Phishers Change Tack to Target Corporates

Cyber-criminals have rapidly adapted their phishing campaigns over the past year, abandoning social media lures in favor of a new focus on business users with communication notification templates, according to Proofpoint.

The messaging security firm compared the findings of its 2014 report The Human Factor with those of the 2015 version and found some noticeable differences.

First and foremost was a 94% decrease in the use of social media invitation lures.

Fake LinkedIn invites used to be the dominant variety – with twice as many of these than any other social media phishing lure.

These were replaced by so-called “communication notification” phishing emails – of which voicemail and fax notifications were apparently the most common.

There was also an uptick in personal financial communication lures and corporate financial message templates such as wire transfers, purchase orders and other business-related transactions.

Proofpoint added:

“The corporate financial phishing templates also included targeted wire transfer or ACH phish sent to a specific user and with a spoofed ‘From’ line that included the name of an executive from the recipient’s company, often the CFO or CEO. These messages sometimes even had no links or attachments; combined with their relatively low volume this made them effective at evading defenses. In general, they had the lowest click rate of the top phishing templates, but conversely often delivered the biggest returns, as the numerous reports in 2014 of losses from fraudulent transfers demonstrated.”

The findings are yet more proof that cyber-criminals are able to rapidly switch tactics in order to evade defenses and take advantage of new opportunities. This could be to target new countries and regions or different roles within an organization, the firm said.

“While an important tool, user education cannot be the last line of defense,” Proofpoint warned.

“Organizations should deploy automated defenses capable of detecting and blocking threats that do not look or behave like previously known threats.”

What’s Hot on Infosecurity Magazine?