Story image

Spoofs, forgeries, and impersonations plague inboxes

18 Feb 2019

It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.

According to security firm INKY, Q4 2018 was a busy period for phishing scammers as online shopping, shipping notifications, returns and virtual holiday greetings bombarded inboxes.

However, not all of those emails were legitimate. INKY analysed the phishing attacks with the highest volume and found that scam emails are more targeted than ever.

“Phishing attacks remain one of the largest threat vectors as cybercriminals have increasing access to sophisticated toolkits through the Dark Web and the human element remains the most porous aspect of cybersecurity,” comments INKY CEO Dave Baggett. 

“Even the most informed and vigilant members of an organisation that take extra measures to practice proper cybersecurity posture can fall prey to phishing attacks that are becoming indistinguishable from legitimate channels of communication.”  

More than half of all phishing emails bypass traditional anti-spam filters. This suggests that older generation phishing filters just can’t identify personalised attacks.

Corporate VIP impersonation takes the lion’s share of attacks

The report found that 11.4% of all phishing attacks impersonated VIPs or senior executives. 

"This type of attack is usually fairly involved and often delivered in real-time. A typical scheme can involve a scenario where the CEO (or perhaps someone from finance) is in a meeting, or is in a limited cellphone reception area where a confirmation call is not possible. The victim then becomes engaged with a request for help which eventually leads to handing over sensitive data without verification to the scammer on the other end".

Sender forgery – you think you know the sender, but you probably don't

The report found that 10.3% of attacks were sender forgery, and may be the most dangerous form of phishing email because it presents itself as being from a known contact.

“This type of attack perseveres as contacts maintain personal and professional emails. Often contacts cycle through Gmail, Yahoo and other popular mail providers, making it difficult to discern a legitimate message from a phishing attack.”

Corporate email spoofing

The report found that 5.9% of phishing attacks used corporate email spoofing, which blends the elements of VIP impression with sender forgery. 

"This type of attack is sophisticated in that it deliberately targets a specific corporate entity. It often occurs after a major announcement. The nature of the announcement has no bearing on the frequency of attacks. 

Both positive and negative news can be leveraged to provide cover for the phishing attacker’s true intentions. In the past (and for those remaining unprotected) corporate spoofing has resulted in the loss of corporate intellectual property, private information, financials and even protected healthcare information".

Dynatrace takes pole position in APM Magic Quadrant
It placed highest on Ability to Execute and furthest on Completeness of Vision in the 2019 Quadrant for Application Performance Monitoring (APM).
HCL and Xerox expand strategic partnership
Under the terms of the agreement, HCL will manage portions of Xerox’s shared services, including global administrative and support functions.
Avaya expands integration with Google Cloud AI
This includes embedding Google’s machine learning within conversation services for the contact centre, enabling integration of AI capabilities.
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
NVIDIA’s virtual proving ground for validating autonomous vehicles
The cloud-based platform enables millions of miles to be driven in virtual worlds across a broad range of scenarios.
Gartner: Local server revenue up by a quarter, shipments down
In Australia, server revenue increased 24.7% in 4Q18, while shipments declined 5.3%.