Tuesday, January 28, 2020
Researchers found 39 percent of survey respondents clicked on messages to check a password immediately. Top-clicked social media attacks were found in messaging apps on LinkedIn (55 percent) and Facebook (28 percent). Social media messaging apps are frequently exploited due to their familiar, legitimate appearance, the study found.
Stu Sjouwerman is CEO at KnowBe4, a security awareness company that simulates phishing attacks on its technology platform to improve threat intelligence. Noting that criminals are exploiting public sector awareness and fear of cybercrime, Sjouwerman warned consumers to be suspicious of emails that appear to be too good to be true, stating, “As identifying phishing attacks from legitimate emails become trickier, it’s more important than ever for end users to look for the red flags and think before they click.”
Mark Carl, CEO at ControlScan, cited threat intelligence and multifactor authentication as essential protections against malicious email attacks. “Email is the primary tool we have in business, but it’s also the most high-value target for an attacker, especially if you’re using Office365 and/or SharePoint to store all your company files,” he wrote in an Aug. 6, 2018 blog post titled “Email Security Basics You Need to Know.”
KnowBe4 researchers similarly noted that the most-clicked email subject lines referenced Microsoft/Office 365: De-activation of Email in Process (14 percent); Dropbox: Document Shared With You (8 percent); IT: Scheduled Server Maintenance – No Internet Access (7 percent) and Slack: Password Reset for Account.
Following are KnowBe4’s top 10 phishing subject lines:
Retruster reported that the FBI investigated more than $12 billion in losses in 2019 and that, according to IBM Corp. statistics, the average financial cost of a data breach is $3.86 million. Phishing attacks are growing at a rate of 65 percent a year, researchers noted. Webroot analysis suggests approximately 1.5 million new phishing sites are being added every month. Also, in 2019 alone, 76 percent of businesses reported being victimized by phishing schemes, and Verizon’s 2019 Data Breach Investigations Report found that 30 percent of phishing attacks are successful, Retruster researchers stated.
Retruster provides an add-on for Microsoft Outlook that checks incoming emails for signs of ransomware, phishing and fraud. Users of the add-on who receive an email that shows signs of ransomware, phishing or fraud are automatically warned within Outlook and given reasons for the warning.
KnowBe4’s Sjouwerman recommends that organizations “phish” employees, using simulated attacks, to help them identify potential threats and email scams while demonstrating how easily attackers can gain unauthorized access to an organization’s network. KnowBe4 provides fully automated simulated phishing attacks and community phishing templates, he added.
ControlScan’s Carl pointed out that phishing emails are frequently a delivery system for malware, as attackers embed links in emails that appear to be legitimate. ControlScan, a managed security service provider, provides targeted services designed to meet specific requirements for a range of industries, including healthcare, retail, hospitality and payments industry companies, he noted.
A link to KnowBe4’s phishing email infographic can be found at: www.knowbe4.com/press/q4-2019-knowbe4-finds-security-related-and-giveaway-phishing-email-subject-lines-get-the-most-clicks
A link to the Retruster 2019 phishing and email fraud infographic can be found at: retruster.com/blog/2019-phishing-and-email-fraud-statistics.html
A link to ControlScan’s 4 ways that malware can sneak into your network infographic can be found at: www.controlscan.com/4-ways-malware-attacks-infographic/
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.