Member Article

Facebook the most spoofed company in phishing emails

While the COVID-19 pandemic disrupted the world, it failed to interrupt the onslaught of phishing emails targeting organisations.

According to cybersecurity firm F-Secure’s Attack Landscape H1 2020 report, which examines online threats during the first half of the year, cyber criminals moved quickly to capitalize on the COVID-19 outbreak.

Beginning in March and continuing through most of the spring, there was a significant increase of malicious emails taking advantage of various COVID-19 issues as a lure to manipulate users into exposing themselves to various email attacks and scams.

COVID-19-related campaigns included in these emails ranged from attempts to trick users into ordering face masks from phony websites, to infecting them with malware via malicious attachments.

Of phishing emails coming across over the period, the largest share, 19%, imitated Facebook. Financial companies proved to be popular for spoofing, with several banks together making up 32% of attempts.

“Cyber criminals don’t have many operational constraints, so they can quickly respond to breaking events and incorporate them into their campaigns. The earliest days of the COVID-19 outbreak left a lot of people confused or worried, and attackers predictably tried to prey on their anxieties,” said Calvin Gan, a manager with F-Secure’s Tactical Defense Unit. “Spotting malicious emails isn’t typically a priority for busy employees, which is why attackers frequently attempt to trick them into compromising organizations.”

The report also notes that attacks leveraging cloud-based email services are steadily increasing and highlights a significant spike in phishing emails that targeted Microsoft Office 365 users in April.

This was posted in Bdaily's Members' News section by TH .