! In an official press release, Symantec says, “Anti-virus software alone is not enough.” Later, the CEO of...

READ MORE

Planes, Trains, Automobiles and… Spear Phishing?

January 8, 2013 by Cofense in Phishing

With 2013 upon us, it will be a busy year at PhishMe, as we are already scheduled to appear at around 70 events. That means another year of heavy traveling for our sales and marketing team. While it’s definitely exciting to visit new places and introduce new people to PhishMe, as with anything else in life, there are risks involved. Does your organization have employees that travel frequently? If so, they are probably being targeted by phishers.

READ MORE

12 Days of Phishless Christmas recap

December 26, 2012 by Cofense in Phishing

Happy Day After Christmas everyone! Thankfully the world didn’t end last Friday, and we were able to finish the 12 Days of Phishless Christmas campaign. Hopefully you are spending today on the couch nursing your eggnog and Christmas cookie hangover, out at the mall returning that Cosby sweater your Aunt gave you, or getting ready to watch the Little Caesar’s Bowl.

READ MORE