Social media makes phishing attacks easy
People like getting friend requests on social media, and hackers are using that to launch successful phishing campaigns. This is according to a new report released by phishd by MMR InfoSecurity.
After reviewing simulated attack campaigns targeting almost a million users, phishd by MMR InfoSecurity says that social media is the most effective lure to have victims clicking email links.
Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 percent) provided user credentials, and 80 percent downloaded a file.
Financial lures, like the ones where malicious actors send invoices for downloading, were proven to be least successful. Human resource requests were the most effective, though, with 73 percent users who clicked the link provided their credentials.
James Moore, managing director of phishd by MWR InfoSecurity comments: "The results of these simulated phishing attacks brings to the fore many security professionals’ worst fears -- many users are still not savvy to the potential risks posed by targeted phishing attacks. If these attacks had been real, around 990,000 users could have been compromised. With so much of our lives, both professionally and personally, now conducted online we all too often click on links and open attachments without a second thought to checking the legitimacy of the email and the sender."
"This core behavior is difficult to modify. More than 10 percent of targeted users fell victim to the first two stages of our simulated attack and disclosed their user credentials, but more concerning is that out of those targeted with a social media request or a promotional offer, more than 10 percent downloaded a potentially malicious file via their corporate email accounts."
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.
Image Credit: wk1003mike / Shutterstock