SEG-Miss Database

This is the Cofense SEG-Miss sample database. Here, you will find real-world recent examples of dangerous phishing emails that bypassed popular Secure Email Gateways including the newer AI model driven products. These malicious emails landed in employee inboxes, and could pose an immediate threat to your revenue and reputation. Conversely, Cofense customers could rest easy because these threats we removed from their systems by Cofense solutions.

How did we see these failures?

Cofense’s Phishing Detection Center (PDC) is our email SOC as a Service that powers the email phishing mitigation and risk reduction programs for thousands of the world’s most important brands. Our network of over 35+ Million Cofense-trained employees, and our automated journaling, reports suspected threats in real-time to the PDC which powers our security platform. This database is driven by factual and verifiable data sent through our analysis process and vetted by our human team of experts - unique to Cofense. Please note: shown here are just samples of the SEG misses we observe everyday, no statistical value or patterns should be derived from this small randomized subset of data. 


Abnormal Security

Phishing Email Example Description:
LCDF Transports-spoofing emails found in environments protected by Abnormal Security and Proofpoint deliver an HTML file via an embedded URL. The HTML file contains a link to a Credential Phishing page.

Type: Credential Phishing Posted On: December 4, 2024 Tactic: Link Theme: Spoofing

Proofpoint

Phishing Email Example Description:
LCDF Transports-spoofing emails found in environments protected by Abnormal Security and Proofpoint deliver an HTML file via an embedded URL. The HTML file contains a link to a Credential Phishing page.

Type: Credential Phishing Posted On: December 4, 2024 Tactic: Link Theme: Spoofing

Cisco IronPort

Phishing Email Example Description:
Spoofing emails found in environments protected by Cisco IronPort deliver an embedded link that leads to a fake captcha that adds a script payload to the victim's clipboard. When run, the script delivers a Malicious Downloader which in turn delivers DanaBot.

Type: DanaRAT Posted On: December 3, 2024 Tactic: Link Theme: Spoofing

Cisco IronPort

Phishing Email Example Description:
Travel Assistance-themed emails found in environments protected by Cisco IronPort deliver MyAssistant RAT via an embedded URL.

Type: MyAssistant RAT Posted On: November 29, 2024 Tactic: Link Theme: Travel Assistance

Abnormal Security

Phishing Email Example Description:
Finance-themed emails found in environments protected by Abnormal Security and Proofpoint deliver Credential Phishing via an embedded URL

Type: Credential Phishing Posted On: November 27, 2024 Tactic: Link Theme: Finance

Proofpoint

Phishing Email Example Description:
Finance-themed emails found in environments protected by Abnormal Security and Proofpoint deliver Credential Phishing via an embedded URL

Type: Credential Phishing Posted On: November 27, 2024 Tactic: Link Theme: Finance

Mimecast

Phishing Email Example Description:
Legal-themed emails found in environments protected by Mimecast deliver MetaStealer via an embedded URL.

Type: MetaStealer Posted On: November 26, 2024 Tactic: Link Theme: Legal

Cisco IronPort

Phishing Email Example Description:
Finance-themed emails found in environments protected by Cisco IronPort deliver Loda via an embedded link to a password protected archive file containing a Loda executable and Malicious Batch Scripts. When run, the scripts deliver a different Loda executable.

Type: Loda Posted On: November 25, 2024 Tactic: Link Theme: Finance

Cisco IronPort

Phishing Email Example Description:
Finance-themed emails found in environments protected by Cisco IronPort deliver a URL Shortcut File via an embedded link. The URL Shortcut File delivers an LNK Downloader which runs a JavaScript file. The JavaScript file delivers a Malicious Batch Script. The Malicious Batch Script runs a Python Installer. The Python Installer runs Venom RAT, DcRAT, and XWorm RAT in memory.

Type: XWorm RAT Posted On: November 22, 2024 Tactic: Link Theme: Finance