Display Name Spoofs Most Popular in Corporate Spear Phishing
NEWS

Display Name Spoofs Most Popular in Corporate Spear Phishing

A new GreatHorn report emphasizes on the growth of corporate phishing emails from March to November 2016. The firm has analyzed more than 56 million emails in the given period, gathered from 91,500 corporate mailboxes.

GreatHorn researchers concluded that attackers are relying more and more on highly targeted, non-payload attacks that are built on pressure tactics and exploit trust. This is how corporate users are tricked into taking action that eventually puts their organizations at risk. More specifically, GreatHorn detected 537,000 phishing threats, 490,557 or 91% of which contained display name spoofs.

Related: Spoofing Flaw Found in Chrome and Firefox Address Bar

Display Name Spoofs, Direct Spoofs and Domain Lookalikes

Spoofing is a popular technique among attackers. Display name spoofs particularly involve impersonating a person familiar to a corporate user for the purpose of making them believe they know the recipient. The technique is quite effective and is often leveraged in attacks on businesses, and represents 91% of said attacks. The reason it’s so effective is quite simple – corporate users are flooded with emails on a daily basis.

Besides display name spoofs, direct spoofs were also monitored by GreatHorn researcher who said it’s the second most popular spoofing technique. About 8% of the attacks observed contained direct spoofs. Domain lookalikes represented about 1% of the corporate phishing attacks.

According to GreatHorn CEO Kevin O’Brien:

Stopping spear phishing attacks isn’t as simple as pushing a button; the sheer volume of these attacks, coupled with the size of the attacks surface and security resource constraints, makes it impossible to mitigate risk solely via human intervention, no matter how much you try to train your end users. A true defense-in-depth strategy for protecting against these attacks requires unified visibility and control, coupled with risk-appropriate automation, across an organization’s entire communications infrastructure.

What is worse is that statistics show that even security and IT professionals are unsure of how to handle a flagged phishing attempt. Apparently, 41% of professionals do nothing, and only 33% decide to alert an administrator.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...