Email-based cyber attacks have become common these days. I am not the only one receiving emails saying that the file in the attachment contains data that I might be interested in knowing. Social engineering has become one of the major tools attackers use to lure targets into opening links or attachments.
A report by Proofpoint titled “The Human Factor 2019 Report” analyzes how email attacks rely on human interaction rather than automated exploits. Based on data obtained by screening 1 billion messages per day over 18 months, the report concludes that more than 99% of the attacks require human interaction to succeed.
Persuasive social engineering makes it difficult to distinguish a fraud email from a genuine one. Most attacks structure an email in a manner that it looks like they have received from a trusted source like Google, Microsoft, or a known contact.
The report also mentions that hackers tend to imitate the business routines of organizations to fool employees working there.
Other key conclusions found in the report include:
People who are frequently targeted by fraud emails are, usually, not high-profile individuals or VIPs. These are discovered identities or “targets of opportunities” for attackers.
Domain fraud — registering a domain name that looks similar to popular brands to trick users — lends a sense of legitimacy to a socially engineered fraud email.
Social engineering is extensively used in credential phishing, sextortion scams, and business email compromise (BEC).
While malicious actors prepare email attacks in a way that makes it difficult to distinguish a spam mail from a genuine one. However, you can identify a potentially malicious mail by check ..
Support the originator by clicking the read the rest link below.
