Phishing Attacks: The Human Factor

A few months ago, Clearview posted a blog providing a high-level overview of phishing, statistics and data relevant to phishing attacks, and identifying best practices to help prevent these attacks. In this blog post, we would like to explain the most important aspect of any successful phishing attack, that is, the cybercriminal relying on the human factor. In other words, cybercriminals rely on the target of the attack (the human) to be unaware and uninformed of tactics used in phishing attacks. In this blog post, we would like to dive deeper and provide one of many tactics deployed to exploit human behavior, identify whom cybercriminals tend to target in their attacks, and how cybercriminals use current trends to their advantage.

Have you ever heard of typosquatting? No, it’s not a type of exercise you can do at the gym, it’s a specific tactic used by cybercriminals to trick users into stealing their money and/or private information. In typosquatting, fraudsters register domains that are misspellings or typographically mangled versions of a legitimate domain to trick users who mistype the URL or do not look closely at email headers. For example, a user may want to go the website “litecoin.com” to download the Litecoin wallet to manage their encryption keys for their Litecoin account. However, if a user mistypes the domain and enters “itecoin.com” instead, they will be directed to a site that looks almost identical to the real Litecoin website, the difference being, when they click on the link to download the wallet, the app will be a modified version that lets attackers harvest credentials and steal funds once the app is opened. Just one letter missed, and a whole shebang of fireworks could be set off. Pay attention to the details and remember, it’s the little things that matter.

Do cybercriminals attack specific types of industries more than others? According to data provided by Proofpoint, they do. The industries with the highest number of attacks were: education, management consulting, entertainment/media, and telecommunications. Industries with the lowest number of attacks included defense and aerospace. So what is the reasoning that industries such as education and management consulting are so highly targeted by cybercriminals? This is because they are after the money, and less interested in corporate secrets. The higher attacked industries engage in high-value transactions with complex supply-chain and customer relationships that would be much easier to exploit for financial gain. But with all this information taken into consideration, even the lower attacked industries such as defense and aerospace are still targeted and are more likely than not to experience multiple attacks.

The popularity of cryptocurrency has also made its way into the cybercriminal world as a prime target for threat actors to directly monetize their efforts. The use of cryptocurrency in a phishing attack has followed trend with the significant price increase of cryptocurrency, specifically Bitcoin, that occurred in late 2017.

In one example of an attack, cybercriminals generated an email indicating that the ‘Bitcoin Generator App’ could be downloaded and then used to generate Bitcoin and earn income. The email would include a Word document which exploited a vulnerability in Office to install GOOTKIT – a banking trojan, which could then be used to steal credentials to take over bank accounts and transfer cash out of them.

However, as cryptocurrencies have decreased steadily back to what they were in mid-2017, the use of cryptocurrency in phishing attacks has decreased as well. This correlation between the two, indicates cybercriminals keep up-to-date and follow trends, which makes perfect sense. The goal of phishing is to exploit human behavior and for the targets to give up personal and/or financial information. A great way to exploit human behavior is to implement current trends into a phishing attack in one form or another and rely on humans to follow along with the trend.It should come to no surprise that new attack methods will continue to be deployed to exploit human behavior. Along with this, the methods will become more sophisticated and become more efficient. This means security professionals across the globe must keep up-to-date with tools, trends, and best practices.

Regarding typosquatting, deploying DMARC authentication and lookalike domain defenses will help to prevent cybercriminals from tricking employees and vendors into falling for a typosquatting attempt. But, the best defense to protect against phishing attacks will be and always will be, to train employees and make them aware of phishing tactics deployed by cybercriminals. Therefore, ensure all personnel employed within your organization are aware of the human factor.

All it takes is one click.