Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response
Resources
Resources

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Top Phishing Concerns of DNS Providers

August 29, 2013 by Cofense in Internet Security AwarenessThreat Intelligence

Twitter and the New York Times were hacked this week, which means that they have officially joined the ranks of other major news organizations, including the Financial Times and Washington Post who have been targeted by hackers over the past few months. So, how’d it happen? Three things: hacker groups, DNS providers and spear phishing. The Syrian Electronic Army (SEA) appears to be taking credit for this attack, as their logo was prominently displayed at NYTimes.com when the site was compromised. The SEA, a hacker group, protesting Syrian President Bashar Al-Assad, launched the attack in order to generate high profile awareness...

READ MORE

To make training stick, immerse employees

August 27, 2013 by Rohyt Belani in Internet Security Awareness

When aspiring pilots go through flight school, they learn both in a conventional ground setting and using a flight simulator. On the simulator, new pilots are immersed in the experience of flying, and receive real-time feedback about their decision making. Not surprisingly, the simulator is seen as a more effective training tool than conventional classroom training. One of the greatest challenges facing security awareness initiatives is providing employees with an experience they will actually remember and retain. Training users to avoid risky security behavior is not nearly as complicated as teaching someone to fly a plane, but just like with...

READ MORE

Syrian Electronic Army continues to carry out successful data-entry phishing attacks

August 20, 2013 by Aaron Higbee in Phishing

When the Syrian Electronic Army nailed a number of prominent media outlets earlier this year, we were pleased to see a number of open and honest responses from those that were breached, notably from The Onion and The Financial Times. Last week, the SEA was at it again, successfully hacking content recommendation service Outbrain, an attack which provided a foothold to compromise media behemoths The Washington Post, Time, and CNN. The SEA attacked Outbrain with largely the same tactics it has used so successfully in the past few months, by eliciting log-in credentials through a phishing email, the same tactics...

READ MORE

To improve security awareness, think marketing

August 13, 2013 by Rohyt Belani in Internet Security Awareness

Security awareness is a term that often makes IT security pros cringe. It brings to mind images of mind-numbing training or of ineffectual posters and stress balls urging employees to change their passwords frequently. Based on years of experience working with enterprises and other large organizations, we are launching a new blog series, “7 Principles Critical to Security Awareness Programs”, that will offer some insight in concepts we have incorporated in our solution to demonstrably improve security awareness for our customers. The first topic we will address is marketing. Changing behavior is one of the greatest challenges security officers face...

READ MORE

An untapped resource to improve threat detection

July 31, 2013 by Cofense in Internet Security AwarenessThreat Intelligence

Speaking in front of the House Committee on Special Intelligence earlier this year, Kevin Mandia (CEO of Mandiant) remarked that, “One of the most valuable resources in detecting and responding to cyber attacks is accurate and timely threat intelligence.”  Despite its value, many organizations don’t have a way to get timely threat intelligence. How can organizations improve in this area? If you know anything about us, it probably won’t shock you that we’re encouraging enterprises to focus on their users as a source of real-time threat intelligence. Given that the vast majority of targeted attacks focus on the end user...

READ MORE

Royal Baby Spam and Malware Attack Happening Now

July 25, 2013 by Cofense in Malware Analysis

It’s unfortunate, but when the general public is captivated by a certain news story, cybercriminals are hard at work exploiting the publicity that the news attracts. Exploitation can take many forms. In the cybersecurity space, we often see fake news stories about trending topics floating around. Fake news is becoming a serious problem. It is becoming harder to differentiate fake news from real news. Those fake news stories often have one sole purpose. To trick Internet users into clicking on a malicious link. Such is the case right now. The public is captivated by content about the new royal baby...

READ MORE

What is definition of phishing?

July 20, 2013 by Cofense in Internet Security Awareness

According to a recent infographic produced by via resource, 37.3 million users were subject to phishing attacks in 2012, but what definition of phishing is being used? What does phishing actually mean? As consumers increase the amount of time that they spend online, cybercriminals are ramping up their productivity – launching larger, more efficient and increasingly targeted attacks against brands both in and outside the financial services industry. PhishMe delivers email-based anti-phishing solutions. Through our interactions with prospects and customers, we’ve realized that there are several different definitions of phishing floating around and that often the term “phishing” is used interchangeably...

READ MORE

Double Barrel Throwdown Contest Terms and Conditions

July 16, 2013 by Cofense in Phishing

Please read before entering, as entry in this contest constitutes acceptance of these rules. No purchase is necessary to participate. The contest is open to all entrants who submit a valid entry form using a qualified email address. ENTRY IN THIS CONTEST CONSTITUTES YOUR ACCEPTANCE OF THESE OFFICIAL RULES The Double Barrel Throwdown (the “Contest”) is a competition to produce the most original, persuasive, and realistic Double Barrel phishing scenarios. PhishMe’s panel – composed of PhishMe employees – will select the best entry according to those criteria, with the winner receiving a Google Nexus tablet. To submit a valid entry...

READ MORE

Can a simulated phishing attack be counterproductive?

July 8, 2013 by Cofense in Internet Security AwarenessPhishing

I always enjoy reading articles from IT professionals who have sent simulated phishing exercises to their employees.  As I checked my email over the weekend my good friends at Google were kind enough to alert me about a new article from Tom Cochran, CTO of Atlantic Media, on this subject so I poured a fresh cup of coffee and started to read.

READ MORE

The Phish Chain: Phishing Attack from Start to Finish

June 18, 2013 by Cofense in Phishing

A few years ago, Computer Security Intelligence expert, Mike Cloppert discussed the Cyber Kill Chain, the process through which a cybercriminal uses malware to attack the victim. In a recent webinar titled “How to Use Email-based Threat Intelligence To Catch a Phish,” Securosis’ Mike Rothman applied Cloppert’s methodology to how cyberattacks work in the instance of a phishing attack. The kill chain begins with weaponization and ends with monetization, the point at which credentials are stolen. In this post, we’ll dig into the Phish Food Chain, as explained by Mike Rothman and discuss how cybercriminals utilize this process to attack your brand. Let’s take...

READ MORE