Cofense Logo - Email Security Solutions

Phishing attack shut down in 19 minutes with Cofense Triage.

Share Now


Imagine a cunning phisher: he knows his craft and sends your users an email appearing to come from your CEO that bypasses all your other technology. What would you do?

One of our customers faced that very scenario and relied on Cofense TriageTM and the Cofense Phishing Defense Center (PDC) to analyze and respond to the attack in less than 20 minutes after it launched.

The phishing email was sophisticated.

The customer, VP of Information Security for a healthcare company, leverages Cofense Triage, managed by the PDC, to automate analysis of suspicious emails reported by employees as well as phishing attack response.

“An attacker sent an email that showed he’d really done his homework,” said the VP. “The email looked and sounded exactly as though our CEO had sent it. The attacker had clearly gone to our website and noticed our ethics policy. Mimicking language on the site, the email reminded employees about the policy and, like the simulated election email we sent, asked people to click a link to agree they would follow the rules.”

But our customer was ready.

The link took them to a counterfeit Office365 page that asked for login credentials. The goal of the phishing attack was to harvest passwords, gain file system access and steer automatic payroll deposits into the attackers’ accounts. The email was highly believable, with several thousand recipients clicking on it.

Fortunately, within 60 seconds after the phishing attack began, employees trained through Cofense PhishMeTM reported the email, so it could go straight into Cofense Triage for analysis. After escalating the incident and conducting a thorough investigation, the PDC called the customer, who blocked the phishing site, retracted the email, and stopped the rerouting of payroll.

“If we hadn’t been prepared, the damage would have been worse,” said the VP. “We were able to retract the email in under 20 minutes.”

Read the full case study for a minute-by-minute account. Besides learning more about Cofense Triage, you’ll see how this customer uses Cofense PhishMe  to train employees to recognize phishes and Cofense ReporterTM to report them for investigation.

New Cofense Triage features now orchestrate even faster response.

As this customer’s story shows, Cofense Triage has always helped to find threats fast. Now, a series of updates accelerate response through seamless orchestration:

  • Our Who Else feature identifies users who click on reported emails, so you can quickly find and mitigate any damage.
  • Noise Reduction helps you cut through the noise of commercial emails to find real threats; put another way, it separates spam and the like from malicious emails, making the haystack smaller.
  • Our API makes it easy to integrate Cofense Triage with other incident response systems.

Together, these updates speed your ability to analyze emails and hunt down threats. Learn more about orchestrating a faster response to phishing.


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.