March 23, 2022
It’s a staggering statistic: 50% of all email phishing attacks, including business email compromise (BEC) and credential theft, evade secure email gateways (SEGs). Yes, your SEG misses half of all advanced email attacks targeting your organization. Learn more…
March 2, 2022
As the conflict in Ukraine unfolds, Cofense Intelligence continues to monitor for phishing threats related to the conflict and has identified malicious campaigns that are using this current event as a lure to target end users. Learn more…
February 25, 2022
As events unfold in Ukraine, many predict cyber warfare will play a significant role in Russia’s offensive operations. We have already seen reports of government and banking website denial of service attacks, and an advanced new wiper malware deployed to some targets in Ukraine. We are continuing to monitor the situation to see what more sophisticated cyberwarfare capabilities might be deployed. Learn more…
February 10, 2022
When it comes to tracking business email compromise (BEC), a lot has changed over the last six years. In the same breath, absolutely nothing has changed except our understanding of the problem. Duality of multiple truths can be a difficult concept to grasp, as two contradicting truths can be just that: true. On one side, BEC is seen as being responsible for billions of dollars lost, which is true. However, when you slightly shift your vantage point, the cyber criminals behind BEC attacks are responsible for MUCH more damage than initially thought. Let’s take a look at both vantage points where both everything and nothing have changed since we first started phishing the phishers and attempting to understand all things BEC. Learn more…
February 3, 2022
As self-testing via antigen and professional testing via PCR have become more common across many sectors of society, so has status-based phishing. Just as COVID-19 guidelines have evolved, so have threat actor phishing tactics. This recent Office365 credential harvesting campaign utilizes the topic of potential repercussions if the status form isn’t completed. A classic tactic of creating panic in the end user, this ploy threatens financial or other penalties if a certain urgent task isn’t completed. Learn more…
February 2, 2022
You know that feeling? The one where you think you’re doing a good job. You feel like you’re doing okay. But the reality is you just aren’t quite 100% sure? A lot of security professionals we talk to feel the same. That feeling, when paired with guidance from companies to reevaluate their email security controls, usually leaves someone trying to answer the question of, “How do I objectively evaluate the efficacy of my email security controls against real, active threats?” Learn more…
January 27, 2022
During the covid pandemic, many users have been getting invoices sent via email to process for payment. Some of these are business to business, business to individuals, or vice versa. With the supply chain delays, receiving a notification that a delivery attempt was missed can lead to frustration and entice the recipient to open the invoice link to further investigate. Threat actors have taken advantage of this and, with a recent TrickBot campaign analyzed by the Cofense Phishing Defense Center (PDC), they are imitating delivery services such as U.S. Postal Service. Learn more…
January 20, 2022
The Cofense Phishing Defense Center (PDC) recently uncovered another dose of credential phishing attacks on consumers, whereby threat actors lure their victims with known social engineering tactics. Thanks to the widespread use of Microsoft Single Sign On (SSO), such as OAuth2, threat actors can use this to their advantage as a powerful means of harvesting credentials to compromise important services. Learn more…
January 11, 2022
Impersonating a government entity is a relatively common practice for threat actors to attempt. Through this impersonation a threat actor seeks to gain trust or authority in an interaction with a potential victim. Recently, the Cofense Phishing Defense Center (PDC) has analyzed a phishing campaign that impersonates the United States Department of Labor. In this specific campaign, the threat actor also tries to push a financial incentive with the lure of an “INVITATION FOR BID” through the Department of Labor. Learn more…