About Cofense
About Cofense

Cofense Phishing Prevention & Email Security Blog


An inside look at Dropbox phishing: Cryptowall, Bitcoins, and You (updated)

June 6, 2014 by Cofense in Phishing

Post Updated on June 10 On Monday, I wrote about attackers using phishing attacks to deliver malware via links to Dropbox. Today, we received another wave of these emails with slightly different subject lines. Figures 1, 2, and 3 show the variants that were received by us in the latest campaign, and reported by our internal users. In this campaign, 10 of our users were targeted.


Beware of phishing emails using Dropbox links

June 2, 2014 by Cofense in Phishing

Several weeks ago, I wrote a blog entry about phishing emails using zip files with executable files attached to them. Using PhishMe Reporter, several of our users (yes, we use our own tools internally) successfully identified a new round of phishing, this time using Dropbox links in the body.


What do Takedown Vendors and Fire Hydrants Have in Common?

June 2, 2014 by Cofense in Internet Security Awareness

What, you may ask, do takedown vendors and fire hydrants have in common?  Well, perhaps more than one might think. In this post, we’ll examine a couple of different aspects: what they do and their intended use, their impact on us and our businesses and where they fall short in protecting us and our assets from harm and how we can address these shortcomings. Let’s start with what each does and their intended use.  Both are intended to protect us from further harm once a threat to our security and wellbeing are identified.  In the case of the fire hydrant, water is provided by...


You’re infected! Ransomware with a twist

May 22, 2014 by Cofense in Ransomware

Your computer is infected! Pay $50 USD in order to remove the malware. The FBI has been tracking you for visiting inappropriate sites. Please pay $250 to avoid higher court costs and appearances. Ransomware is nothing new, and typically comes in many shapes and sizes. For years, users have been visiting websites, only to be redirected to a ransomware site and scared into paying fees that amounted to nothing more than lost money. With the advent of CryptoLocker, however, attackers have felt a need to “give” back to their victims. Once they infect a system and encrypt the data, they...


What we’re reading about the Chinese hacking charges

May 21, 2014 by Aaron Higbee in Internet Security AwarenessThreat Intelligence

While the full implications from yesterday’s DoJ indictment of five Chinese hackers on charges of cyber crime are yet to be fully seen, these charges have already succeeded in elevating cyber crime from a niche discussion to an important debate in society at-large. Furthermore, just as last year’s APT1 report did, the court documents provide a detailed glimpse at the tactics China is using to steal trade secrets from the world’s largest corporations (not surprisingly, phishing continues to be the favored attack method). There has been a lot of media attention on this story, so we’ve put together a list...


There’s threat data and then there’s threat intelligence, do you know the difference?

May 20, 2014 by Cofense in Threat Intelligence

The intelligence-led security approach is gaining traction in corporate security circles.  However, we’ve noticed that the term threat data is often confused with threat intelligence. It’s an easy mistake to make, yet very important to distinguish between the two – one represents the “old way of doing things,” while the other brings about a new era in corporate security and brand protection. In this article, we’ll discuss threat intelligence and how it differs from threat data. The Difference between Threat Intelligence and Threat Data #1: Threat intelligence is verified. Threat data is just a list. Modern threat intelligence has been...


SIEM: So Many Alerts, So Little Time

May 15, 2014 by Cofense in Internet Security Awareness

Software vendors participate in industry events for various reasons. We attend to share information as speakers and to learn as attendees. You’ll see us sponsor tote bags, snack stations, and even lunch. We are there to raise awareness of our solutions and generate leads for our sales team. We like scanning badges as much as you like getting schwag but for most vendors like us, the best use of our time in the booth is not spent waving a scanner. It is “events season” in the security world and PhishMe has been an active participant in events like RSA, FS-ISAC...


Phishing Attacks Target Google Users with Weakness in Chrome: What You Need to Know

May 14, 2014 by Cofense in Internet Security Awareness

If your employees are users of Google Chrome and/or Mozilla Firefox, your network could be vulnerable to a unique phishing attack targeting the two most widely-used browsers in the world. Several media outlets are covering the uniform resource identifiers (URI) exploit, which Google Chrome and other web browsers utilize in order to display data. This attack, which is difficult to identify via traditional methods, allows cybercriminals to gain access to Google Play, Google+ and Google Drive. This means that any sensitive information stored within each of those areas is up for the taking. In the case of Google Play that means...


Abusing Google Canary’s Origin Chip makes the URL completely disappear

May 6, 2014 by Aaron Higbee in Internet Security Awareness

Canary, the leading-edge v36 of the Google Chrome browser, includes a new feature that attempts to make malicious websites easier to identify by burying the URL and moving the domains from the URI/URL address bar (known in Chrome as the “Omnibox”) into a location now known as “Origin Chip”. In theory, this makes it easier for users to identify phishing sites, but we’ve discovered a major oversight that makes the reality much different. Canary is still in beta, but a flaw that impacts the visibility of a URL is typically something we only see once every few years. We’ve discovered...