Attackers are known to pore over a company’s website and social channels. Perhaps they spot a mention of an upcoming charity event. Who runs the charity? What does their email signature look like? What’s the color and size of the charity’s logo?
This kind of information is priceless to attackers. From there, attackers can craft a targeted message. They might also follow up with a phone call. Even if the targets have been warned about scams, they might click on something they shouldn’t.
Phishing is the most common way for threat actors to gain access to victims’ networks, according to this year’s IBM Security X-Force Threat Intelligence Index. Approximately 41% of attacks that X-Force remediated last year involved this tactic.
That figure, up from 33% in 2020, accounts for all types of phishing, including mass emails and highly targeted ones. Some of the most advanced cyber threat actors in the world use phishing to deliver ransomware, malware, remote access Trojans or malicious links.
Phishing is number one for a simple reason.
“It works,” said Stephanie Carruthers, global social engineering expert at IBM Security X-Force Red. Phishing attacks are increasingly sophisticated, with bad actors becoming more organized, innovative and clever about targeting. Carruthers uses intelligence-gathering tricks and tactics in red team attack simulations for IBM clients.
More people fall for these simulations than you might expect. Nearly one in five people click on targeted phishing campaigns from X-Force Red. And when the attack uses a follow-up phone call, one in two people fall prey to the trick.
Phishing has endured since the 1990s despite decades of security advancement. But it’s not b ..
Support the originator by clicking the read the rest link below.
