Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
10:00 AM
Malwarebytes Labs
Malwarebytes Labs
Partner Perspectives

Phishing Threat Continues To Loom Large

Phishing and spear phishing will only get worse unless companies proactively train employees to recognize a scam when they see one.

The growth and impact of phishing emails is on the rise. A recent Osterman Research survey found that there has been a variety of security incidents attributable to malicious emails. For example, 41% of organizations surveyed have lost sensitive data on an employee’s computer, and 24% have lost sensitive data from a corporate network.

Also on the rise: spear phishing, typically directed at a smaller group of potential victims, including senior officers within a company. In fact, Malwarebytes’ own CFO Mark Harris was hit with one a few months back. Government organizations that are likely to possess sensitive information such as login credentials to corporate financial accounts are also highly targeted.

One of the primary reasons that phishing is so effective is that many email users are not sufficiently skeptical or discriminating about suspicious emails, often because they lack training about how to identify phishing attempts. Our research has found that once users are trained about phishing, they are less susceptible to these attempts.

Spear phishing, on the other hand, has become a successful threat vector because many potential victims provide phishers with much of the information they need for them to craft messages that will seem to be genuine. For example, Facebook, Twitter, LinkedIn, and other social media venues contain large quantities of valuable information about personal preferences, travel plans, family members’ names, affiliations, and other personal and sensitive information that can be incorporated into spear-phishing emails to make them seem more believable.

To demonstrate how phishers might use personal information to their advantage, I found someone on Facebook whom I do not know personally but has an active presence and provides a significant amount of information on his public Facebook page, including:

  • He visited Tapley’s Pub in Whistler, British Columbia, on Sept. 20.
  • He visited The Brewhouse in Whistler on Sept. 16.
  • The names of at least some of the people he was with on Sept. 13.
  • He visited the 192 Brewing Company on Sept. 12.
  • He visited the Chainline Brewing Company on Sept. 11.
  • He visited American Pacific Mortgage on Sept. 9.
  • He went to a Seattle Seahawks game on Sept. 3.

Moreover, based on his Facebook profile, we know the company for which he works, the city in which he lives, his wife’s name, and lots of other information about him. If I were a phisher attempting to gain access to his corporate login credentials, for example, I could craft an email with the subject line “Problem with your credit card charge at Tapley’s Pub” -- a subject line that would likely resonate with him given his recent personal experience at that restaurant.

I could provide a short, believable message about a problem in running his credit card and provide a link asking him to verify the charge. That link could be to a site that would automatically download a keystroke logger to his computer, after which I would be able to capture every keystroke he made from then on, which might include login credentials and credit card numbers.

Given that smaller organizations often do not have the training or technology in place to detect phishing attempts, my chance of success at infecting his computer would be reasonably high.

Phishing and spear phishing are serious problems that will get worse in the future, often because victims are not sufficiently trained and because many provide key information to cybercriminals. Organizations must work to raise awareness among their employees or risk the exploitation of sensitive company data. 

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-26
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
PUBLISHED: 2020-11-26
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
PUBLISHED: 2020-11-26
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.
PUBLISHED: 2020-11-26
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the b...
PUBLISHED: 2020-11-26
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest...