phone number . Once the victim is on the phone , cyber attackers will use stories and emotion to pressure people into taking actions , such as giving up their passwords , purchasing gift cards or transferring money from their bank accounts to accounts controlled by the attacker .
Attackers have learned that while these attacks usually require far more work as they are not automated , they are often more successful and profitable as they can fool people out of their checking , savings or retirement accounts , stealing their entire life savings .
Scams Many phishing emails have no link or attachment , instead the messages are often very short and impersonate someone that the victim knows or trusts , such as their boss , a co-worker or a vendor they work or shop with .
BEC , Business Email Compromise or CEO Fraud attacks are a common example ,
Once an individual ’ s credentials are stolen , cyber attackers can cause a great deal of damage while operating undetected . when cyber attackers send an urgent email to a specific individual in accounts payable pretending to be a very senior executive , pressuring the individual to approve an invoice or payment . The accounts payable person believes they are doing the right thing , not realising they are approving a payment to cyber criminals .
One way you can determine what type of phishing attacks your organisation is seeing is check with your cyber threat intelligence team , your email support team or anyone responsible for your email filtering or perimeter defences . If you have some type of anti-phishing solutions , such as Proofpoint your security team can log and categorise the type of phishing attacks your organisation is seeing .
Below is an example of a real report for a real company . We see the following :
• 69 % of all phishing emails attempt to take the victim to a website to gather information . This is primarily password harvesting but may also include sites that include surveys .
• 14 % are imposter-based attacks , this would include scams such as BEC attacks , gift card , or billing , invoice scams .
• 8 % are Telephone Oriented Attack Delivery , TOAD attacks . This is a new category that Proofpoint added in 2023 due to an increase of these type of phishing attacks . The goal is for the victim to call a phone number .
• Only 9 % of all phishing emails are attempting to infect the victim with malware , via clicking on a URL or opening an email attachment .
INTELLIGENT TECH CHANNELS 39