Business Email Fraud Attacks Jump 25%
Cyber-criminals are sending more emails than ever before to defraud organizations, according a new report, Protecting People, from Proofpoint.
The firm analyzed more than 600 million emails, revealing that the number of email fraud attacks per targeted company rose 25% from the previous quarter, and 85% from the same time last year.
What’s more, in analyzing seven million mobile apps and hundreds of social media accounts, Proofpoint discovered that malicious actors are increasingly finding ways to bypass social media security tools and accurately spoofing senior staff members’ identities.
The report revealed that phishing links sent through social media platforms shot up by 30% whilst individual contributors and lower-level management made up around 60% of highly-targeted attack targets.
Workers in operations and production functions represented 23% of highly-targeted attack victims and customer-support fraud increased by 39% compared to the previous quarter, up 400% from the previous year.
Speaking to Infosecurity, Nick Frost, co-founder at Cyber Risk Management Group, said Proofpoint’s findings show that the use of email is becoming the vector of choice for cyber-crime.
“Key to this is engineering emails and spoofing email addresses to a level of sophistication that fails to alert the recipient that there is anything suspicious about the email. Techniques such as web crawling, web scraping are able to collect and collate key information about an individual that can be used in crafting an email, accompanied by a link (as part of a phishing attack) to an unsuspecting user.”
Repeated phishing simulations are therefore key in ensuring staff across organizations are consistently reminded to ‘think’ before clicking on a link or opening an attachment on an email, he added
“Whilst there are many legitimate web crawlers and many are enabled for business reasons, there may be organizations and individuals that wish for their information not be collected and shared either for legitimate or adversarial purposes. There are tools that organizations can adopt that prevent or even delay web crawlers.”
Source: Information Security Magazine