Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
10:00 AM
Malwarebytes Labs
Malwarebytes Labs
Partner Perspectives

Phishing Threat Continues To Loom Large

Phishing and spear phishing will only get worse unless companies proactively train employees to recognize a scam when they see one.

The growth and impact of phishing emails is on the rise. A recent Osterman Research survey found that there has been a variety of security incidents attributable to malicious emails. For example, 41% of organizations surveyed have lost sensitive data on an employee’s computer, and 24% have lost sensitive data from a corporate network.

Also on the rise: spear phishing, typically directed at a smaller group of potential victims, including senior officers within a company. In fact, Malwarebytes’ own CFO Mark Harris was hit with one a few months back. Government organizations that are likely to possess sensitive information such as login credentials to corporate financial accounts are also highly targeted.

One of the primary reasons that phishing is so effective is that many email users are not sufficiently skeptical or discriminating about suspicious emails, often because they lack training about how to identify phishing attempts. Our research has found that once users are trained about phishing, they are less susceptible to these attempts.

Spear phishing, on the other hand, has become a successful threat vector because many potential victims provide phishers with much of the information they need for them to craft messages that will seem to be genuine. For example, Facebook, Twitter, LinkedIn, and other social media venues contain large quantities of valuable information about personal preferences, travel plans, family members’ names, affiliations, and other personal and sensitive information that can be incorporated into spear-phishing emails to make them seem more believable.

To demonstrate how phishers might use personal information to their advantage, I found someone on Facebook whom I do not know personally but has an active presence and provides a significant amount of information on his public Facebook page, including:

  • He visited Tapley’s Pub in Whistler, British Columbia, on Sept. 20.
  • He visited The Brewhouse in Whistler on Sept. 16.
  • The names of at least some of the people he was with on Sept. 13.
  • He visited the 192 Brewing Company on Sept. 12.
  • He visited the Chainline Brewing Company on Sept. 11.
  • He visited American Pacific Mortgage on Sept. 9.
  • He went to a Seattle Seahawks game on Sept. 3.

Moreover, based on his Facebook profile, we know the company for which he works, the city in which he lives, his wife’s name, and lots of other information about him. If I were a phisher attempting to gain access to his corporate login credentials, for example, I could craft an email with the subject line “Problem with your credit card charge at Tapley’s Pub” -- a subject line that would likely resonate with him given his recent personal experience at that restaurant.

I could provide a short, believable message about a problem in running his credit card and provide a link asking him to verify the charge. That link could be to a site that would automatically download a keystroke logger to his computer, after which I would be able to capture every keystroke he made from then on, which might include login credentials and credit card numbers.

Given that smaller organizations often do not have the training or technology in place to detect phishing attempts, my chance of success at infecting his computer would be reasonably high.

Phishing and spear phishing are serious problems that will get worse in the future, often because victims are not sufficiently trained and because many provide key information to cybercriminals. Organizations must work to raise awareness among their employees or risk the exploitation of sensitive company data. 

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.