CoFense Scam News

October is Cybersecurity Awareness Month—the ideal time to focus on education and strengthening your defenses against phishing. Embracing good cybersecurity habits in daily life not only enhances safety but also makes managing personal and business tasks easier and less stressful. To help bolster your organization’s security, Cofense Intelligence recommends four key tactics.

In Q3 2024, the Cofense Phishing Defense Center (PDC) identified a phishing campaign that impersonated several Fortune 500 companies by targeting individuals in social media and marketing positions through fake job applications. Earlier this year, the team researched how resume details have become valuable tools for threat actors in a blog titled “Job Application Spear Phishing.” Since then, the PDC has continued to monitor the use of this tactic by threat actors who have begun utilizing other well-known brands as well as refining their techniques to further deceive potential victims.

Artificial intelligence is rapidly transforming how we protect our digital lives. AI-powered phishing defense tools promise to be smarter, faster, and more effective at stopping threats. But as we rely more on these advanced systems, it’s important to look critically at the way they work and how they store our data.  

Cofense Intelligence has been tracking a series of Copyright-themed campaigns conducted by the Lone None threat actor group. This Strategic Analysis will look at this campaign’s current TTPs (tactics, techniques, and procedures) and IOCs (indicators of compromise) while also highlighting how this campaign has evolved. 

Credential phishing and malware are often considered mutually exclusive; it is generally assumed that an email either delivers credential phishing or malware. While this is typically the case, several recent high-impact campaigns have combined credential phishing and malware delivery.

As threat actors weaponize generative AI to craft increasingly sophisticated phishing attacks, security teams need more than traditional defenses to stay ahead. Enter Cofense Vision 3.0, our latest evolution in phishing threat detection and response technology. 

Threat actors use many methods to avoid detection and complicate the analysis of their credential phishing pages and campaigns.

The Cofense Phishing Defense Center (PDC) has recently observed a new wave of credential harvesting attacks involving phishing emails sent via SendGrid. The campaign exploits the trusted reputation of SendGrid, a legitimate cloud-based email service used by businesses to send transactional and marketing emails. By impersonating SendGrid’s platform, attackers can deliver phishing emails that appear authentic and bypass common email security gateways. The campaign delivers the attack through three differently themed emails, each crafted to create a sense of urgency in both the subject line and body. The emails also use spoofed sender addresses, making them appear as if they genuinely originated from SendGrid

Now supporting hybrid environments, Vision 3.0 introduces “Who Clicked” to track and identify user engagement with phishing emails for faster, more targeted response

Ransomware has long been a staple among threat actors, and the attacks often garner large media coverage. Ransomwares such as WannaCry and NotPetya dominated both the cyber news and broader reporting landscape for months on end.

Subject customization is widely used in targeted malware phishing campaigns to make the email appear more authentic and increase the chances of the malicious payload being run. When combined with Remote Access Trojans (RATs) or Information Stealers, threat actors can easily obtain remote access or credentials. In this blog, Cofense Intelligence outlined the top 5 most prevalent themes associated with malware-delivery emails where subject customization was included. These themes include categories such as Travel Assistance, Response, Finance, Taxes, and Notification.  

Threat actors have increasingly exploited Google AMP and Google redirect methods to bypass security defenses, leveraging Google’s reputation to mask malicious content from detection. Despite improved security measures, the quarterly volume of Google AMP abuse has remained consistently high, with attackers adapting by using varied Google URL paths, TLDs, and even services like Google Maps and Translate for redirects.