BankThink

Phishing attacks no longer 'look silly'

DoorDash recently announced a data breach which exposed names, email and delivery addresses, order history, phone numbers and hashed and salted passwords of users who joined the platform before April 5, 2018, putting close to 5 million people at an increased risk for phishing attacks and other fraudulent activity.

Cybercriminals can use this kind of data, in combination with effective and widely used email impersonation techniques, to send people especially convincing phishing emails. If successful, these phishing attacks can lead to account takeover, identity theft and other scams. In fact, 83% of phishing emails are brand or company impersonations.

There is a common misconception that phishing emails are easy to spot, because they’ll contain spelling errors or broken English and are clearly not coming from anyone the recipient knows. But in reality, cybercriminals have become extremely adept at crafting emails that are indistinguishable from legitimate emails. And, because most email security solutions focus on scanning content, these phishing emails often get missed entirely.

PSO90617phishing

We’ve seen this happen recently with the latest Instagram copyright phishing attack. Hackers are trying to steal user login details by sending seemingly legitimate emails directing victims to an identical-looking Instagram page and asking them to complete a copyright infringement form to avoid account deactivation.

Also, in the case of the Cobalt Dickens phishing campaign, Iranian hackers are attempting to access academic research and other valuable data from universities by sending phishing emails impersonating online library services and directing users to a seemingly legitimate URL requesting login details.

And in the Autumn Aperture attack, North Korean hackers are impersonating senders that are known to the U.S. targets, hiding malware in legitimate-looking documents and sending spoofed emails that their victims may even be expecting.

And the list goes on and on.

Trust is an essential aspect of day-to-day life. People need to be able to trust that the companies and services they use, or work for, are going to protect their sensitive, personal data. Organizations must do a better job at securing that data in order to maintain trust. Additionally, people need to be able to trust that emails they receive are actually sent by real people or entities, as opposed to cybercriminals leveraging impersonation techniques.

To stop these advanced phishing attacks, it’s important to prevent these malicious emails from ever entering inboxes in the first place. Email security solutions that focus on authenticating sender identity are critical to fostering an atmosphere of trust with email communication. This will also help reduce data breaches, since phishing emails are implicated in more than 90 percent of all cyberattacks.

For reprint and licensing requests for this article, click here.
Phishing Payment fraud Risk Retailers
MORE FROM AMERICAN BANKER