Here at PaySimple, we take security of all forms very seriously. Not only because we work in the world of online payments, but also because of the rapidly changing methods in which online attacks can be executed. Earlier this week, our Director of Information Security and Compliance Mike Trofi sent out an email updating us with some great facts and tips to stay safe, and we though it would be valuable to pass along. Enjoy!
Time and time again, social engineering has shown itself to be one of the most effective tactics attackers use to defeat enterprise security.
In a new research paper, security firm FireEye has identified the most common social engineering techniques used in spear-phishing attacks targeting enterprises. In an analysis of the threat landscape last month, Symantec reported the global phishing rate in August increased slightly to roughly one in 312.9 emails that contained some sort of phishing attack.
Most of the organizations spoofed in the attacks, Symantec noted, were e-commerce businesses (39.31 percent), information services (32.31 percent) and banks (27.01 percent).
According to FireEye’s report, the world’s cybercriminals look to create a sense of urgency to trick unsuspecting victims into downloading malicious files. During the first half of the year, the malicious file names detected by FireEye tend to use the words ‘DHL’ (23.42 percent), ‘notification’ (23.37 percent) and ‘delivery’ (12.35 percent). During the second half of 2011, the top three most common words used in malicious file names were ‘label’, ‘invoice’ and ‘post.’
One way cybercriminals fool users is by sending files purporting to be notifications about express shipments. Given the ubiquity of these services, and their inherent importance and urgency, users are being compelled to open malicious files labeled with shipping-related terms.
This ploy is one of the most common. Shipping and postage-related terms made up over 26 percent of words featured in malicious file names, and comprised 7 of the 10 most common words identified in the first half of 2012. File names such as DHL document.zip, Fedex_Invoice.zip, and Label_Parcel_IS741-1345US.zip represent samples of the types of file names criminals are using.
By far, .zip files were the most common malicious attachments seen, compromising 76.91 percent of the file extensions used by attackers. Next on the list were PDF files, which accounted for 11.79 percent.
Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spear-phishing emails are on the rise because they work.
Beyond terms tied to mail services, cybercriminals favor words related to finance, such as the names of financial institutions and associated transaction such as ‘ VisaCard-N486102989.zip’ or tax-related words like ‘Tax_Refund.zip.’ Travel and billing words such as “American Airlines Ticket” and “invoice” are popular in spear-phishing email attachment as well.
Most of these attacks attempt to trick users into opening attachments because they think it’s urgent or important. If users were educated on what to look out for then they would not open these attachments so easily.