It’s only mid-April, yet there is no shortage of convincing phishing schemes to highlight for 2016.
Gartner reports that one in every 4,500 emails today is a phishing attack, threats that rely on social engineering to gain illicit access to personal and corporate assets.
Aaron Higbee, co-founder and CTO of PhishMe.com, says that this year’s crop of phishing attacks center around three main types:
“What’s happened is that all the techniques that security people have used in the past, such as sandboxes or combing URLs in a body of email, simply don’t work anymore,” Higbee says. “In many of these cases, the criminals bypass all the technical controls and exploit human factors, such as following up an email with a phone call to prove they are legitimate.”
Brian Reed, a Gartner analyst who focuses on data security, adds that the latest phishing scams have gotten increasingly sophisticated. Criminals are doing their homework, he says, finding out who has responsibility at companies for wire transfers and who in the chain is the most vulnerable to a phishing scam.
“These emails are not blindly sent from a fictitious Royal Prince with numerous misspelled words or other obvious errors in the message body,” he says. “They are done by criminals who have studied the inside of these organizations, understand how organizations communicate, and have combed social media to gather information about specific people to target at companies.”
Higbee adds that in many cases, the phishing scams still emanate from West Africa, but today they are major criminal operations.
“Some have even gone so far to set up entire call centers to study companies and follow up with phone calls,” Higbee says. “We’re finding that many of the prospects evaluating our solutions are demoralized. They’ve put every security control they know in place yet they still fall prey to these phishing scams.”
The following phishing schemes we highlight here represent the most egregious of these three type of phishing cases.
Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio