This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Phishing messages plague office workers and social networks

Share this article:
APWG reports on the highest number of phishing sites ever detected
APWG reports on the highest number of phishing sites ever detected

Phishing messages continue to plague corporate workers, with an average of six messages received every day.

A survey of 1,000 office workers by PhishMe found that 60 per cent of people fall for the messages and Aaron Higbee, CTO of PhishMe, said that people have a lot to lose if they fall for emails both at home and at work.

Higbee said: “Spear phishing is the criminals' preferred method of choice if they want to get inside an organisation. Some employees falsely believe that their role isn't important enough for a hacker to attempt to spear phish them. If the attacker's main goal is to simply obtain access to an internal network, they won't discriminate. Everyone is a potential target. Their methods are increasingly more sophisticated and use social media more and more to tailor-make emails that trick people into opening them.

“We have found that workers are not connected to protecting their corporate assets. They believe it's the security team's job to protect them from all outside threats, and that security products alone can protect the ‘corporate crown jewels'.

“However, it's a different case when it comes to people protecting their own data on their mobile devices or home computers — our experience shows that people are far more likely to be on their guard when looking at emails at home because they have far more to lose than at work.”

A year ago, the anti phishing working group (APWG) announced that February 2012 saw record amounts of phishing emails detected, while research from Trend Micro found that 91 per cent of targeted attacks begin with a spear phishing message. 

GFI Software's VIPRE report for January 2013 found that phishing campaigns were particularly rampant on social networks last month. It said that a number of social network-based cyber crime attacks, including phishing messages on Twitter and Facebook, as well as malicious spam messages disguised as event invites on LinkedIn.

The Twitter campaign was especially prominent, as after the attack cyber criminals stepped up their efforts, according to research by Websense.

GFI Software said that similar messages were seen on Facebook and LinkedIn, with Facebook users receiving messages claiming that the victims had violated the social network's policies by ‘annoying or insulting' other users, and ordering them to reconfirm their accounts to avoid being banned from the site.

Clicking on the link took them to a page where they had to complete a ‘security check' by entering personally identifiable information, their Facebook login credentials, which webmail service was linked with their Facebook accounts and the first six digits of their credit card, regardless of whether or not they had purchased Facebook credits in the past.

The LinkedIn scam saw members who identified themselves as business owners receiving spam emails notifying them that an employee had sent them an event invitation. Clicking on the links in the email directed the victims to malicious sites containing malware that exploited unpatched vulnerabilities on their systems.

Christopher Boyd, senior threat researcher at GFI Software, said: “More and more young people entering the workforce think of social networking as a standard part of everyday life. By focusing their efforts on these sites, cyber criminals can increase their chances of fooling a larger number of users to unknowingly download malware onto their PCs and mobile devices. As a result, these users end up providing social network account information that can be used to reach even more potential victims.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.

Hackers smuggle out stolen data disguised as videos

Hackers smuggle out stolen data disguised as videos

Around a dozen organisations, including at least one financial sector company, have been hit by a new form of hacking where attackers hide stolen corporate data inside video files that ...