CoFense Scam News

Cofense Intelligence has identified a growing tactic in which threat actors abuse Windows File Explorer and WebDAV to deliver malware outside of traditional browser-based downloads. By leveraging URL and LNK shortcut files along with Cloudflare Tunnel infrastructure, attackers are disguising remote file servers as seemingly local resources and delivering multi-stage campaigns that frequently end in RAT infections. This report breaks down how the technique works, why it is effective, and what organizations can do to detect and mitigate this evolving threat.

This blog examines a phishing campaign that abuses trusted digital invitation platforms to trick recipients into entering their credentials on branded phishing pages. By impersonating well-known services and leveraging newly registered domains, threat actors are able to harvest credentials while evading traditional security controls.

Attackers are impersonating the cryptocurrency brokerage service Bitpanda to run highly convincing phishing campaigns designed to steal both login credentials and extensive personally identifiable information (PII). The campaign uses realistic branding, deceptive lookalike domains, and a fake multi-factor authentication flow to harvest names, passwords, phone numbers, addresses, and dates of birth. This blog breaks down how the attack works step by step and highlights how even small domain differences and urgency-based messaging can lead to significant data exposure.

Phishing response does not fail because of limited headcount, it fails because of manual workflows and alert overload. This blog explains how intelligent automation reduces phishing MTTR by eliminating noise, enriching alerts instantly, and prioritizing real threats. Learn how organizations have cut response times from days to minutes without adding SOC staff.

Threat actors are abusing trusted brands like DocuSign, Adobe Sign, and Zoom to deliver JWrapper-wrapped malware through convincing phishing emails. This blog details how attackers weaponize legitimate tools like SimpleHelp to establish stealthy, persistent remote access on victim systems. Learn how these campaigns operate, what indicators to watch for, and how Cofense identifies and disrupts malware-driven phishing attacks in the wild.

Threat actors are increasingly abusing Microsoft and Google Calendar invites to deliver convincing phishing attacks that steal user credentials by mimicking everyday workplace activity. This blog breaks down real-world campaigns observed by the Cofense Phishing Defense Center, showing how spoofed invites, urgent language, and fake login pages are used to bypass user suspicion.

Mispadu is a rapidly evolving banking trojan that has become the most prevalent Latin American threat observed by Cofense, using phishing emails that routinely bypass secure email gateways. This analysis breaks down how Mispadu campaigns rely on deceptive PDF attachments and multi-stage delivery chains to deploy obfuscated malware using legitimate tools.

Artificial intelligence has transformed how organizations operate—and threat actors are moving just as quickly. In Cofense’s recent webinar, The New Era of Phishing: Threats Built in the Age of AI, Cofense Chief Security Officer Josh Bartolomie joined threat experts Chance Caldwell and Max Gannon to break down the most important phishing trends emerging from real-world attack data. This blog includes five key takeaways security teams should understand heading into 2026 and beyond.

In this blog, Cofense Chief Security Officer Josh Bartolomie explores how cybercriminals have abandoned any notion of medical neutrality, with phishing-driven attacks now deliberately disrupting healthcare operations and putting patient lives at risk. Using real-world incidents like the Change Healthcare and Ascension breaches, Bartolomie shows how a single phishing email can trigger cascading failures, from delayed cancer treatments to massive financial and operational fallout. He concludes that phishing defense must be treated as a life-critical investment, because in today’s healthcare threat landscape, cybersecurity failures can truly become matters of life and death.

Phishing has evolved far beyond the crude, mass-produced scams most security teams were trained to recognize. Phishing has evolved far beyond the crude, mass-produced scams most security teams were trained to recognize. 

False positives are one of the biggest barriers to effective phishing defense. When security teams are overwhelmed with noisy alerts, real threats hide in plain sight, investigations slow down, and analyst confidence erodes. Reducing false positives is more than tuning detection rules, it requires connected intelligence that brings together human insight, verified threat data, and supervised AI to deliver accurate, actionable decisions.

Report reveals as attackers use AI to generate thousands of unique variants, weaponize trusted tools, and blend seamlessly into business workflows.