Think you're too good for phishing? Think again
(Duncan Alfreds, Fin24 | 10 October 2014)
Cape Town - You're not too smart to completely avoid being a victim of phishing.
This is according to a Google security report that found a high number of internet users fall prey to cyber criminal intent on stealing personal and financial data.
Google said that cyber attackers spend a considerable amount of time on targeted attacks.
"Even though they're rare - nine incidents per million users per day - they're often severe, and studying this type of hijacker has helped us improve our defences against all types of hijacking," wrote Elie Bursztein, Google Anti-Abuse Research lead on the Google blog.
Hacker success
Google found that manual hijackings had a higher success rate for cyber criminals who typically trick users into clicking on fraudulent websites.
"Most of us think we're too smart to fall for phishing, but our research found some fake websites worked a whopping 45% of the time. On average, people visiting the fake pages submitted their info 14% of the time, and even the most obviously fake sites still managed to deceive 3% of people," said Bursztein.
In an environment where hackers attempt millions of attacks, even a relatively low hit rate of 3% implies that large numbers of people may find themselves victims of cybercrime.
In a high-profile attack, celebrities, including Jennifer Lawrence and Mary Elizabeth Winstead, had nude images from their iCloud accounts leaked though Apple rejected accusations that its platform was flawed.
Retailer Home Depot also announced that 53 million e-mail accounts were stolen as hackers infiltrated the company's network with a third-party vendor's username and password.
Other retailers such as Target, e-Bay and others have also had significant data breaches as crooks focus on using the data to conduct phishing scams.
Other research has echoed how cyber criminals are becoming more brazen.
The Trend Micro Security Predictions for 2015 and Beyond: The Invisible Becomes Visible report says cyber criminals are changing their modus operandi from generic harvesting of data to specific, targeted attacks.
"What we are seeing today is not a huge surprise but rather the velocity and brutal measures cyber criminals are using to steal information," said Gregory Anderson, South Africa country manager at Trend Micro.
Personal relationships
According to the FBI's Internet Crime Report of 2013, people in the 50 - 59 year-old age group laid over 53 000 complaints (21.1% of all complaints) on internet fraud and lost over 7m out of a total of 1m for the year.
Google said that it has found a pattern in the way criminals operate once they had compromised accounts.
"Once they've broken into an account they want to exploit, hijackers spend more than 20 minutes inside, often changing the password to lock out the true owner, searching for other account details (like your bank, or social media accounts), and scamming new victims," said Bursztein.
Hackers also send phishing e-mails to the initial victim's contacts, exploiting the credibility of personal relationships.
"Since your friends and family think the e-mail comes from you, these e-mails can be very effective. People in the contact list of hijacked accounts are 36 times more likely to be hijacked themselves," Bursztein added.
Google advises that internet users make use of two step verification, never click on suspicious links in e-mails and use a strong password.
(Original article may be found here : http://www.fin24.com/Tech/News/Think-youre-too-good-for-phishing-Think-again-20141110)
Johann