Q3 Cofense Phishing Intelligence Report and Threat Briefing

Insights on the threats that matter: QakBot and Tailored Credential Phish

The Cofense Intelligence™️ team analyzes millions of emails and malware samples to understand the phishing landscape. Every 90 days, we deliver this updated report on the latest threats spawned by malicious email attacks, so that you're aware of what could be hitting your inboxes.

During Q3, Cofense investigated both new and long-standing phishing trends. We delineated threat actors’ abuse of legitimate services such as Dropbox, DocuSign, and other legitimate and trusted domain names in order to ensure that malicious emails would reach inboxes. Additionally, we investigated a long-standing activity set, which we first reported in 2019, outlining its evolution over time as it targets government contractors.

A few important topics covered in this report include:

  • The evolution of a sophisticated credential phishing activity targeting government contractors
  • Tactics behind a prolific phishing campaign abusing Dropbox
  • The top domains used in evasive credential phishing attacks, and why