First thing Tuesday is the most effective time to hit inboxes with bogus invoices and receipts looking to catch people unawares, according to a cybersecurity specialist.
Hackers are targeting busy people who are quickly clearing their inbox for the day ahead, hoping their attack will hit the mark before the IT team has a chance to act.
Rather than linking to sites hosting malware, three-quarters of malicious links sent last year directed their recipients to bogus pages designed to steal passwords and other credentials, says the report from Proofpoint's Human Factor 2016.
"Attackers target the human factor because it is so much more difficult to defend with the kinds of traditional defence – like signature and reputation-based antivirus and anti-spam – on which most organisations still rely," said Kevin Epstein, Proofpoint's vice president of threat operations.
"People are easier to fool than machines. Anti-malware software is never too sleepy to question legitimacy, or too curious to avoid clicking."
Scammers are expanding their efforts beyond email to focus more on SMS and social media, with password-stealing "phishing" attempts 10 times more common than malware links in social media posts.
While email-based scams peak in the morning, social media-based scams are more common in the afternoon as people look for distractions from their work.
Online banking is also the primary target of malicious downloads, with banking Trojans accounting for three-quarters of all malicious payloads in emails.
Rather than just casting their net wide, scammers also target specific businesses by tailoring sophisticated spear-phishing attacks.
These communications often appear to come from senior executives within the business, with instructions to transfer money, pay bogus invoices, ship products or provide access to sensitive data.
Staff can also unwittingly put businesses at risk by bypassing security warnings and downloading mobile apps from rogue marketplaces, a threat that affects 40 per cent of enterprises according to the security report.
This issue is made harder to tackle by the rise of Bring Your Own Device programmes which allow people to use their personal devices for work tasks.
Proofpoint discovered more than 12,000 malicious mobile apps in authorised Android app stores. Many were capable of stealing information, creating backdoors and other nefarious functions, Epstein says.
Source:SMH
0 comments:
Post a Comment