- Most fraudulent emails used brand names like Dropbox and DocuSign to get users to click on malicious links.
- Hacking attempts focused on human vulnerabilities in a system instead of lapses in software or hardware.
A recent report from security firm Proofpoint details how the biggest risk to companies are not external threats but their own employees where most cyber-attacks are designed to take advantage of human error instead of flaws in hardware or software.
The report found that 50% of all clicks on malicious messages happened within an hour of it arriving in the victim’s inbox, and 30% clicked on the malicious message within 10 minutes of receiving the email.
“Email remains the top attack vector…Attackers are adept at exploiting our natural curiosity, desire to be helpful, love of a good bargain, and even our time constraints to persuade us to click”
The report stated “Many of these attacks rely on social engineering. Others simply take advantage of inclinations for immediate gratification, improved status, or even the reward of ‘getting something for nothing.'”
Phishing emails falsely claiming to be from Dropbox and DocuSign were the most common lure hackers used and had a high rate of success, the report said. Ransomware and banking Trojans accounted for more than 82% of the malicious messages searched for the report.
Crimeware was specifically used when attacking the tech and healthcare industries, and the manufacturing industry was repeatedly hit with phishing attempts along with the construction industry.
“As the threat landscape continues to evolve, new tools and approaches are emerging regularly. But one thing remains constant: the human factor,” the report stated. “More than ever, cyber criminals rely on people to download and install malware or send funds and information on their behalf.”
“Attackers are opportunistic and adaptable. They take advantage of new options, vectors, and tools to increase their chances of success,” the report said. “These opportunistic attacks extend to social media channels and cloud-based tools as well. Fraudsters and other attackers capitalize on major events and trends and leverage legitimate services to trick defenders and victims.”
Proofpoint said education, consulting, and entertainment firms suffered from the largest number of email fraud attacks, with each organization averaging about 250 attacks.
We strongly suggest you get a quote for security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don’t, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.