Hackers have speedily changed their phishing tactics over the past year, abandoning social media lures in favor of a brand new focus on business users with communication notification templates, according to Proofpoint.
The electronic communication security firm compared the findings of its 2014 report “The Human” issue with those of the 2015 version and located some noticeable variations in phishing tactics.
First and foremost was a ninety four percent decrease within the use of social media invite lures.
Fake LinkedIn invitations wont to be the dominant selection by hackers nowadays – with double as several of those than the other social media phishing lure.
These were replaced by alleged “communication notification” phishing emails – of that voicemail and fax notifications were apparently the foremost common.
There was also an uptick in personal financial communication lures and corporate financial message templates such as wire transfers, purchase orders and other business-related transactions.
“The corporate financial phishing templates also included targeted wire transfer or ACH phish sent to a specific user and with a spoofed ‘From’ line that included the name of an executive from the recipient’s company, often the CFO or CEO. These messages sometimes even had no links or attachments; combined with their relatively low volume this made them effective at evading defenses. In general, they had the lowest click rate of the top phishing templates, but conversely often delivered the biggest returns, as the numerous reports in 2014 of losses from fraudulent transfers demonstrated.”
The findings are yet more proof that cyber-criminals are able to rapidly switch tactics in order to evade defenses and take advantage of new opportunities. This could be to target new countries and regions or different roles within an organization, the firm said.
“While a vital tool, user education can not be the last line of defense,” Proofpoint warned.
“Organizations ought to deploy automatic defenses capable of detecting work and blocking threats that don’t look or behave like antecedently known threats.” So beware before opening notification emails or links to avoid Phishing. Use browser based security toolbars to detect phish pages and block them from your list.