In 2014, the phishing URLs tracked by CYREN increased dramatically, rising 233% from the previous year. Why did this number increase? One reason is the potential for monetary gain. Cyber criminals use phishing attacks to steal personally sensitive and identifiable information from users. Sometimes this is to gain access to your online bank and transfer money directly to their own accounts. Often though, they will sell the Personally Identifiable Information (PII) on the black market where it will accrue almost ten times more value than credit card information. Another factor contributing to the increasing phishing threat, is that spear-phishing is a common practice in Advanced Persistent Threat attacks. Using simple spear-phishing emails to employees as a method to steal credentials, cyber criminals can quickly gain entry to corporate system and from there, develop the threat to a point that the enterprise experiences a full-blown data breach. A spear-phishing email is one that is directed at a small group or just a single person within an organization, often made to look as if it came from an internal source such as the HR department, or from an outside party that the person is in frequent contact with. In this way, even cyber-savvy users can be tricked into clicking the wrong link or submitting confidential information like their username and password. The exponential increase in phishing attacks tells us that this is an effective way for cyber criminals to acquire money or gain access to a corporate network.
Phishing is a global problem and CYREN detects more than 5,000 attacks every day, originating from all over the world. Global brands such as PayPal, Apple, and Google were world leaders in terms of brand names used in phishing attacks in 2014. In Asia, local brands like Alibaba and Made-in-China; and Cielo Payments and Banco Bradesco in Latin America, and Postbank.de and Postepay Italy in Europe were also commonly used as vehicles in phishing attacks. Using regional brands in phishing attacks increases the chance that an innocent user will fall for the scam, since they are familiar with the brand in question and might even have an actual account for that service.
In recent years, several countries have been the top targets for phishing attacks in the world. Brazil, Australia and the United States are among the ones sharing the controversial honor. The United Kingdom is a frequent guest in the top five list and in 2012 even reached top spot, according to RSA cyber security experts. CYREN sees a clear pattern in phishing attacks on the UK, with financial institutions mostly being targeted. Organizations including Lloyds, Barclays, Standard Chartered and HM Revenue & Customs (HMRC) are frequent brands used in phishing emails with as many as 10 variations of malicious URLs detected every day for each one.
Overall, the most frequent institution to be used as phishing bait in the UK is in fact Her Majesty’s Revenue & Customs (HMRC). Attacks are seen most days, usually featuring promises of a tax refund. HMRC is used in these sorts of attacks because most people pay tax so the net is cast wide, and most people think they pay too much tax, so to be told a significant amount of money is due as a refund is enough bait for people to click on the URL and enter details into the fake website.
Image: fake phishing website using HM Revenue & Customs as bait
The potential harm of a phishing attack is high, so every organization should take steps to train their employees to recognize a phishing email from a real one. One technique is to look at the URL in the web browser window once you have clicked on the link in the phishing email. It is not usually consistent with the URL of the real website. Users should also be instructed never to give up their username and passwords, or other sensitive information, whether it is via email or on a website form accessed via a phishing page.
Ultimately, the best way to prevent phishing damage to your organization and/or your employees is to prevent the phishing email from ever reaching a user’s inbox or, if it does, to employ a web security service that prevents access to malicious URLs.
Find out if Cyren Web Security is the right choice to protect your organization from web threats!