100% of the phish seen by the Cofense Phishing Defense Center (PDC) have been found in environments protected by Secure Email Gateways (SEGs), were reported by humans, and automatically quarantined by Cofense Triage and Cofense Vision.
Cofense solutions enable organizations to identify, analyze, and quarantine email threats in minutes.
The following are examples of phishing emails seen by the PDC in environments protected by Proofpoint, which were detected by humans, analyzed with Triage, and quarantined by Vision. TYPE: Credential Theft
DESCRIPTION: Phishing campaign spoofs the South African Revenue Service delivering embedded links to an illegitimate banking site established to steal credentials. TYPE: Credential Theft
DESCRIPTION: Coronavirus-themed phishing campaign related to N95 masks delivering embedded links leading to a website established to steal credentials.
TYPE: Credential Theft
DESCRIPTION: Quote Request-themed phishing campaign redirecting the victim to a Microsoft OneDrive page that led to a website established to steal credentials.
TYPE: Credential Theft
DESCRIPTION: Purchase Order-themed phishing campaign redirecting the victim to a Dropbox page that led to a website established to steal credentials.
TYPE: Credential Theft
DESCRIPTION: Invoice-themed phishing campaign delivering embedded links that lead to a website established to steal Outlook login credentials.
TYPE: Credential Theft
DESCRIPTION: Document-themed phishing campaign delivering an embedded link to a Microsoft SharePoint-hosted OneNote document that leads to a website established to steal Office365 credentials.
TYPE: Malware – Banload
DESCRIPTION: Finance-themed phishing campaign delivering an embedded link to a Microsoft OneDrive-hosted .zip archive containing Banload malware.
TYPE: Credential Theft
DESCRIPTION: Finance-themed phishing campaign delivering a .htm file crafted to look like an online document and prompting for email credentials to confirm the victim is not a robot.
TYPE: Malware – QakBot
DESCRIPTION: Response-themed phishing campaign delivering embedded links to VBS scripts that download the QakBot banking trojan.
TYPE: Credential Theft
DESCRIPTION: Information-themed phishing campaign delivering embedded links to Google-hosted pages leading the victim to a page established to steal Office365 credentials.
TYPE: Malware – NanoCore
DESCRIPTION: Document-themed phishing campaign delivering embedded links to Microsoft OneDrive-hosted pages hosting GuLoader, which downloads the NanoCore Remote Access Trojan from Google Drive.
TYPE: Credential Theft
DESCRIPTION: Document-themed phishing campaign spoofing a construction design and build organization delivering embedded Microsoft OneNote links that lead to a website crafted to steal email credentials.
Malicious emails continue to reach user inboxes, increasing the risk of account compromise, data breach, and ransomware attack.
We typically find 1 out of 7 employee-reported emails to be malicious.
Recommendations
Cofense recommends that organizations train their personnel to identify and report these suspicious emails. Cofense PhishMe customers should use SEG Miss templates to raise awareness of these attacks. Organizations should also invest in Cofense Triage and Cofense Vision to quickly analyze and quarantine the phishing attacks that evade Secure Email Gateways.
