LEESBURG, Va. – November 29, 2023 – Cofense, the leading provider of email security awareness training and phishing detection and response (PDR) solutions, today announced a first-of-its-kind solution that provides world-class Security Awareness Training (SAT) and Threat Detection & Response capabilities to specifically target QR code phishing threats. As seen in Bloomberg, Security Week and WIRED, Cofense was one of the first email security companies to detect, track and report on this emerging phishing threat. QR code phishing attacks have seen a meteoric rise in 2023 due to their abili ..read more

In our latest webinar on QR Code Phishing Threats we dove into this new, emerging threat and what it means for organizations around the world. The good news is we had a lot of time to go into the details of what we are seeing bypass Secure Email Gateways (SEGs). The bad news is we didn’t have enough time to answer all of your questions. So, let’s do that now.  1. How do threat actors use QR Codes for phishing scams?  Threat actors utilize QR codes as a deceptive tool to conduct phishing scams. By embedding malicious code within these codes, they trick unsuspecting users into scannin ..read more

A malware phishing campaign that began spreading DarkGate malware in September of this year has evolved to become one of the most advanced phishing campaigns active in the threat landscape. Since then, the campaign has changed to use evasive tactics and anti-analysis techniques to continue distributing DarkGate, and more recently, PikaBot. The campaign surged just one month after the last seen QakBot activity, and follows the same trends used by the infamous threat actors that deploy the QakBot malware and botnet. This campaign disseminates a high volume of emails to a wide range of industrie ..read more

Artificial Intelligence (AI) capability has been a popular topic of conversation, undeniably transforming various industries with optimised efficiencies and various creative application. But with this powerful tool what does this mean for the future of email threats, and how could it be leveraged by cybercriminals to amplify their penetration?   In this blog we’ll explore the potential ways AI could be applied to make email threats even more dangerous, what organizations and Channel should be looking out for, and highlighting the need for proactive measures to ensure cybersecurity ..read more

Vishing is one of the most common social engineering attacks that hackers use to steal sensitive information from unsuspecting individuals. Vishing is a combination of two words, voice and phishing, and is the practice of using voice technology to trick individuals into divulging confidential details. This cyber attack has become more prevalent with the increased reliance on telecommunication, which provides an opportunity for cybercriminals to successfully carry out vishing attacks. Let’s take a look at 3 things you need to know about vishing and how you can protect yourself from falling vic ..read more

During Q3 of 2023, new and old techniques appeared, creating a high volume of campaigns that reached users in environments protected by secure email gateways (SEGs). Throughout this quarter, we saw an increase in volume for both credential phishing and malware campaigns. Cofense Intelligence also observed a resurgence in some malware families that have been less common in previous quarters, while the more notable families like QakBot and Emotet remained inactive. The key highlights for Q3 2023 include: Credential phishing indicators of compromise (IOCs) increased by nearly 45% in Q3 compare ..read more

By Max Gannon Regardless of the device it is installed on or how it got there, most malware steals information from the platform it has infected. The question is, what do the threat actors controlling the malware do with the stolen information? We are going to take a look at what kind of information is stolen by some of the top malware families, what threat actors do with the stolen information, and what value the stolen information has. We are also going to briefly cover how Initial Access Brokers (IABs) fit into the threat landscape in relation to what kind of access some of the top malware ..read more

By Cofense Intelligence A series of campaigns delivering the newly christened “Complaint Stealer” malware began in mid-October and escalated within the last 2 days. The Complaint Stealer malware is an Information Stealer that targets cryptocurrency wallets and programs as well as credentials stored in browsers. Complaint Stealer shows unusual interest in the graphics card and other information associated with cryptocurrency mining so cryptocurrency mining may be a later addition. Complaint Stealer also often makes use of legitimate software such as AutoIT or PKWARE. All samples seen to date ..read more

By: Robert O’Callaghan A method of communication that remains important in our modern world is that of the voice message. The PDC recently observed a phishing campaign where threat actors included an access key in the body as a way to entice the user to access the voice message that had been left for them to review.  In Figure 1, we can see the email notifying the user of the messages available.  We note the use of a Zoom-esque domain. The attachment, which includes the date in the name, is an HTML file that will act as the first stage of the attack. The convincing aspect of this s ..read more

By: Nathaniel Raymond In 2022, the Cofense Phishing Defense Center (PDC) detected phishing campaigns that used LinkedIn links called Smart Links or “slink” to bypass security email gateway or SEG to deliver credential phishing, which was covered previously in the smart links LinkedIn blog. Smart links are links utilized by a LinkedIn team or business account connected to LinkedIn Sales Navigator services that provide content and track engagement metrics. A year later, in late July into August, a resurgence of Smart Links was identified in a sizable credential phishing campaign targeting ..read more