Cofense Blogs

The Importance of Intelligence in Stopping Phishing Attacks

March 23, 2022

It’s a staggering statistic: 50% of all email phishing attacks, including business email compromise (BEC) and credential theft, evade secure email gateways (SEGs). Yes, your SEG misses half of all advanced email attacks targeting your organization. Learn more…

Russia-Ukraine Conflict Leverages Phishing Themes

March 2, 2022

As the conflict in Ukraine unfolds, Cofense Intelligence continues to monitor for phishing threats related to the conflict and has identified malicious campaigns that are using this current event as a lure to target end users. Learn more…

Cyberattacks in Ukraine Reaffirm Need for Proactive Training, Testing and Validating

February 25, 2022

As events unfold in Ukraine, many predict cyber warfare will play a significant role in Russia’s offensive operations. We have already seen reports of government and banking website denial of service attacks, and an advanced new wiper malware deployed to some targets in Ukraine. We are continuing to monitor the situation to see what more sophisticated cyberwarfare capabilities might be deployed. Learn more…

Six-Year Reflection – What is Business Email Compromise Today

February 10, 2022

When it comes to tracking business email compromise (BEC), a lot has changed over the last six years. In the same breath, absolutely nothing has changed except our understanding of the problem. Duality of multiple truths can be a difficult concept to grasp, as two contradicting truths can be just that: true. On one side, BEC is seen as being responsible for billions of dollars lost, which is true. However, when you slightly shift your vantage point, the cyber criminals behind BEC attacks are responsible for MUCH more damage than initially thought. Let’s take a look at both vantage points where both everything and nothing have changed since we first started phishing the phishers and attempting to understand all things BEC. Learn more…

COVID-19 Status Update? Sounds Like Credential Theft.

February 3, 2022

As self-testing via antigen and professional testing via PCR have become more common across many sectors of society, so has status-based phishing. Just as COVID-19 guidelines have evolved, so have threat actor phishing tactics. This recent Office365 credential harvesting campaign utilizes the topic of potential repercussions if the status form isn’t completed. A classic tactic of creating panic in the end user, this ploy threatens financial or other penalties if a certain urgent task isn’t completed. Learn more…

Meet Cofense Validator: Finally. An objective assessment of secure email gateways.

February 2, 2022

You know that feeling? The one where you think you’re doing a good job. You feel like you’re doing okay. But the reality is you just aren’t quite 100% sure? A lot of security professionals we talk to feel the same. That feeling, when paired with guidance from companies to reevaluate their email security controls, usually leaves someone trying to answer the question of, “How do I objectively evaluate the efficacy of my email security controls against real, active threats?” Learn more…

TrickBot Malware Delivered as Invoices

January 27, 2022

During the covid pandemic, many users have been getting invoices sent via email to process for payment. Some of these are business to business, business to individuals, or vice versa. With the supply chain delays, receiving a notification that a delivery attempt was missed can lead to frustration and entice the recipient to open the invoice link to further investigate. Threat actors have taken advantage of this and, with a recent TrickBot campaign analyzed by the Cofense Phishing Defense Center (PDC), they are imitating delivery services such as U.S. Postal Service. Learn more…

Cyber Gang Targets Users with Password Expiration Scam

January 20, 2022

The Cofense Phishing Defense Center (PDC) recently uncovered another dose of credential phishing attacks on consumers, whereby threat actors lure their victims with known social engineering tactics. Thanks to the widespread use of Microsoft Single Sign On (SSO), such as OAuth2, threat actors can use this to their advantage as a powerful means of harvesting credentials to compromise important services. Learn more…

Dept. of Labor Phish Appears for the Month of December

January 11, 2022

Impersonating a government entity is a relatively common practice for threat actors to attempt. Through this impersonation a threat actor seeks to gain trust or authority in an interaction with a potential victim. Recently, the Cofense Phishing Defense Center (PDC) has analyzed a phishing campaign that impersonates the United States Department of Labor. In this specific campaign, the threat actor also tries to push a financial incentive with the lure of an “INVITATION FOR BID” through the Department of Labor. Learn more…

Cofense Solutions for Public Sector
Toll-Free:	(888) 662-2724
(888) 662-2724
Fax:	(703) 871-8505
(703) 871-8505
Email:	Cofense@carahsoft.com
Cofense@carahsoft.com

Solutions for Public Sector

Events & Resources

Contracts & Ordering

Join Our Partner Ecosystem