According to the lastest report from proofpoint, cybersecurity attacks that rely on identity deception are ramping up, including social media fraud.
This newest technique is called “angler phishing” (named after the nightmarish anglerfish, and the cunning way it lures prey towards itself), includes instances when attackers create a highly convincing customer service account on social media and wait for a business’s customer to reach out to a brand with a request. The imposter sends a reply from a fake support account and directs the customer to a lookalike website, the customer is invited to log-in, and inadvertently hands over their credentials.
According to the report, social media accounts associated with angler phishing have increased by about 40% over the previous quarter, while customer support fraud on social media has soared 486% versus a year ago in 2017.
Web-based attacks that use social engineering, such as those tricking users into downloading malware, or visiting a phishing site through fake antivirus notifications and software updates, grew 150% versus the previous quarter.
According to the report, organizations targeted in spoofing-related attacks were the intended recipient of attempts that spoofed more than five identities nearly 60% of the time, a shift from the previous quarter when attackers focused on spoofing fewer, higher-authority identities.
Lower-level employees are being targeted more than those in higher-level roles. Nearly 30% of the most targeted malware and credential phishing attacks were directed at generic email accounts typically shared by two or more employees within an organization. The report seeks to organize the people most attacked in an organization by their department and found that the most attacked persons belong to:
- Facilities/Internal Support
Social engineering attacks usually involve some form of spoofing and rely on identity deception. By pretending to be someone trusted, an imposter hopes to trick a person into opening a malicious attachment, clicking on an unsafe link, entering credentials, sending sensitive files, or wiring money. The attacker will use domain spoofing to change the “from” and “reply-to” headers—even on domains they don’t own. They may register a lookalike domain that appears authentic by using “typesquatting,” like changing an “O” to a “0.”
The report recommends implementing the following to protect your organization:
- Adopt a people-centric security posture
- Train users to spot and report malicious email
- Assume your users will eventually click some threats
- Build a robust email fraud defense
- Partner with a threat intelligence vendor
Read why organizations are worried about negligent users falling prey to deception techniques.