100% of the phish seen by the Cofense Phishing Defense Center (PDC) have been found in environments protected by Secure Email Gateways (SEGs), were reported by humans, and automatically analyzed and dispositioned by Cofense Triage.
Cofense solutions enable organizations to identify, analyze, and quarantine email threats in minutes.
Are phishing emails evading your Proofpoint Secure Email Gateway? The following are examples of phishing emails seen by the PDC in environments protected by Proofpoint. This week sees a variety of the same ol’, same ol’. Logistics spoofs, trusted cloud storage, and finance themes. Good thing humans can be trained to detect these things.
TYPE: Malware – Ursnif
DESCRIPTION: Threat actors in this connected age love to spoof logistics companies. This example warns of a package being returned to the sender. The attached, zipped .jnlp shortcut file leads to a JAR Downloader that runs the Ursnif malware. This is one package you do not want to receive.
TYPE: Credential Theft
DESCRIPTION: Cloud storage is certainly convenient for sharing files with friends and colleagues. Attackers think so, too. This one uses Dropbox to deliver a credential phishing page to the recipient. How convenient is that?
TYPE: Credential Theft
DESCRIPTION: These attackers really stepped up their game with a convincing looking phish mimicking another logistics company. If only it hadn’t come from a Hotmail account.
TYPE: Malware – Pyrogenic
DESCRIPTION: It may look like a PDF, but this finance-themed phish actually delivers a linked image that appears to be an attachment. The link leads to the Pyrogenic Stealer.
TYPE: Malware – Agent Tesla
DESCRIPTION: Here’s your quote for the day: beware of emails bearing malware. This attack identifies as a quote but delivers the Agent Tesla Keylogger via an embedded URL.
TYPE: Credential Theft
DESCRIPTION: They say rest and exercise are good for you, but this exercise starter kit from HR is really at the other end of the scale. The provided link takes the recipient to a web page designed to steal their credentials. That’s sure to get your heart rate up.
Malicious emails continue to reach user inboxes, increasing the risk of account compromise, data breach, and ransomware attack. The same patterns and techniques are used week after week.
Recommendations
Cofense recommends that organizations train their personnel to identify and empower them to report these suspicious emails. Cofense PhishMe® customers should use SEG Miss templates to raise awareness of these attacks. Organizations should also invest in Cofense Triage and Cofense Vision to quickly analyze and quarantine the phishing attacks that evade Secure Email Gateways.
Interested in seeing more? Search our Real Phishing Threats Database.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats.
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.