Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response
Resources
Resources

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Whitepaper: The State of Information Security 2008

February 8, 2008 by Aaron Higbee in Internet Security Awareness

I just got back from The Credit Union Information Security Professionals Association 3rd annual National event in Austin Texas where Rohyt and I were talking to the folks about www.PhishMe.com. I have never attended a CUISPA event before and welcomed the opportunity. It was refreshing to see this industry work together. Credit unions don’t have the budgets larger institutions do and many of their technologists wear multiple hats. Security is a group effort. (as it should be) Two major takeaways I had from the conference: 1.) Credit Union security professionals have a can-do attitude and value networking with their peers...

READ MORE

Phishing with Encoded IP Addresses

January 5, 2008 by Cofense in Phishing

I was adding a little special sauce to Phishme.com this past week and thought this might be fun to share. We have a few different ways a user can craft their phishing links. If he/she chooses the IP address option, then there is also the choice of encoding options. This lets you mask the IP address in an attempt to trick the user into thinking part of the sub directory is perhaps the host name. Or as in the case with my mom… she thinks it is just the phone number so the computer knows where to call. And it’s...

READ MORE

If I was a hacker…err cracker…

December 31, 2007 by Cofense in Internet Security Awareness

I would be very busy the week of Christmas, while IT security staff is probably operating at 20% normal strength. Not only is it the weakness in numbers, but also the holiday mood.  How many of you are actually working full days? IDS logs – thats probably the last thing on your mind now that you have Guitar Hero III in the breakroom. I would get busy if I heard that a company was being acquired. From my experience, most companies put a freeze on all discretionary spending from the time a deal is announced untill it closes. Unfortunately, security...

READ MORE

Baiting the Hook, Sneak Peek at PhishMe.com

October 10, 2007 by Cofense in Phishing

If you’ve been noticing a little silence on the blog recently, it’s been because a lot of the ranting has been going into developing what we think is a great anti-phishing user awareness tool. Take a peek at our main site at www.PhishMe.com Conducting ethical phishing attacks has never been easier. User awareness will be improved, enforced, and for the first time for many users, easy to measure and trend over time. You can sign up for the mailing list right now that will let you know when the full blown service is launched. We will be offering free trial...

READ MORE

Time to Phish your Customers?

September 19, 2007 by Cofense in Phishing

Building employee awareness to social engineering attacks, like Phishing, is clawing its way up the CISO’s priority ladder; and rightly so. But, what good are aware employees if your customers can be directly targeted by such attacks? A month ago, monster.com had to deal with a phishing attack that targeted their clients and did so with some success. Security experts commented in this USAtoday article urging job seekers to expose minimal data and blaming monster.com for not enforcing strong passwords. I don’t want to undermine the soundness of those suggestions. However, I don’t believe they will solve the issue at...

READ MORE

Phishing for User Awareness

September 10, 2007 by Cofense in Internet Security AwarenessPhishing

A recent survey of over 279 IT Executives indicated that the greatest security challenge they faced was building an effective security awareness program and encouraging their employees to embrace it.  Employees, albeit unaware, oblivious or unconcerned, continue to fall prey to conniving social engineers compromising sensitive data protected by millions of dollars worth of technology. The return on investment on building user awareness is apparent and no longer a hard sell for IT security staff. The real problem lies in building an effective program that actually changes the mindset of the employees.  In a society where 90% of recovering coronary...

READ MORE

Dirty Dirty Wi-Fi: AT&T Wi-Fi Service Phishing?

July 30, 2007 by Cofense in Phishing

I’m sitting at Dulles airport right now, at gate C19, on my way to Vegas. I’m excited to catch up with friends and colleagues at BlackHat this year.  I realized a few days ago that my 81 slide presentation for DefCon isn’t for a 75 minute slot.. instead I’ll be trying to fit it into a 50 minute slot! Wish me luck! Public Wifi is so dicey… I would never use it for anything other than entertainment during delays.  If I need to get work done I hop on EVDO.  Captive portals are everywhere… and if you pay much attention to...

READ MORE

Harry Potter Phishing Attack: Fact or Fiction?

July 16, 2007 by Cofense in Phishing

On June 19th a spoiler for the next Rowling book Harry Potter and the Deathly Hallows was posted to the full disclosure mailing list: http://seclists.org/misc/harrypotterspoilers.html (WARNING: If you’re a Harry Potter fan you may want to hold off reading it.) The spoiler was nothing more than a summary of which main characters allegedly die in battle with Voldemort and other rivals. What is more interesting is how this book was allegedly obtained. The author of the messages claims he launched a phishing attack against Bloomsbury Publishing. “The attack strategy was the easiest one. The usual milw0rm downloaded exploit delivered by...

READ MORE

iPhone Phishing Bait: would you like fries with that?

July 11, 2007 by Cofense in Phishing

We’ve all heard there’s no such thing as a free lunch, but this is not always easily remembered when online. The latest example of that is the number of iPhone related phishing messages that had flooded my inbox while I was on vacation. Some of the links didn’t even need to claim it was a ‘free’ deal; just a site claiming to have the cool tool in stock was enough to get clicks. Of course this is nothing new. Go back and replace ‘iPhone’ with ‘Wii’ or ‘PSP’ or ‘Nano’ and you get similar results. As a gadget geek, I’m always at least a...

READ MORE

McAfee’s “Groundbreaking” Phishing Study

July 5, 2007 by Cofense in Phishing

Recently, I came across a press release by McAfee citing the results of a “groundbreaking” study that talks about the psychological games played by phishers and email scam artists. The results of the study indicated that “cyber criminals use fear, greed and lust to methodically steal personal and proprietary financial information”. Frankly, I didn’t see anything groundbreaking in those results. Don’t we all know that social engineers (including phishers) have to play with people’s psyches to get them to click on links and submit personal information? The study did however quote some interesting statistics from a 2006 Gartner study: Cumulative loses stemming...

READ MORE