One of the most common forms of spear phishing attacks, is where attackers pretend to be someone from Microsoft in an attempt to take over accounts. This is evident from the quarterly report ‘Spear Phishing: Top Attacks and Trends’ by Barracuda Networks (hereafter Barracuda).
Researchers from Barracuda examined more than 360,000 spear phishing emails in three months time. The objective was to identify types of attack. The most common types of attacks in this segment are corporate email account imitation, corporate email scams and extortion.
For example, in almost one in five cases, an attacker poses as someone from a financial institution. The attackers are particularly targeted at employees of financial departments, because they have a lot to do with banks and other financial institutions.
“Spearphishing attacks are designed to bypass traditional email security solutions. And attackers are constantly finding new ways to bypass detection and mislead users,” says Alain Luxembourg, regional director Benelux for Barracuda. “This kind of attack for staying requires the right combination of technology and training. Therefore, it is essential that organizations use a solution that specifically detects and stops spearphishing attacks.”
Extortion
In the area of extortion, ‘sextortion’ occurs, in which attackers claim, for example, to have sexual images of their victims and threaten to make them public if they do not pay for them. With this form of spear phishing, Barracuda says that the subject lines of the e-mails often contain some kind of security warning. Also, a target’s email address or password is often included in the subject line.
In over 70 percent of all attempts at corporate email attacks, the subject lines try to convey a sense of urgency. In many cases, for example, it is implied that there has been previous contact on the subject. Finally, company names are regularly imitated in email addresses, making it look as if the email came from an employee of the company where the target works.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.