The Cofense Intelligence™️ team analyzes millions of emails and malware samples to understand the phishing landscape. Every 90 days, we deliver this updated report on the latest threats spawned by malicious email attacks, so that you're aware of what could be hitting your inboxes.

During Q3, Cofense investigated both new and long-standing phishing trends. We delineated threat actors’ abuse of legitimate services such as Dropbox, DocuSign, and other legitimate and trusted domain names in order to ensure that malicious emails would reach inboxes. We investigated a long-standing activity set, which we first reported in 2019, outlining its evolution over time as it targeted government contractors. We also sought to provide readers with a broad, introductory understanding of malware types in the phishing threat landscape, as well as baseline reports on specific malware families, such as Snake Keylogger.

A few important topics covered in this report include:

• The evolution of a sophisticated credential phishing activity targeting government contractors
• Tactics behind a prolific phishing campaign abusing Dropbox
• The top domains used in evasive credential phishing attacks, and why