Cyber Scammers ‘Phishing’ More for Corporates - ProofPoint

Cybercriminals are progressively targeting business houses in their attacks than mere consumers, said security firm ProofPoint in a study recently.

The most favored approach of late is to exploit the tiredness of middle managers whose email inboxes are frequently clogged with emails, while criminals are on the lookout for trading off attack volume with additionally advanced attacks.

Unfortunately, it was discovered that the likelihood of middle managers clicking on maligned emails was double than that of executives. Workers of finance, sales and procurement were the most probable to click open tainted attached files, with such personnel clicking 50-80% more often than workers belonging to other departments, it was highlighted.

Proofpoint noted that on some particular days in 2014, it witnessed a 1,000% boost in the usual volume of emails laced with malicious content. The survey disclosed that, usually, workers clicked 1 of every 25 maligned messages that they received last year, which was twofold of the amount clicked in 2013.

The email lures that were readily clicked were notifications regarding e-fax and voicemail alerts. Invitations to social media and order confirming lures, which are extremely renowned and effective - plummeted dramatically last year. Email baits with attachments and not URLs, like invoice and account report lures, surged increasingly as a vector of hacking operations.

The bulk of maligned messages are served during working hours, touching the crest on the mornings of Tuesday & Thursday, and maximum clicking takes place on Tuesday, registering 17% additional clicks than other weekdays, the study says.

EMEA Director of Proofpoint, Mark Sparshott, argued the study shows IT panels must presume that phishing emails have circumvented their security gateways, reported by Infosecurity on April 22, 2015.

They should acknowledge this as the new standard and that even the finest user alert guidance is sending a thinning reduction on URL and attachment opening rates as the criminals amplify their rate of innovation in message body and distribution infrastructure, Sparshott added.

The only sustainable move is to install supplementary technology layers and warning feeds that boost the discovery of phishing emails and pointers of a breach together with tools and procedures that automate and accelerate incident response, Sparshott recommended.

» SPAMfighter News - 4/28/2015