Contact Us




Change Locale

Phishing Attack Shut Down in 19 Minutes with Cofense Triage

Uncategorized | Posted on August 14, 2018 by schap

Imagine a cunning phisher: he knows his craft and sends your users an email appearing to come from your CEO that bypasses all your other technology. What would you do?

One of our customers faced that very scenario and relied on Cofense TriageTM and the Cofense Phishing Defense Center (PDC) to analyze and respond to the attack in less than 20 minutes after it launched.

The phishing email was sophisticated.

The customer, VP of Information Security for a healthcare company, leverages Cofense Triage, managed by the PDC, to automate analysis of suspicious emails reported by employees as well as phishing attack response.

“An attacker sent an email that showed he’d really done his homework,” said the VP. “The email looked and sounded exactly as though our CEO had sent it. The attacker had clearly gone to our website and noticed our ethics policy. Mimicking language on the site, the email reminded employees about the policy and, like the simulated election email we sent, asked people to click a link to agree they would follow the rules.”

But our customer was ready.

The link took them to a counterfeit Office365 page that asked for login credentials. The goal of the phishing attack was to harvest passwords, gain file system access and steer automatic payroll deposits into the attackers’ accounts. The email was highly believable, with several thousand recipients clicking on it.

Fortunately, within 60 seconds after the phishing attack began, employees trained through Cofense PhishMeTM reported the email so it could go straight into Cofense Triage for analysis. After escalating the incident and conducting a thorough investigation, the PDC called the customer, who blocked the phishing site, retracted the email, and stopped the rerouting of payroll.

“If we hadn’t been prepared, the damage would have been worse,” said the VP. “We were able to retract the email in under 20 minutes.”

Read the full case study for a minute-by-minute account. Besides learning more about Cofense Triage, you’ll see how this customer uses Cofense PhishMe to train employees to recognize phishes and Cofense ReporterTM to report them for investigation.

New Cofense Triage features now orchestrate even faster response.

As this customer’s story shows, Cofense Triage has always helped to find threats fast. Now, a series of updates accelerate response through seamless orchestration:

  • Our Who Else feature identifies users who click on reported emails, so you can quickly find and mitigate any damage.
  • Noise Reduction helps you cut through the noise of commercial emails to find real threats; put another way, it separates spam and the like from malicious emails, making the haystack smaller.
  • Our API makes it easy to integrate Cofense Triage with other incident response systems.

Together, these updates speed your ability to analyze emails and hunt down threats. Learn more about orchestrating a faster response to phishing.

This article was originally published here.


Related Articles

“A people without knowledge of their past history, origin and culture is like a tree without roots.” – Marcus Garvey

Culture | April 9, 2019 by Kelly Breedon

Softchoice is very proud to have been named to the Great Place to Work Institute’s first ever list of Best Workplaces for Giving Back. This list recognizes organizations with a strong employee commitment to giving back, and a robust range of programs that support positive change in their communities. Taking care and giving back are […]

When we talk about Digital Transformation, three key topics always come to the fore: optimizing IT investments, enabling end users, and IT agility. On a granular level, these three factors form an axis of issues companies must deal with when making the digital leap. At our recent roundtable dinner in Boston, we sat down with […]