Expert Analysis On Most Sophisticated Phishing Techniques Using Brand Impersonation

Cybercriminals are employing the most sophisticated phishing techniques using brand impersonation, social engineering and phishing to lure in victims to take over their email accounts according to a study by Researchers from Barracuda and UC Berkeley.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Robert Capps
Robert Capps , VP
InfoSec Expert
February 10, 2020 10:21 am

Attacks happen in phases and this report does a good job following them. Account takeover attacks start with the theft of the credentials, either through a system breach, malware, or phishing. There are three broad phases for an attack: gathering the data, testing the data, and monetizing the data. No single fraudster is skilled at all three phases, forcing them to collaborate and leverage each other’s resources. Phishing emails trick victims into clicking on links or on documents that appear legitimate, only to automatically download key loggers or other malware tools used to harvest credentials. Because of the different stages of fraud, we often see time gaps between one step and the next, such as between a successful login into one account and the time when there was malicious activity in the account. Similarly, bad actors use software to attack multiple accounts within seconds, using the cloud or hijacked home computers to originate these attacks, to blend their traffic in to the general internet flow. Technologies that have visibility into these suspicious activities within an account, such as behavioral and device intelligence technologies, can mitigate the attacks before they create any damage for the account owner or the company.

Last edited 2 years ago by Robert Capps
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x