International. Phishing has become a serious concern for IT security professionals in charge of protecting today's businesses.
An email spear-phishing attack was recently launched at the U.S. president's office through the White House military office, demonstrating how high they are looking at these types of attacks. However, hackers aren't just targeting governments; companies are increasingly targeting these same types of attacks.
In order to better understand phishing trends and the evolution of these threats, Websense Security Labs conducted new research.
Top Findings: 92% of spam contains a URL, and the total percentage of spam that can be considered phishing is approximately 1.62%.
While this might seem a small thing, it can be put into perspective by the fact that spam campaigns can reach more than 250,000 emails per hour and that the percentage of spam related to a virus was only 0.4%. Phishing attempts are superior to malicious executables on the email volume.
The United States continues to dominate the volume of phishing URLs hosted in that country.
The top 10 countries hosting phishing URLs, according to research conducted from September 2011 to September 2012, are: 1. United States, 2. Canada, 3. Bahamas, 4. Egypt, 5. Germany, 6. United Kingdom, 7. Netherlands, 8. France, 9. Brazil and 10. Russia.
Four of the top five subject lines of phishing email are security-related.
These types of attacks represent the largest volume of recent subject lines designed to appeal to victims.
The top five subject lines of the phishing email, based on research from July to September 2012, are: 1. Someone had access to your account, 2. Message from the bank's customer Internet service (Bank Name), 3. Security measures, 4. Check your activity, and 5. Security notification of your account.
Most phishing emails are sent on Friday followed by Monday and Sunday.
The main days of the week, according to research conducted from September 2011 to September 2012, are: 1. Friday (38.5%), 2. Monday (30%) 3. Sunday (10.9%), 4. Thursday (6.5%), 5. Tuesday (5.8%), 6. Wednesday (5.2%) and 7. Saturday (3.2%).
Three methods designed to stop 95-99% of spear-phishing attempts.
1. Educate employees
2. Sandbox for incoming email
3. Real-time analysis and inspection of your web traffic
"Spear-phishing is becoming more common in the workplace," said Josue Ariza, territory manager for Spanish-speaking South America and the Caribbean. "Security professionals are increasingly concerned about these attack methods as they continue to evolve. Early detection and educating your employees will help you secure your data and thwart these advanced attacks."
Leave your comment