Products
Products
Awareness
Detection
Response
Intelligence
About Cofense
About Cofense
Leadership
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More
Free Tools
Free Tools
Create Transparency
Speed Response

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

The Phish Chain: Phishing Attack from Start to Finish

June 18, 2013 by Cofense in Phishing

A few years ago, Computer Security Intelligence expert, Mike Cloppert discussed the Cyber Kill Chain, the process through which a cybercriminal uses malware to attack the victim. In a recent webinar titled “How to Use Email-based Threat Intelligence To Catch a Phish,” Securosis’ Mike Rothman applied Cloppert’s methodology to how cyberattacks work in the instance of a phishing attack. The kill chain begins with weaponization and ends with monetization, the point at which credentials are stolen. In this post, we’ll dig into the Phish Food Chain, as explained by Mike Rothman and discuss how cybercriminals utilize this process to attack your brand. Let’s take...

READ MORE

What is MTTK and Why is it Important to Cybersecurity?

June 10, 2013 by Cofense in Internet Security Awareness

There has been much talk recently about MTTK, but what is MTTK and why is it so important? This post explores the term and explains why MTTK is such an important concept in cybersecurity terms. When your organization is attacked, how long does it take you to know that the attack is taking place? Of course, we’d all like to be able to answer “right away.” However, for many companies that isn’t the case. Examples of phishing attacks lodged against major brands who don’t discover that they are being phished until months later have become commonplace. When a phishing attack...

READ MORE

Build Phishing Countermeasures to Protect Your Brand

May 22, 2013 by Cofense in PhishingThreat Intelligence

Corporations fight phishing each and every day. Large and recognizable financial institutions, retail companies, internet service providers/telecommunication companies are among those most heavily targeted victims of phishing. While the aftermath of a phishing attack is costly and yields long-term consequences, it’s quite difficult to keep up with cybercriminals. It’s shockingly easy for cybercriminals to create a phishing site targeted at your brand, so easy that the cybercriminal simply needs to unpack and upload a pre-built “phishing kit” in order to create a new phishing website. Just one phishing kit can produce hundreds of phishing URLs. With just a few clicks...

READ MORE

DMARC Failed to Protect Against Walmart Spam

May 20, 2013 by Cofense in Internet Security Awareness

Think that DMARC is all that you need to prevent your company from email spam? Think again. Last week, there was a spam campaign that imitated a Walmart.com receipt. An email was sent to Walmart customers falsely confirming the purchase of a large flat screen TV costing approximately $1,000. The cinematic home experience was to be enjoyed by someone else, since the receipt showed the item was being shipped to an address that would be unfamiliar to the customer. Upon receiving this email, the natural reaction would be to click on the link in email to find out more about...

READ MORE

Do young employees present a phishing risk?

May 7, 2013 by Aaron Higbee in Phishing

Spring. For some it signals rejuvenation, rebirth, everything blooming…but for security administrators it can mean new security risk. Spring means that the next round of college seniors will be entering the workforce soon, which for phishers means a fresh group of targets. Hopefully their college educations have prepared them for the majority of challenges they will face, but when it comes to phishing that is unlikely. The types of phishing emails students and consumers receive are quite different from what employees receive, and without training, young employees can’t be expected to avoid tactics they haven’t seen.

READ MORE

2-factor authentication wouldn’t have prevented AP Twitter hack

April 23, 2013 by Aaron Higbee in Internet Security AwarenessPhishing

When a hacked Twitter account spreads false news of an explosion at the White House and causes hysteria that spurs a 140 point drop in the stock market, it should encourage calls for Twitter to bolster its security measures, so it’s no surprise that many are clamoring for Twitter to offer 2-factor authentication. One problem with this – news outlets are reporting that hackers gained access to the AP’s account through a phishing attack. While 2-factor authentication makes it more difficult to phish an account, it will not prevent this type of attack from being successful (nor will a more...

READ MORE

How to defend against longline phishing attacks

April 12, 2013 by Cofense in Phishing

A report from ProofPoint released at the RSA conference discussed what is supposedly a new phishing technique dubbed “longline” phishing.  The report touts “longlining” as the newest way criminals are sending phishing emails in efforts to bypass technical controls.  Mass customization of emails allows criminals to fly under the radar of most email filters and successfully deliver spear-phishing emails to a larger number of email users at a single organization.  This tactic combines the best of both worlds from the criminal’s standpoint, but it doesn’t really change the game in terms of defending against phishing attacks, as your users still...

READ MORE

Phishing and Brand Reputation: What’s the Damage?

March 18, 2013 by Cofense in Internet Security Awareness

There has been a lot of talk recently about phishing and brand reputation, specifically how phishing attacks often have a major negative effect on how customers view a particular brand. After a phishing attack, many customers lose trust in a brand. What happens when you lose your customers’ trust? Successful brands are built on trust. You’ve spent years building your brand and earning your customers’ trust. Don’t leave your brand equity vulnerable to an attack that could cost you your current and future customers. Your Brand is at Risk It’s with good reason that, according to Frost & Sullivan, 71% of...

READ MORE

Defining a Sophisticated Attack

March 18, 2013 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

What do nearly all of the recent high-profile data breaches have in common? They have all been traced to sophisticated threats and cyber criminals. While there are many disagreements in the security industry, after every significant breach nearly everyone agrees that it was sophisticated (Twitter, Apple, and the Department of Energy are some of the unfortunate organizations to be compromised by a sophisticated attack recently). On the surface, it isn’t hard to see why. First, technology vendors need attackers to be super sophisticated, because simple tactics couldn’t circumvent their products, right? For victims of a breach, it is advantageous for...

READ MORE

The New York Times breached… a PhishMe Sales Pitch?

February 1, 2013 by Aaron Higbee in Phishing

Most of you are probably aware of the breach that occurred at the New York Times. Employee passwords and sensitive information related to an investigative news story covering the finances of Wen Jiabao, China’s Prime Minister, were compromised. The New York Times’research helps give them a competitive advantage in their industry, it is their proprietary information. It is the equivalent to the theft of financial reports, blueprints and customer data. The headlines roll in…  The NYTimes breached by spear-phishing! Symantec AV fails to detect attackers! In an official press release, Symantec says, “Anti-virus software alone is not enough.” Later, the CEO of...

READ MORE