Phish in a Barrel

Stealing Credentials

A whole swathe of attackers don’t care about gaining access to a computer or network, they’re just after stealing login credentials. A significant proportion of phishing emails contain malicious links that go to spoofed login pages for various online services. Malicious links are not just restricted to phishing; Symantec state that one 1 in 10 of all URLs are malicious.

Extortion

A growing threat to businesses is Business Email Compromise (BEC). To be clear: growing doesn’t mean it is not already a massive problem; The FBI reckon it accounts for half of all costs related to cyber crime, costing an average of $75,000 per incident. It is grouped with phishing as it uses email, but really it’s straight-forward social engineering. One of the most high-profile incidents was Nikkei America, who lost $29m to fraudulent bank transfers as the result of a BEC. It’s not all fake invoices and changes of bank account details — a smaller-scale but more common approach is emails asking for the purchase of gift cards.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
6point6

6point6

Leading with strategy, design and architecture, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations.