According to a recent Websense report, phishing campaigns dropped to 0.5 percent in 2013 (from 1.12 in 2012), but the campaigns have also become more sophisticated and targeted. [1] Phishing emails lure the receiver to respond by clicking a link and giving personal information to what appears to be a trusted source. These campaigns are sometimes used in conjunction with other attacks to extract targeted information from businesses.
Phishing email may appear to come from colleagues, friends, trusted banking sites, and social media sites. Unwitting victims may give banking information, passwords, and even social security numbers, thinking that they are communicating with a trust source. The United States has typically had the most malicious host URLs. It still remains in the second position, but China passed U.S. this year as the country with the most malicious URLs.
Subject lines can sometimes be clues to potential phishing attacks. According to the Websense report, the top five subject lines to watch include the following:
1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear Customer
4. Comunicazione importante
5. Undelivered Mail Returned to Sender
In addition to being wary of these common subjects lines, users should have a strong security solution that can flag potential email attacks such as phishing or malware attachments. Additionally, they should be cautious even with emails from friends and family. If information is requested or users are invited to click a link that seems questionable, it might be a good idea to check with the friends to make sure they really sent the email. If it is from a financial institution, be sure you actually do business with them, and be cautious what type of information you send.
If you did not request an email from the business or haven’t been conducting business recently via email, you might double check with institution or load their site separate from the email to make sure you load the real site.
[1] Carl Leonard. “New Phishing Research: 5 Most Dangerous Email Subjects, Top 10 Hosting Countries.” December 10, 2013 <http://community.websense.com/blogs/websense-insights/archive/2013/12/10/new-phishing-research-5-most-dangerous-email-subjects-top-10-hosting-countries.aspx?cmpid=pr>
