Blog

Don’t Bite: The Top 3 Email Phishing Lures

Phishing—the practice of tricking an email recipient into clicking on an embedded attachment or URL in order to infect their computer or steal information—remains a leading threat to organizations. In the last year, the biggest phishing campaigns have focused on .. Continue


Category
Growth & Best Practices

Published on
Written by
Editor

Phishing—the practice of tricking an email recipient into clicking on an embedded attachment or URL in order to infect their computer or steal information—remains a leading threat to organizations.

In the last year, the biggest phishing campaigns have focused on delivering payloads that can be rapidly monetized, from banking Trojans such as Dridex to ransomware like Locky. Losses from these campaigns continue to mount, from at least $30 million to Dridex in the UK alone to as much as $1 billion globally for all ransomware in 2016.

So how should organizations protect themselves? What are the top three email lures compelling all of these clicks?

1. Please see your invoice attached

“Money out” lures

“Money out” lures are the most popular with phishing attackers by a wide margin, accounting for almost half of all observed phishing campaigns. The “money out” category of phishing lure uses the expectation that a payment is or will be due to trick recipients into opening the email messages and clicking on the attachment or link.
 

your_order

“Your order” email lure distributing Locky ransomware

 

2. Click here to open your scanned document

Fax and scan notification lures

Continuing for another year as the second-most common category of email lure, electronic fax and scanned document notifications were observed in approximately 10 percent of phishing campaigns.

These lures have an inherent urgency, coupled with a historic association of fax with phone lines and audio, which aren’t naturally associated with malware.
 

fax_notification

Fax notification lure distributing CryptoWall ransomware

 

3. Your package has shipped—your shipping receipt is attached

Shipping and delivery notification lures

Fake shipping or delivery notifications remain popular with phishing attackers as they capitalize on the widespread use of online shopping. While some of these email lures employ stolen branding from major shipping and delivery vendors in order to create a more realistic and convincing email, others purport to be directly from the vendor, rather than the delivery service.
 

shipping_notification

Shipping notification lure distributing Vawtrak banking Trojan

 

Top tips to ensure you don’t “bite”

Proofpoint research in The Human Factor report has demonstrated that in every organization, at least one user will click on a malicious email. To protect your organization, your users, and your data against the latest attacks, we recommend the following:

  • Given the sheer volume of attacks coming through email, invest in mail gateway solutions capable of detecting and preventing advanced attacks and those that do not involve malware. This step helps minimize the number of threats coming into the network.
     
  • Never allow emails with attached executable code to be delivered. Likewise, do not allow people to share code over email. Enact simple rules that block .exe or .js attachments to prevent obvious malicious exploits from entering your environment.
     
  • Deploy security solutions that can correlate activity across threat vectors. That capability gives you deeper insight into attacks to help you resolve them, block future attacks, and more easily detect those that do get through.

Start selling Proofpoint Essentials through Ingram Micro Cloud today and provide your customers with advanced protection against phishing emails. Learn more at: http://www.ingrammicrocloud.com/proofpoint.