Collaborate Disseminate
New attacks discovered by Cofense can perform keylogging, steal data and completely hijack a mobile device. Continue reading Phishing Campaign Targets 250 Android Apps with Anubis Malware
A concerted, targeted phishing campaign took aim at 600 different staffers and officials, using Norway as a lure. Continue reading U.N. Weathers Storm of Emotet-TrickBot Malware
A targeted campaign is delivering an information-stealing malware called Predator the Thief. Continue reading You’ve Been Served…with Subpoena-Themed Phishing Emails
By Milo Salvia, CofenseTM Phishing Defense CenterTM This blog has been updated since its first appearance on October 17, 2019 to include information related to the threat origin and bypassed email gateways. The Cofense Phishing Defense Center (PDC) has… Continue reading New Credential Phish Masks the Scam Page URL to Thwart Vigilant Users
The fake emails direct victims to log into a bogus IRS site. Continue reading IRS Emails Promise a Refund But Deliver Botnet Recruitment
At every turn, the info-stealer uses legitimate services to get around normal email, endpoint and network defenses. Continue reading Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks
A phishing campaign targeting utility grid operators uses a PDF attachment to deliver spyware. Continue reading Adwind Spyware-as-a-Service Attacks Utility Grid Operators
Would your average Internet user would be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this particular teaching approach). Continue reading Should Failing Phish Tests Be a Fireable Offense?
As phishing continues to be the number one method for initiating a breach, investing in anti-phishing technologies or training – preferably both – should be a no-brainer for most companies. As Aaron Higbee, co-founder and CTO of Cofense not… Continue reading What will phishers do once push-based MFA becomes widely used?
Researchers from phishing protection company Cofense say that an active botnet spreading the Emotet banking trojan has significantly upgraded its ability to spoof financial organizations with convincing phishing lures. The U.S. Computer Emergency Readiness Team (US-CERT) describes Emotet as “an advanced, modular banking Trojan” that is “among the most costly and destructive malware” for both public and private organizations. In a report published Tuesday, Cofense says it has observed Geodo — another name for Emotet — using an new scraping feature that makes its better at impersonating organizations. The feature lifts templates stolen from infected victims, then uses the templates to upgrade its phishing campaigns a with credible aura of a financial institution, according to the report. Previously known capabilities of Emotet’s spamming module include the ability to steal contact lists and email signatures, Cofense says. But in this campaign, researchers say there’s the added capability to scrape up to 16 […]
The post Report: Emotet makes phishing lures more convincing by scraping victims’ emails appeared first on Cyberscoop.
Continue reading Report: Emotet makes phishing lures more convincing by scraping victims’ emails