Expert Analysis On Most Sophisticated Phishing Techniques Using Brand Impersonation

Cybercriminals are employing the most sophisticated phishing techniques using brand impersonation, social engineering and phishing to lure in victims to take over their email accounts according to a study by Researchers from Barracuda and UC Berkeley.

Experts Comments

February 10, 2020
Robert Capps
VP
NuData Security
Attacks happen in phases and this report does a good job following them. Account takeover attacks start with the theft of the credentials, either through a system breach, malware, or phishing. There are three broad phases for an attack: gathering the data, testing the data, and monetizing the data. No single fraudster is skilled at all three phases, forcing them to collaborate and leverage each other’s resources. Phishing emails trick victims into clicking on links or on documents that appear .....Read More
Attacks happen in phases and this report does a good job following them. Account takeover attacks start with the theft of the credentials, either through a system breach, malware, or phishing. There are three broad phases for an attack: gathering the data, testing the data, and monetizing the data. No single fraudster is skilled at all three phases, forcing them to collaborate and leverage each other’s resources. Phishing emails trick victims into clicking on links or on documents that appear legitimate, only to automatically download key loggers or other malware tools used to harvest credentials. Because of the different stages of fraud, we often see time gaps between one step and the next, such as between a successful login into one account and the time when there was malicious activity in the account. Similarly, bad actors use software to attack multiple accounts within seconds, using the cloud or hijacked home computers to originate these attacks, to blend their traffic in to the general internet flow. Technologies that have visibility into these suspicious activities within an account, such as behavioral and device intelligence technologies, can mitigate the attacks before they create any damage for the account owner or the company.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.