Products
Products
Awareness
Response
Intelligence
About Cofense
About Cofense
FAQs for PhishMe Submerge
Registration & Event Information How do I register? Please use the…
Learn More

Cofense Blog

STAY CURRENT ON INDUSTRY TRENDS & COFENSE NEWS

Why PhishMe makes Pentesters Uncomfortable

August 31, 2012 by Aaron Higbee in Cofense NewsPhishing

I read Aitel’s article right before leaving for BlackHat: “Why you shouldn’t train employees for security awareness” Popcorn in hand, this should be a fun read. After all, we agree that traditional awareness methods don’t seem to be sticking.

READ MORE

LinkedIn password leak: What it means for phishing

June 6, 2012 by Aaron Higbee in Phishing

Spoiler: LinkedIn password leak: What it means for phishing?  Answer:  Not Much! When people talk to us about phishing, they often want to know “What’s next in phishing? What else are you seeing?” This gets asked a lot, and is one of my least favorite questions because the truth is, email based spear phishing works as-is It has no reason to evolve right now.

READ MORE

Educause 2012 SPC: Quick Review

May 22, 2012 by Aaron Higbee in Internet Security Awareness

Last week I attended the Educause Security Professionals Conference 2012 in Indianapolis Indiana and was lucky enough to co-present with Emory University to discuss the phishing problems higher education face. This event had an entire track devoted to Awareness & Training and of course a major topic for discussion was phishing.

READ MORE

Anatomy of a vulnerability based spear phishing attack

May 4, 2012 by Cofense in Phishing

Anatomy of a vulnerability based phishing attack This week SC Magazine named  the Chrome vulnerabilities the Threat of the month.  So, how would an attacker use this vulnerability in a spear phishing scam you ask? They know their audience Advanced threats know who they want to target, it doesn’t matter that your Skype handle is @kukubunga998 – they know you work for the organization they are targeting.  They also deduce (the same way a marketer does) that you are a Chrome user, or that you have it installed for some reason or another.  They know that your organization is big...

READ MORE

2011 – The year of spear phishing And spear phishing

November 17, 2011 by Aaron Higbee in Phishing

An odd title for a blog post but something that has been on my mind for a while now. We get a fair amount media requests for comments or perspective on phishing stories.  This is a good thing. It’s nice to have recognition in your field. Of course 2011 was no shortage of phishing related news. (What’s up RSA, I’m looking at you. I’ve noticed you frequent our website a lot. How about a demo. Couldn’t hurt?)

READ MORE

Spear Phishing with Password Protected Zip Files

November 1, 2011 by Cofense in Phishing

The Slashdot headline this morning reads: Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms What is it about? Simple, the poison ivy trojan wrapped in a password protected ZIP file so it can get past filtering.  Symantec has an excellent analysis of these attacks in a paper titled: The Nitro Attacks: Stealing Secrets from the Chemical Industry by Eric Chien and Gavin O’Gorman.  You can read the entire paper here. “The most recent attacks focusing on the chemical industry are using password-protected 7zip files which, when extracted, contain a self-extracting executable. The password to extract the 7zip file is included in...

READ MORE

Current events: How news exposes your company to spear phishing attacks

October 11, 2011 by Cofense in Phishing

Like many high-profile events, the passing of Apple’s co-founder and former CEO, Steve Jobs, has initiated a slew of new phishing attacks that are designed to play on recipients’ emotions about the event.  Steve Jobs and Apple themed phishing campaigns are in the wild but more concerning are the spear phishing attacks targeting iPhone users.  PhishMe understands how these events can adversely affect our customers therefore we have released a new phishing simulation theme designed to train susceptible users on how to identify and avoid current event based attacks. -Scott

READ MORE

User Awareness: A Growing Concern Among Organizations

September 6, 2011 by Cofense in Internet Security Awareness

Phishing has always been a challenge for companies, but in recent months high profile breaches have cast a bright light on a more pressing aspect of the phishing threat – user awareness; or the lack there of! The reason phishing attacks are so effective is because most employees have a basic level of phishing awareness. Companies attending recent events such as Black Hat and SANSFIRE, reiterate a common theme; “we need more effective ways to increase our employees’ awareness to help minimize the success of phishing attacks.” Once thought of as a threat that could be mitigated simply by an...

READ MORE

Spear Phishing Impersonators: Beware of familiar names from free email services

July 29, 2011 by Cofense in Phishing

There is a common spear phishing tactic that we help our PhishMe customers combat, and that is attackers using familiar names with fake free webmail accounts. The attacker wants to break into Widget, Inc.  The first thing they do is research Widget, Inc., looking business units who may have access to the information assets they are targeting.  Once they have picked their target, they need familiar names to make their spear phish more enticing to the eventual victim. They will pick a real name inside of Widget, Inc, that will serve as the From: line of the spear phishing email. Sometimes...

READ MORE

Machines v/s Humans: Who Do You Think Is More Intelligent?

June 9, 2011 by Cofense in Cyber Incident ResponseThreat Intelligence

As the barrage of security breaches continues, Citigroup is the latest victim. This eWeek article: http://www.eweek.com/c/a/Security/Citigroup-Credit-Card-Portal-Breach-Compromises-200000-Customers-461930/ discusses the potential impact of this attack.   One of the commentators brings up the topic of phishing.   Hannigan, the CEO of Q1 labs, rightly points out that  “Security trust means more than just making sure you’re in compliance with regulations,”. On the other hand, some of the quotes, like that from Anup Ghosh, co-founder of Invincea has a blatant technology solution vendor bias. He discounts human intelligence when referring to customers in this quote – “it’s not reasonable to expect them to differentiate...

READ MORE

We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our Privacy Policy. By clicking ‘I Understand,’ you acknowledge and consent to our use of all cookies on our website.

Cookie settings

Below you can choose which kind of cookies you allow on this website. Click on the "Save cookie settings" button to apply your choice.

FunctionalOur website uses functional cookies. These cookies are necessary to let our website work.

OtherOur website places 3rd party cookies from other 3rd party services which aren't Analytical, Social media or Advertising.