Malware Intelligence: What is Cryptojacking Malware?

Stay Ahead of Cryptojacking Malware with Cofense’s Malware Intelligence

Cofense’s malware intelligence service provides accurate and timely alerts about cryptojacking malware and ransomware being circulated in phishing emails. Subscribe to our malware intelligence service and stay ahead of email-borne threats in order to better protect your network, your data, and your users. Sign up for complimentary threat alerts here.

How much would a successful ransomware attack cost your organization? $2.4 million? $3.8 million? How about $7.35 million? These are the average costs incurred to recover from ransomware attacks depending on whether you agree with Accenture ́s, Microsoft ́s or IBM ́s calculations. Scary, isn’t it?</p

Even scarier is that ransomware may not be your biggest problem. Several security companies have reported “cryptojacking” is growing in popularity among cyber criminals due to it being a cheaper, less-risky-yet-more-profitable form of malware than ransomware. Furthermore, it’s virtually undetectable.

Think Like
a Cybercrook

This special report focuses
on the realities of phishing
and recommends defenses
you can use to reduce your risk.

Read More

What is Cryptojacking?

Cryptojacking definition: Crypto-jacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Cybercriminals infect computers with a crypto-mining code that works in the background, mining cryptocurrency and delivering it to attackers as unsuspecting victims use their computers normally.

Although individual computers don ́t yield much processing power on their own, attackers can build a botnet of infected devices and make them work together – harnessing vast processor resources across a network of infected computers and stealing a small amount of bandwidth from each.

The cost to the organization is the loss of performance, or – if operating in the cloud – the cost of provisioning more resources to cope with greater processing demands. However, the latest strains of crypto-jacking malware have the built-in ability to crash victims ́ computers if they attempt to remove it.

How is Cryptojacking Malware Deployed?

It will come as no surprise to learn the most common way computers are infected is via phishing emails. Cybercriminals send the phishing emails to unsuspecting victims, inviting them to click on a link, which either downloads the crypto-mining code directly, or redirects the victim to a compromised website.

The compromised website could be entirely genuine except for an injected script that automatically executes, and will therefore fail to appear on URIBL or SURBL blacklists.  Cryptojacking detection is difficult for anti-virus software because scripts are constantly changing.

Although some security solutions are waking up to the threat of crypto-jacking, there is no perfect cryptojacking blocker. The best way to avoid becoming a victim of this malware strain is to stay ahead of the phishing methods being used to deploy cryptojacking, and the best way to stay ahead is with Cofense’s malware intelligence service.

1:1 Demo
Powerful Solutions

We'll talk with you about your company's
specific needs and provide
demonstrations of our
recommended solutions.


Cofense’s Malware Intelligence Service

Cofense’s malware intelligence reports are compiled from millions of suspicious emails we receive daily through our Cofense Reporter service and other sources. The Cofense Triage service filters out false positives and spam emails, leaving only genuine threats for our team of analysts.

Once genuine threats are verified and confirmed, we issue detailed malware intelligence reports that not only alert organizations to new or emerging threats, but that also inform them of the URLs of compromised websites so access to the malware can be blocked by web filtering applications.

Organizations can choose how they receive our malware intelligence reports. We distribute them by email and as Machine-Readable Threat Intelligence reports that can be read by Security Information and Event Management applications (SIEMs) and Threat Intelligence Programs (TIPs).

Stay Ahead of Cryptojacking Malware and Other Email-Borne Threats with Cofense

The speed with which our malware intelligence reports are distributed enables organizations to act quickly to stay ahead of email-borne threats – not only threats related to cryptojacking, but all formats of malware and ransomware, and other phishing attempts that could have serious consequences.

Cofense integrates seamlessly with more than twenty common security solutions in order that threats can be blocked faster through automation, while the depth of intelligence provided enables security teams to better understand the nature of the threats and their potential impact.

To find out more about Cofense’s malware intelligence service, do not hesitate to contact us. Our team will be happy to organize a free demo of Cofense in action for you to better understand how your organization can stay ahead of email-borne threats with malware intelligence reports from Cofense.

SMB & Phishing


While phishing attacks continue to grow, many small business budgets are not. So how do you protect against phishing emails and the ransomware, malware, and scams they contain?

You get creative, that’s how. But before looking at ways to be more efficient, let’s recap the security obstacles SMBs face.

Small Businesses are Big Targets.

Cyber-attacks against corporate titans dominate the headlines. And it’s true, they suffer enormous financial and reputational damage. But they usually bounce back. After all, they have deep resources.

Help Create
Active Defenders

Our new study shows why email
reporting — human action — is the
beating heart of a strong phishing


Smaller businesses don’t. In the last 12 months 55% of SMBs say they have suffered a cyber security attack while 50% suffered an actual data breach. SMBs are tempting target because small companies have small IT teams and often lack dedicated security staff, making it easier for criminals, once they’re in, to steal data or funds for extended periods.

According to the National Small Business Association, small businesses on average absorb over $20K in costs per attack, with SMBs spending nearly $900K to clean-up after an actual data breach. Ouch. Cofense has found that over 90 percent of breaches begin with a phishing email.

This brings us back to our challenge: reducing the threat with limited bucks and hours in the day.

When the Going Gets Tough, the Tough Get Smart.

Here are 6 common-sense ideas for reducing your phishing risk.

1. Back up all data frequently and completely.

It’s one way to avoid paying ransom in the event of a ransomware attack, or possibly paying less if most of your data is still accessible.

2. Identify the types of attacks that would hurt your business the most.

This is risk management 101. For example, if ransomware is your biggest concern—say, your access to patients’ medical files or customer bank accounts will be blocked—focus on what you can do to prevent a ransomware attack. One popular way is to…

3. Train your employees to recognize phishing emails.

Since most security breaches begin with phishing it makes sense to condition users to know phishing when they see it. “See something, say something” indeed.

4. Simulate phishing attacks to condition employees to stay alert.

Practice makes better, if not perfect. The only way your last line of defense—the employees that attackers target—will hold up against clever ruses is to look for them in their inboxes. You’ll want a simulation service that offers the phishing scenarios your company faces. For example, Cofense PhishMe offers scenarios that range from basic to advanced, with the ability to customize emails using your company name, logo, and more.

1:1 Demo
Powerful Solutions

We'll talk with you about your company's
specific needs and provide
demonstrations of our
recommended solutions.


5. Give your users an easy way to report suspicious emails.

Arm your employees with a one step process for alerting your IT team to potentially malicious emails. For instance, add a reporting button to employees’ email toolbars, this alerts your team of potential phishing attacks in real time and it helps keep your users engaged. It’s a simple tool they can wield as deputized members of your security team.

6. Last but not least, use free stuff.

Two freebies you should try: Cofense CBFree, a set of computer-based security training modules, and PhishMe Free, a simulation tool exclusively for small businesses. With PhishMe Free, you can launch your anti-phishing program at no cost or supplement current efforts.

There you go, 6 smart ways your SMB can fight phishing. Want to get started now? Learn more about PhishMe Free.

Free Training Helps Secure Against Phishing Attacks. Learn More about Cofense PhishMe Free:

Top 5 Reasons Why Companies Choose Cofense®

More Companies Trust Cofense: Cofense has over 1,000 customers worldwide, including over half of the Fortune 100.

Global Customer Support: Cofense is the only enterprise-grade phishing threat management solution fully staffed across the globe, supporting customers in more than 50 countries.

World Class Phishing Research: Our dedicated research and intelligence teams continuously discover indicators of phishing in the wild, delivering the most authentic and deepest spear phishing simulation and incident response resources available.

Discovers Real-Time Phishing Threats: While other solutions rely on simple machine learning to predict risks, Cofense leverages human intelligence to detect and respond to actual phishing threats bypassing your organization’s security layers in real time, drastically reducing threat susceptibility.

Rooted in Security, Founded by Experts: Cofense’s founders and executive leaders are well seasoned security professionals with more than 80 years combined experience in the cybersecurity and threat management landscape, delivering tremendous value through decades of experience.

Ransomware Resources Centers

What is ransomware?
According to TrendMicro, “Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces users to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back.”

  • Ransomware is readily-available and changes faster than detection technologies can respond
  • In most cases, paying ransom is the only way to free hostage data and systems
  • Recent successful ransom situations will only encourage more attempts
  • Cryptocurrencies such as Bitcoin can be used to force untraceable ransom payments
  • Without proper ransomware awareness training, humans are widely susceptible to phishing, the most commonly used ransomware attack vector

How does ransomware affect businesses?
Cofense co-founder Aaron Higbee explains ransomware and its business impact on CNBC:

Help Create
Active Defenders

Our new study shows why email
reporting — human action — is the
beating heart of a strong phishing


How susceptible are your users to the top active threats?

With phishing still the #1 entry point for cyber-attacks, your defenses need to focus on the most pressing threats—active phishing campaigns that are probing your organization. This report breaks down the Top 10 threats, with metrics showing how well users respond to each.

Download the Free Report

All nets have holes—including your ‘secure’ email gateway

Learn how 90% of verified phish were found in environments using secure email gateways (SEGs). That’s just one of the key findings in this expanded report, now covering phishing threats as well as malware developments. Download the 2019 Phishing Threat and Malware Review to learn new tactics threat actors are using to ensure malware delivery and tips for defending against evolving phishing and malware threats.

Download the Free Report

It’s not easy to keep up with today’s threats. Now, with Cofense Threat Alerts, you’ll have a simple way to stay on top of emerging phishing and malware threats and attacks, all delivered straight to your inbox. FREE.

Subscribe to Cofense Threat Alerts

8 Email Security Best Practices: Is Your Business Safe?

Organizations that communicate by email need to be aware of the risks from phishing and have email security best practices already in place. Failing to implement best practices for avoiding phishing scams can result in the theft of personal and corporate information, and the installation of malware on network devices.

However, phishing is an evolving strategy for cyber-criminals – a fact demonstrated by the increasing sophistication of phishing attacks. Therefore, organizations should constantly be reviewing and updating their email security best practices to mitigate the risks from infected email attachments, malicious links and the disclosure of login credentials.

The Nature of Phishing Attacks is Always Changing

Phishing is not a new phenomenon. It was first used against AOL subscribers in the 1990s to fraudulently obtain login credentials and has evolved considerably since. Phishing can be indiscriminate or targeted, but always has the same objective – to obtain sensitive information that can be monetized, either directly or by installing malware onto a computer or computer network

Despite the objective of phishing remaining constant, the nature of phishing attacks is always changing. Phishing emails – appearing to come from genuine sources – typically often instruct the target to open a malware-infested attachment, click on a link to a fake website or visit a genuine webpage that has vulnerabilities exploited and harbors malware. Phishing emails can appear to have come from a variety of genuine sources, including:

  • From a government department or law enforcement agency.
  • From a hijacked account belonging to somebody you know.
  • From a financial institution claiming something is wrong with your account.
  • From a business with which you have an online account.
  • From an organization informing you of a lottery win/inheritance/other prize.
  • From a medical agency familiar to you advising you of a health problem.

See the Latest
Trends in Phishing Security

Get ahead of trending threats
with our insights and solutions
into phishing threats &amp; attacks..


The Psychology of Phishing never Changes 

The reason why phishing attacks are so successful is because of the psychology behind them. Usually, phishing emails are constructed to convey a primal emotion – fear, curiosity, sympathy, greed, etc. – and always demand an action requiring urgency. Commonly added to this combination in targeted phishing attacks is social engineering – a scenario in which the phisher has researched their intended target.

By researching a target, phishers can make their attacks more credible.. If the phisher knows which banks, businesses and online accounts you use, or which lottery games you play, or which health center you attend, or which school your child attends, you are more likely to open a phishing email. Most of this information is freely available on the Internet if you know where to look. Phishing emails are even harder to ignore when they originate from the hacked account of a friend or colleague.

A Phishing Attack is Practically Inevitable 

Since Ransomware-as-a-Service has been available on the Dark Web, and it has become easier for victims to buy Bitcoin in order to pay ransom demands, there has been a seven-fold increase in phishing emails reported to the Anti-Phishing Working Group (APWG) – a global data exchange, research and public awareness organization with more than 2,000 member institutions.

Although there are many mechanisms organizations can implement to add extra layers of security to online defenses, the best protection against a phishing attack is effective employee education. Unfortunately, too many organizations fail to implement a regular Training, Education and Awareness program – relying instead on induction training or annual briefing sessions.

8 Email Security Best Practices for Employees & Organizations

Most security professionals concur that anti-phishing best practices for organizations include regular and effective workforce training to identify phishing emails that evade detection by email filters and other detection technology. It is also important to have a mitigation strategy in place in order to limit the consequences of a phishing email that avoids identification and is acted on. 

Phishing emails – particularly social engineered phishing emails – are often highly sophisticated, and are designed to evade detection during an email filter´s front-end tests by having the right Sender Policy Frameworks and SMTP controls. They are rarely sent from blacklisted IP addresses, and therefore pass RBL checks before being delivered to the recipient´s inbox. 

When a phishing email evades detection by all the technological solutions available and arrives in a target´s inbox, the only thing that will now stop the phishing attack from being successful is the vigilance of the intended target. In order to ensure employees remain vigilant, anti-phishing best practices for organizations should include sharing the following information: 

1. Emails Insisting on Urgent Action
Emails insisting on urgent action do so to fluster or distract the target. Usually this type of email threatens a negative consequence if the action is not taken, and targets are so keen to avoid the negative consequences that they fail to study the email for inconsistencies or indications it may be bogus.

2. Emails Containing Spelling Mistakes
Most companies now use spell-checking features in email clients or web browsers to ensure their corporate communications maintain a professional appearance. Emails purporting to come from a professional source that contains spelling mistakes or grammatical errors should be treated with suspicion.

3. Emails with an Unfamiliar Greeting
Emails sent by friends and work colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used, and those containing language not often used by friends and work colleagues, likely originate from an attacker and should not be actioned or replied to. Instead they should be reported to the organization’s IT security team.

4. Inconsistencies in Email Addresses
Among other email security best practices to introduce is the random checking of senders’ email addresses – especially when an email address belonging to a regular contact is unfamiliar. By checking the sender email address against previous emails received from the same person, it is possible to detect inconsistencies.

5. Inconsistencies in Links and Domain Names
Links to malicious websites can easily be disguised as genuine links. Therefore, it is also advisable to encourage employees to hover a mouse pointer over a link in an email to see what `pops up´ as an address. If an email claims to be from (say) a business contact, but the pop up indicates an unfamiliar website, the email is likely a phishing email.

6. Be Wary of Suspicious Attachments
File sharing in the workplace now mostly takes place via collaboration tools such as Dropbox, OneDrive or SharePoint. Therefore emails from colleagues with file attachments should be treated suspiciously – particularly if the attached file has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).

7. Emails That Seem Too Good to Be True
Emails that seem too good to be true incentivize targets to click a link or open an attachment with the promise that they will benefit by doing so. Even when phishers use social engineering to appeal to the target ́s curiosity or greed, the intended targets have  not usually initiated contact. These emails should be flagged as suspicious at once.

8. Emails Requesting Login Credentials, Payment Information or Other Sensitive Information
Emails requesting login credentials, payment information or other sensitive information should always be treated with caution. By adopting the anti-phishing best practices detailed above, recipients of these emails should be able to determine whether or not they represent a threat, and deal with them accordingly.

Guidelines For Secure Use of Email: “If You See Something, Say Something”

Conditioning your workforce to use enterprise email security best practices should be an organization-wide exercise. The likelihood is that if one member of your workforce receives a phishing email, others will too. “If you see something, say something” should be a guideline for secure use of email in the workplace, and it is essential that employers implement a supportive process so that phishing emails can be reported – even when attachments are opened or login credentials are revealed.

By encouraging employees to “say something,” your IT security team can gather, organize and analyze user reports of suspicious emails that may indicate the early stages of a more target cyberattack. In order for this rule to work effectively, organizations must provide a simple and responsive method for reporting suspicious emails and also one that is supportive to users who may have opened an attachment or visited a fake website.

Fast reporting enables your IT security team to implement measures that will protect the network, mitigate risks to the integrity of data, and limit the impact of infiltration by an attacker. To support the IT security team ́s efforts, it is recommended organizations connect with a real-time attack intelligence service to prevent time being wasted investigating false positives and to identify actual phishing attacks faster.

In this respect, we invite you to get in touch and discuss your current anti-phishing best practices with our team of security experts. Our team will be happy to explain the mechanisms within the Cofense solution that reduce employee susceptibility to phishing emails by 95%, that encourage the reporting of suspicious emails, and that provide the data your IT security team needs to act quickly and effectively on genuine phishing attacks.

1:1 Demo
Powerful Solutions

We'll talk with you about your company'sspecific needs and providedemonstrations of ourrecommended solutions.


Security Awareness Training

Although phishing represents the biggest threat to online security, Cofense knows there’s no shortage of other cyber threats. That’s why we’ve created a broader program of security awareness training. In myriad ways, it helps employees and other Internet users better protect themselves, their devices and the company from online theft and fraud.

Specifically, we’ve built a series of SCORM-compliant security awareness training modules to complement businesses´ existing training programs. These modules are free to download and use whether you’re a Cofense customer or not.

What’s in the Security Awareness Training Modules?

We’ve made our security awareness training modules as comprehensive as possible. In addition to covering subjects such as keeping passwords secure and practicing safe web surfing, our modules cover the physical security of devices and protecting data outside the office. All IT administrators are advised to review the module about Insider Threats.

We know that engaging, interactive models make for better learning. Each module contains concise lessons with interactive play and learning activities to help absorb and retain content. Most of our security awareness training is available in multiple languages for businesses with a multi-national workforce.

Help Create
Active Defenders

Our new study shows why email
reporting — human action — is the
beating heart of a strong phishing


Free Compliance Training Modules Are Available

In many industries, security awareness training goes hand in hand with privacy and data security compliance. In Europe and elsewhere, there are stricter regulations vs. the U.S. on protecting personal data, implementing security measures, and taking steps to report a breach. Businesses operating in regulated industries may wish to review these free modules in particular:

  • Health Care Compliance.
  • Payment Data Compliance.
  • Personal Data Compliance.

Like our security awareness training modules, you can download and run our compliance training modules through a Learning Management System (LMS). For businesses that do not have an LMS system, these modules are also available as interactive PDF files. If you choose to download the PDF files, please note that Cofense refreshes the content regularly to mirror developments in online security and regulatory compliance.

How to Access the Free Training Modules

Visit our “CBFree Computer-Based Training” web page. You have the choice of downloading a sample module, the security awareness training modules, or the compliance modules. Naturally, you can download all three if you wish! If you experiencing any problems, don’t hesitate to contact us.

To complete your security awareness training program, request a free demo of Cofense PhishMe, our award-winning software for conditioning employees to be resilient against phishing threats. Used by more than 1000 businesses worldwide, including 50 Fortune 100 companies, Cofense PhishMe has reduced the threat of advanced cyber-attacks by up to 95%.

It’s impossible to know when the next cyber-attack will hit. Don’t wait to strengthen your defenses. Download our training modules and request your free demo of Cofense simulator today.

1:1 Demo
Powerful Solutions

We'll talk with you about your company's
specific needs and provide
demonstrations of our
recommended solutions.


Cofense Free Security Awareness Training

Cofense CBFree


These look great! The presentation and audio are exactly what we needed!– Director, Information Security

For many of our customers, security awareness Computer Based Training (CBT) helps check-a-box to satisfy a compliance need. We recognize this need is a requirement so we’ve developed a set of SCORM-compliant materials to help meet that need for all companies- Cofense customers and non-customers alike and Free of Charge.  That’s right.  Free.

Does that mean our training isn’t good or doesn’t meet requirements – not at all! “Free” doesn’t mean sub-par or obsolete content. The same amazing team that produces Cofense’s best-in-class Simulation content keeps the material fresh, compliant, and relevant!

Easy to Understand, Use and Adapt

We’ve made it easy for you to take advantage of this content. If you have a Learning Management System (LMS) that ingests SCORM-compliant materials, just download the files and run the training through your own LMS. Our current library of CBTs includes 17 security awareness modules and 4 compliance training modules.  CBFree was developed using the latest eLearning techniques and trends that promote substantial engagement by the pupil. Each module takes about 5 minutes to complete and comes with an optional 5-15 minutes of interactive Q&A.Most of our security awareness modules are now available in multiple languages including English, Chinese, French, German, Portuguese (Brazilian), Spanish (Latin America) and Japanese. Languages are noted below.


Help CreateActive Defenders

Our new study shows why email reporting — human action — is the beating heart of a strong phishing defense.



4 Compliance Specific Modules

These modules focus on compliance training for a better understanding of the policies, procedures, and reporting standards when it comes to handling protected personal information:


Health Care Compliance

An overview of the HIPAA, HITECH and Omnibus legislation and security measures that can be taken to protect the data, and the reporting procedures in case of a data breach.Available in English Only

Payment Data Compliance

Answers “what is cardholder data,” the standard and regulations both an IT-Professional and Non-IT Professional must follow to protect the data and privacy of the cardholder, and how to report a data breach.Available in English Only

Personal Data Compliance

Focuses on the laws and regulations that govern the protection of sensitive personal data, security measures that can be taken to protect the data, and the steps to take when reporting a data breach.Available in English Only

General Data Protection Regulation (GDPR) Compliance

An overview of the new compliance regulations, your responsibilities under GDPR, and how to report a non-compliance issue. EU-specific.
Available in Multiple Languages.

CBFree Website Disclaimer


1:1 Demo
Powerful Solutions

We'll talk with you about your company's specific needs and provide demonstrations of our recommended solutions.


17 Interactive Modules Covering Today’s Biggest Threats

Available in Multiple Languages.

Cybersecurity Awareness

This Cybersecurity module was developed to raise awareness about how to avoid online threats that might target you or our organization. By identifying common online threats, understanding risk factors for each type of threat, and learning how to minimize the risk of an attack.

Cloud Computing

The Cloud Computing module will differentiate desktop from cloud computing; identify the advantages and disadvantages of cloud computing; and describe several best practices for using the cloud safely.

Advanced Spear Phishing

The Advanced Spear Phishing module covers topics on: identifying three types of advanced spear phishing techniques, identifying indicators of an advanced spear phishing email, and understanding what to do if you are the target.

Business Email Compromise

The Business Email Compromise (BEC) Scams module covers topics on: identifying BEC scams, differentiating between the three main types of BEC scams, and reporting a suspected attack.


The Ransomware module covers topics on: what ransomware is and how it is delivered, ransomware’s effect, minimizing the threat of ransomware, and reporting ransomware attacks.

Spear Phishing

A majority of cyber-intrusion attempts begin with spear phishing emails. These targeted attacks are delivered via malicious links, file attachments, and login forms. This lesson helps show the warning signs to look out for and what to do in the event of a spear phishing attack.

Surfing the Web

Encouraging safe Web browsing habits is critical to the safety of your organization. In this lesson, we cover an array of concepts such as secure sockets layer (SSL) encryption, illegal content, and browser plug-ins and extensions.

Data Protection

Data protection is a core value for any organization that handles confidential information. This lesson covers how to handle information safely and common responsibilities under various laws and policies.

Insider Threats

Some of the most dangerous threats to your organization can come from within. In this lesson, we discuss the three main types of insider threats, what motivates them, and what you can do to help minimize the risk of an inside attack.

Malicious Links

On the Web and in email, hyperlinks are the easiest tool that cyber criminals can use to deliver malware—all it takes is the click of a link. In this lesson, we break down the parts of a link and the structure of a URL to reveal the warning signs of a malicious link.


Malware has been a threat for decades, and it has grown more sophisticated over the years. Various forms of malware might spy on your activity, allow attackers remote access to your drives, or take control of your device. This lesson teaches what the different types of malware do, and how to avoid falling victim to them.

Mobile Devices

Modern mobile devices allow you to bring your office anywhere; they also leave your information incredibly vulnerable. In this lesson, learn the best practices for keeping your information safe when browsing on a mobile device.

Security Outside of the Office

When working outside of the office, employees must be on their guard against an array of threats. Use this lesson to educate your users about threats that linger in public places, and what they can do to protect sensitive information.


A password is your account’s first line of defense, but it is also vulnerable to cyber attacks. In this lesson, we discuss password strength and password diversity along with the best password security tools and practices for keeping your account secure.

Physical Security

Physical security measures are used to deter and detect unauthorized access to your technical devices. In this lesson, teach your employees about the steps you have taken to secure the workspace; where they are most at risk; and what they can do to prevent falling victim to theft.

Social Engineering

When working outside of the office, employees must be on their guard against an array of threats. Use this lesson to educate your users about threats that linger in public places, and what they can do to protect sensitive information.

Social Networking

Social networking profiles are easily exploited by cyber criminals. In this lesson, we cover the basics of responsible social networking; topics include app permissions, privacy settings, and more.

Introducing: CBFree Games

5 Interactive Game Modules to Make Security Awareness Training Fun for Employees

Available in English Only. Download by filling out the form below.

Category Challenge

Test your knowledge by answering questions about passwords, malicious links, spear phishing, malware and social engineering. Collect enough points to win the game.

Honey Comb Challenge

Test your knowledge by answering questions about cybersecurity and phishing topics. Start at the first cell on the left. Select adjoining cells to move across the board. If you answer incorrectly, you must start over. Once you make it to the right side of the board, you win the game.

Indicators of a Phish

Investigate the email and answer the prompts. If you score more than 80% you win the game.

Resiliency Quiz

Resilience is an indicator of how well recipients are conditioned to not interact with phishing emails. Take this quiz to assess your awareness of habits that may make you vulnerable to targeted phishing or malware and learn tips to make you more resilient.

To Catch a Threat

Taken from real phishing emails, click each indicator within the email and then report each phishing email using the Report Phishing button. Each email has 2-3 indicators displayed. Each correct response receives 5 points, you must score 50 points to win.

What Are Phishing Attacks and How Do You Stop Them?


Phishing Attacks: A Definition

A phishing attack is when a fraudster sends an email to trick the recipient. The idea is to persuade the target into giving up sensitive information, for instance, your corporate network credentials, or perhaps to authorize some type of financial transaction. You’ve probably seen phishing emails in your personal inbox too, for example, the notorious “Nigerian Prince” who wants to make sure you get your share of his inexplicable fortune.

Phishing attacks started in the 1990s and are still going strong. The vast majority of data breaches against businesses today begin as phishing attacks or other forms of “social engineering,” a fancy term for manipulating unwitting victims. It’s the work of scam artists, part of an arsenal that includes counterfeit, forgery, and lies of all kinds. Phishing attackers play on human emotions like fear and urgency, so victims will take action before they stop and think—clicking a link to activate malware, filling out a login form with user name and password, or greenlighting the transfer of funds to a bogus account.

Think Like
a Cybercrook

This special report focuses
on the realities of phishing
and recommends defenses
you can use to reduce your risk.

Read More


Phishing by the Numbers

Over 90% of data breaches start as phishing attacks or related forms of fraud.

5-year global cost of just one type of phishing attack, business email compromise (BEC).

the average cost of a phishing attack to a mid-sized business.

Examples of Phishing Attacks

Phishing Emails with Malicious Links

Sometimes a phishing attack is simply an email with an embedded link. When you click, you either unknowingly activate malware or are directed to a webpage that looks perfectly legitimate but is designed to harvest your information.

Phishing Attacks with Malicious Attachments

Phishing attackers often send emails with attachments containing malware. When you click, look out. Many times phishing attackers use popular document types such as Microsoft Word or Excel or even Adobe PDFs. They take advantage of the trust people place in popular business tools.

Business Email Compromise (BEC)

A BEC phishing attack is good old fashioned fraud. BEC emails typically don’t use malware but simply try to manipulate the target into sending money. Traditionally, BEC phishing attacks try to get employees in the finance department to authorize wire transfers, for instance, to a “vendor” or “partner.” The phishing attackers might pretend to be the CEO or CFO to spur quick action.

Data Entry Phishing Attacks

In this type of phishing attack, the attacker wants you to do the heavy lifting. The phishing email might contain a link to a fake login page, where you supply your network credentials so you can perform an allegedly legitimate action, for example, reading and agreeing to a new corporate policy.

1:1 Demo
Powerful Solutions

We'll talk with you about your company'sspecific needs and providedemonstrations of ourrecommended solutions.


Why Phishing Attacks Are a Growing Problem

There are a number of reasons why phishing attacks are such a massive problem.

Phishing Attacks Are Easy to Launch

Phishing attackers strike with emails because it’s easy and effective. Email addresses are easy to get and, when you think about it, emails are basically free to send. With minimal effort, phishing attackers can  gain access to valuable data. Victims of phishing attacks can find themselves dealing with malware infections, identity theft, and data loss.

Phishing attackers also target employees’ email, social media, and other accounts to compromise them and then use those accounts to launch attacks. Attackers sometimes try to obtain permissions to modify and compromise connected systems, like point-of-sale terminals and order processing systems. Some of the biggest data breaches, like the infamous Target breach back in 2013, start with a phishing email aimed at a connected system, maybe belonging to a vendor or another third party. When successful, phishing attackers can establish a beachhead in business systems and build on it. Phishing also appeared prominently in the Mueller Report on the 2016 presidential election hacking.

Even Basic Phishing Attacks Can Deceive Recipients

Although phishing emails have been around for more than two decades, awareness of them has not prevented phishing attacks from growing. The FBI reports that successful phishing attacks were costing U.S. business half a billion dollars each year—and those are just the attacks organizations reported. Many more go unreported due to concerns about reputational damage.

Phishing Attacks Constantly Utilize New Tactics

Phishing is constantly evolving, so it’s important to be aware of the latest trends in phishing attacks. For example, whereas the percentage of phishing emails harboring “ransomware”—malware that locks down computer systems until a ransom is paid—has declined in the past couple of years, the IT security industry has identified an increase in the percentage of phishing emails with the goal of  crypto-jacking the user´s computer. “Crypto-jacking” is the unauthorized use of a computer to mine cryptocurrency. Phishers deceive users into downloading cryptocurrency mining software, which runs quietly in the background. The proceeds are sent to the phishers, while the cost of paying for the extra processing power used by the computer or a cloud server is absorbed by the business.

Technology Alone Cannot Stop Phishing Attacks

Face it, all nets have holes. That includes the latest and greatest perimeter security technology, for example, secure email gateways. Cofense has found that 90% of the phishing emails reported to us by customers’ users were active in environments using email gateways. There is no silver bullet. Some phishing attacks will always get through and lurk in employees’ inboxes like ticking bombs.

It only takes one employee to disclose the log-in credentials to their corporate email account for a phishing attacker to pounce, taking remote control of the account and send phishing emails to colleagues, other businesses, and customers on the employee’s contact list.

As the employee’s account is regarded as a genuine source, the phishing emails will not be detected by email filters and the recipients will be more likely to interact with them. This could multiply the degree of damage done by the phishing email, not only to the business itself but also to customers and vendors.

You Need Educated Employees to Stop Phishing Attacks

Once a phishing attack gets by the email gateway and reaches employees’ inboxes, the employees themselves – the attack’s actual intended targets – are the final defense. If they aren’t educated and conditioned to spot and report all forms of phishing, employees are the weakest link. But that doesn’t have to be the case. A phishing awareness and education program can not only help to stop attacks but supply vital threat intelligence to your security teams.

Phishing simulation is recognized as best way to condition employees against phishing, especially when the simulation platform can identify the types of phishing emails and emotional triggers employees tend to fall for. This enables personalized training that makes every employee aware of their weaknesses and more alert to phishing attacks.

Cofense Can Help Protect You Against Phishing Attacks

According to Gartner, Cofense PhishMeTM, our phishing simulation platform, is the “most recognized security awareness and simulation solution” for conditioning employees and raising awareness of phishing attacks. The platform is part of a suite of solutions from Cofense that empowers employees to quickly identify and report phishing emails and in turn enable response teams to mitigate threats.

If you have responsibility for IT security, employee training, or compliance, and would like to know more about defending your business against phishing attacks, get in touch with us. Our team will be happy to answer your questions or walk you through a free demo of the Cofense suite.

Ransomware Examples and How to Prevent Successful Attacks

The purpose of publishing a page dedicated to ransomware examples is not only to highlight the consequences of successful ransomware attacks or companies affected by ransomware. We aim to elaborate on the different ways ransomware programs are deployed, why they are so successful, and how your business can use a phishing awareness course to help defend itself against becoming a victim of ransomware – or mitigate the consequences should your defenses fail.

The first thing to point out is that, over time, the ransomware examples listed will date. What will not date is the psychology behind ransomware attacks, nor the weaknesses that result in ransomware attacks being successful. It is therefore viable to suggest that the measures recommended defending against ransomware – or mitigate its consequences – will also remain current.

What is Ransomware

The first recorded example of ransomware was in 1989, when evolutionary biologist Dr. Joseph Popp sent floppy discs containing the PC Cyborg Trojan to hundreds of recipients under the heading “AIDS Information Introductory Diskette”. The Trojan encrypted file names on the C drive before displaying a message demanding money was sent to a P.O. Box in Panama for “license renewal”.

The concept of demanding a ransom for data kidnapping expanded during the 1990s, as did the anonymous methods for collecting ransoms. Until the development of Bitcoin, ransoms payments were demanded via prepaid cash services, Western Union wire transfers, and Amazon or iTunes gift cards. One ransomware attack demanded texts were sent to a premium-rate SMS messaging service.

The nature of ransomware also evolved. Whereas the majority of recent ransomware examples below focus on the encryption of data and servers´ web directories, there are many examples of non-encrypting ransomware that lock users´ systems or that threaten to publish stolen data from victims´ systems – rather than deny victims access to the data – if a ransom is not paid.

Think Like
a Cybercrook

This special report focuses
on the realities of phishing
and recommends defenses
you can use to reduce your risk.

Read More

Ransomware Examples from Recent Years

The development of Bitcoin and the availability of ransomware-as-a-service on the Dark Web led to substantial growth in ransomware attacks. Although the actual number of attacks and victims is hard to quantify due to underreporting, the scale of the recent attacks is greater than has been seen before. Some ransomware examples from recent years include:

  • From September 2013 to May 2014, the CryptoLocker ransomware attack is estimated to have affected between 250,000 and 500,000 computers. The ransomware was deployed via a Trojan hidden within a ZIP file attached to spam emails.
  • In September 2014, a similar attack evaded detection by email filters by requesting recipients visit a rogue website (via a link) in order to address a failed parcel delivery notice. The rogue website would then download the ransomware payload.
  • Also in September 2014, the CrypoWall ransomware spread wildly due to users downloading executable files disguised as images on spam emails. This attack deleted backup copies, installed spyware to obtain passwords and steal Bitcoin wallets.
  • The Petya ransomware variant discovered in 2016, was the first ransomware to be allegedly used for a politically-motivated attack. The malware spread rapidly via a hacked tax preparation program in Ukraine and affected major business partners across the globe.
  • In May 2017, the WannaCry ransomware, the biggest ransomware attack in history, exploited vulnerabilities in unpatched and older versions of Windows operating systems. WannaCry is estimated to have affected 200,000 computers, but could have been much worse had a security expert not discovered a kill switch.

This list of ransomware examples from recent years indicates that ransomware attacks are becoming more sophisticated in nature, with potentially more devastating consequences, especially for companies affected by ransomware. However, a common theme is that they could all have been avoided with better security awareness and due diligence – an important consideration bearing in mind where ransomware attacks seem to be heading.

Ransomware Examples: Mobile Devices and the Cloud

As technology has evolved, the sophistication of ransomware attacks has kept pace. Device blocking ransomware loaded into applications made available in the Google Store has infected devices on the Android platform, while attackers have exploited iCloud accounts and vulnerabilities on the Find My iPhone system to lock access to devices on the Apple platform.

Although it is believed developments in machine learning and artificial intelligence in the cloud will be able to detect and correct vulnerabilities and suspicious behaviors in the future, some security experts have warned attackers will also use these technologies to learn from defensive responses and disrupt detection models in order to exploit newly discovered vulnerabilities before defenders patch them up.

Concerns have also been raised that machine learning technology will be better at generating convincing phishing emails, and be able to do it at scale. Therefore, it is essential businesses implement measures to counter the threat from ransomware – and not just technological measures. In order to be better defended against ransomware, end users must understand the psychology behind ransomware attacks.

The Psychology Behind Ransomware Attacks

When the first phishing emails harboring ransomware circulated, they were very simplistic. “Click on the image to see the cute cat” or “Look what tricks my doggy can do” were typical hooks used to prey on a victim´s curiosity and get them to open an attachment or click on a link. As awareness of ransomware increased, so did the sophistication of ransomware attacks and the psychology behind them.

Phishing emails evolved to trigger other emotions – for example, urgency, sympathy, fear and greed. Victims now received phishing emails appearing to be from technical support departments, charitable organizations and law enforcement agencies demanding action, or from bogus lottery companies with “click to win” offers.

Social engineering became the next development in ransomware psychology. Cybercriminals used freely available personal information to make emails look like they came from a legitimate source. In these ransomware examples, victims believed they were replying to an email from their bank or medical provider. Or, in a business environment, somebody from their own company.

Psychology of Ransomware Demands

Ransomware distributors know how to use psychology in their ransom demands as well. In many successful ransomware attacks, there are examples of urgency (“Pay within 72 hours or the ransom doubles”), and fear (“Pay within 72 hours or the recovery key will be destroyed and your data will remain encrypted forever”). Other ransomware examples of psychological manipulation include fake FBI warnings and fake accusations that the target has been viewing pornography.

Ransomware examples even extend to sympathy – or purport to. One variant of the CtyptoWall4 ransomware distributed in 2016 promised to forward ransoms to a children’s charity. Just in case victims debated whether the promise was genuine, they were only given twenty-four hours to make their “donation” before the five Bitcoin ransom was doubled.

The charitable angle has been around for more than twenty years. Indeed, when Dr. Joseph Popp was detained following the PC Cyborg Trojan scam in 1989, he claimed in his defense the purpose of his scam was to support AIDS research. Authorities were not so charitable and charged him with eleven counts of blackmail. He was subsequently declared mentally unfit to stand trial.

Help Create
Active Defenders

Our new study shows why email
reporting — human action — is the
beating heart of a strong phishing


Google Docs Scam Raises Concerns for Future Attacks

Most ransomware attacks are one-off events in which an attack is carried out deployed and the consequences resolved – either with the payment of a ransom or a technological solution. The Google Docs scam is different, and raises concerns as it doesn’t follow previous patterns but rather raises the possibility of future sizable, carefully-crafted, and socially engineered ransomware attacks.

In the Google Docs scam, targets received an email from a known source, claiming they were sharing a Google Doc. The email contained what appeared to be a link to the Google Doc file. When recipients clicked on it, they were taken to a legitimate page. On the page, the mystery attacker had uploaded a rogue web app asking the recipient to allow “Google Docs” to access their Gmail account.

When permission was granted, the app gained control over the webmail account and sent the same spam message to targets´ contact lists (explaining why the emails appeared to have come from a known source). Google acted quickly to prevent the email spreading, but the contact lists of more than one million email accounts were accessed and compromised before the attack was stopped.

What’s concerning about this scam is that there was no apparent negative outcome. Every target is still able to access their contacts list and nobody has been asked to send a ransom. Somebody, somewhere, is sitting on the contact lists of more than one million email accounts, with the potential the information could be used to generate convincing phishing emails harboring ransomware.

Use a Phishing Awareness Course to Prepare against Future Ransomware Threats

Nobody knows if, when or how the email data extracted from the Google Docs scam will be used to deliver ransomware, but it’s very likely to happen and may be the biggest ransomware attack in history. The phishing email will appear to originate from somebody known to the target (and therefore bypass spam filters), will likely involve an uncomplicated action (like sharing a Google Doc) and will have a psychological hook (urgency, sympathy, fear or greed).

Various solutions have been suggested to mitigate a ransomware attack on the scale of our ransomware examples above. These vary from ensuring systems and software are up-to-date with relevant patches, to using object storage versioning to maintain critical data in the cloud (which doesn´t help if networks are infected with system-locking ransomware or your business is threatened with data exposure).

A better way to prepare against the future ransomware attack is to raise the awareness of end users -and the best way to do that is to use past ransomware examples as part of a comprehensive phishing awareness course. This is how Cofense operates, providing simulation exercises based on real examples of ransomware attacks. We can reduce employee susceptibility to phishing emails by up to 95%. 

Cofense also provides end-to-end phishing mitigation for when a phishing email avoids detection by trained end users. Our Human Phishing Defense solutions condition end users to recognize and report phishing attacks in progress in order that security operation center teams can respond quickly and address the issue with minimal disruption to business continuity.

To learn from ransomware examples through phishing simulation, get in touch with Cofense now and request a free demonstration. Our intelligence-driven solution is proven to protect businesses from ransomware threats. Our team will be glad to provide you with examples of ransomware attacks that have been prevented by raising employees´ awareness of ransomware psychology.

1:1 Demo
Powerful Solutions

We'll talk with you about your company's</br>specific needs and provide</br>demonstrations of our</br>recommended solutions.


How to Better Use Phishing Statistics

Phishing Statistics Highlight Only a Portion of the Threat

Phishing statistics vary considerably in how they are compiled, represented, and interpreted. However, this does not necessarily mean they are without value. By identifying trends within phishing attack statistics, businesses can better prepare themselves against the types of threat they are more likely to encounter and mitigate the likelihood of becoming phishing statistics themselves.

In the 2006 edition of the “Information Security Management Handbook,” author Christopher Pilewski entitled a section of his chapter on computer crime “Lies, Darned Lies, and Phishing Statistics.” Pilewski gives examples of widely varying phishing attack statistics and attributes the variations to businesses being unwilling to disclose their security failings or the financial consequences.

Fast forward more than a decade and phishing statistics still vary a lot. There are many reports, available online, that pull from vastly different users and survey groups. For example, the 4-19 “State of the Phish” Report claims 83 percent of nearly 15,000 users surveyed experienced a phishing attack in the previous year. At the other end of the scale, the British Government’s “Cyber Security Breaches Survey 2019” reports that only 32 percent of respondents identified a phishing attack or breach during the same period.

Further examples of widely varying phishing attack statistics exist with relation to the cost of a successful phishing attack. In their respective 2018 reports, KeepNetLabs claims the average cost of a successful cyberattack is $1.6 million. Accenture calculates the average cost at $2.4 million, Microsoft at $3.8 million, and IBM at $7.35 million. Juniper Research – clearly anticipating a period of hyper-inflation – predicts that by 2020 the average cost of a successful cyberattack will be $150 million.

Why Phishing Attack Statistics Vary So Much

Phishing attack statistics are not unique in displaying variance. Most statistics vary according to factors such as who, what, where, when, and why. For example, the report above claiming 83 percent of businesses experienced a phishing attack is compiled from client reports made to a security company, whereas the phishing statistic of 32 percent is the result of a UK government survey of business leaders – who may or may not have been aware of the volume of phishing attacks in their businesses.

Email Phishing Statistics

Our own 2019 Annual Phishing Report found that 90% of our clients’ real phish emails were found in environments Using SEGs (Secure Email Gateways). 74% of those phish attacks were hunting for credential information. “Cyber Security Breaches Survey 2019” reports that 20% of attacks came from phishing emails impersonating an organization. While each percentage or phishing stat is important information, it is vital to remember that each report is controlled by the data available and the publishing organization.

The same factors apply to the discrepancies in how much cyberattacks cost businesses. Costs not only vary according to the industry the business operates in, its size, its location, and how long it takes the business to recover from the attack, but also what factors are taken into account when calculating the costs. For example, some calculations include only the costs of information loss, business disruption, and revenue loss, whereas others include costs such as:

  • Equipment damage.
  • Investigation costs.
  • Increased insurance premiums.
  • Technology and security upgrades.
  • Identity theft and credit services.
  • Civil lawsuits and legal fees.
  • Reputation loss.
  • Regulatory fines and sanctions.

One also has to consider the motives for publishing phishing statistics – and how the motives are interpreted. A cynical person might be of the opinion that a security company ́s motive for publishing phishing statistics is to raise concerns and attract more clients, and therefore inflate the statistics in order to represent a far worse situation than actually exists.

That is not necessarily the case, and in fact the figures quoted in the “State of the Phish” report align closely with those produced by the Anti-Phishing Working Group (APWG) – a global data exchange, research and public awareness organization with more than 1,800 members. If Christian Pilewski ́s assertion that businesses are unwilling to disclose their security failings is true, it may not be the case that business leaders “may or may not have been aware of the volume of phishing attacks in their businesses” but rather that they did not want to reveal them.

See the Latest
Trends in Phishing Security

Get ahead of trending threats
with our insights and solutions
into phishing threats & attacks..


Why Phishing Statistics Trends are More Important

Phishing statistics trends are more important than the numbers themselves because they provide metrics about where phishing attacks are heading and give companies the opportunity to alert employees to new attack methods. However, as with phishing statistics, it is important to understand how trends are being compiled, represented, and interpreted in order to correctly identify them.

For example, if you were to compare year-on-year phishing statistics compiled from client reports made to the security company, the actual percentage of businesses experiencing a phishing attack decreased. This should not be taken as an indication that phishing attacks are declining, but rather that the security company’s solutions are having an effect – albeit a limited one.

Our own review of phishing attack statistics trends reveals that, although the vast majority of phishing emails have the objective of installing ransomware, there has been a significant increase in phishers attempting to fool email recipients into complacency by acquiring SSL certificates for their phishing sites and in the deployment of “quiet malware” such as remote access trojans.

These trends are disturbing inasmuch as the targets of phishing attacks often misunderstand the purpose of an SSL certificate (82% according to a study by APWG) and divulge log-in credentials believing the phishing site is legitimate. Consequently, there has been a noticeable increase in phishers taking remote control of user accounts and deploying software to mine cryptocurrencies in the cloud.

How to Prevent Your Business from Becoming a Phishing Statistic

One positive phishing statistics trend is that businesses are investing more in phishing awareness training. However, due to the increasing sophistication of phishing, threats are becoming harder to detect, and even technically savvy employees can fall victim to a particularly good or well-crafted phishing scam. Phishing Awareness Training alone will not reduce the consequences of a successful phishing attack, and businesses need to be prepared for the times when phishing emails avoid detection and their requested actions are performed.

Cofense is the leading provider of phishing awareness training and threat management solutions for businesses. Our human intelligence-driven solutions have reduced employee susceptibility by up to 95 percent and, when a phishing email does evade detection, Cofense enables security teams to mitigate the consequences. To date, we’ve helped hundreds of IT security teams contain the consequences of a successful phishing attack.

To learn more about defending your business, your data, and employees against the threat from phishing, contact us now and request a free Cofense demo. Our team will be glad to answer any questions you have about phishing attacks and discuss any specific vulnerabilities. Make sure you’re not helping to feed the next set of phishing attack statistics. Act and be informed. Speak with Cofense today.

1:1 Demo
Powerful Solutions

We'll talk with you about your company'sspecific needs and providedemonstrations of ourrecommended solutions.