Casa > cibernético Notícias > Personalized Spear Phishing Emails Lead to Highest Ever Click Rate
CYBER NEWS

E-mails personalizados Spear phishing Levar a Melhor pontuação Clique Taxa

As tentativas de phishing são constantemente aprimoradas e tornadas mais sofisticadas e personalizadas. atualmente, carefully crafted spear phishing emails are being spread posing as airlines and financial departments. The attempts go so far that they imitate internal corporate travel and expenses systems. The end goal is always the same – delivering malware and stealing personal information from targets.

relacionado: ter cuidado! Amazon Phishing Scam Vítimas iscas com preços imbatíveis

Spear Phishing Becomes Highly Personalized and Very Successful

The described airline phishing attack has been divulgado by Barracuda researchers. The attackers have included various techniques in their arsenal with the purpose of stealing sensitive details from victims and infect them with an advanced persistent threat.

Here’s an example of a subject line used by the phishers:

Fwd: United Airlines: Confirmation – Flight to Tokyo – $3,543.30

The attack is made of the following techniques:

  • Impersonation. Attackers have initially researched the targeted organization’s structure and communication patterns. This is how emails become highly personalized leading to a very high click rate, sobre 90 por cento, representing one of the highest phishing click rates ever.
  • Entrega de malware. In this campaign, a piece of APT (Ameaça persistente avançada) is dropped onto the network once the attachment is opened.
  • Classical phishing. The attackers depend on the legitimacy of their emails to gather login credentials via a fake login page. Once these credentials are in the hands of the criminals, further access to internal and sensitive company data is granted.

The attacks that included links to a phishing website were designed to imitate an airline website, ou em outros casos, the expense or travel system used by the targeted company. This way the victim is lured into entering login credentials thus expanding the attack surface. As a result databases, email and file servers could be compromised.

What Could Organizations Do to Prevent Spear Phishing/ APT Attacks?

Organizations should employ a multi-layered security plan so that such attacks are prevented. The first layer of protection is sandboxing, followed by APT prevention. There are also advanced phishing engines that offer link protection which will search for websites with malicious code. Employee awareness and training shouldn’t be underestimated, também.

relacionado: Proteja Ataques Organização Networks Contra ransomware

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *