People like getting friend requests on social media, and hackers are using that to launch successful phishing campaigns. This is according to a new report released by phishd by MMR InfoSecurity.
After reviewing 100 per cent phishd simulated attack campaigns targeting almost a million users, it was said that social media is the most effective lure to have victims clicking email links.
Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 per cent) provided user credentials, and 80 per cent downloaded a file.
Financial lures, like the ones where malicious actors send invoices for downloading, were proven to be least successful. Human resource requests were the most effective, though, with 73 per cent users who clicked the link provided their credentials.
James Moore, Managing Director of phishd by MWR InfoSecurity comments: “The results of these simulated phishing attacks brings to the fore many security professionals’ worst fears – many users are still not savvy to the potential risks posed by targeted phishing attacks. If these attacks had been real, around 990,000 users could have been compromised. With so much of our lives, both professionally and personally, now conducted online we all too often click on links and open attachments without a second thought to checking the legitimacy of the email and the sender.
“This core behaviour is difficult to modify. More than 10% of targeted users fell victim to the first two stages of our simulated attack and disclosed their user credentials, but more concerning is that out of those targeted with a social media request or a promotional offer, more than 10% downloaded a potentially malicious file via their corporate email accounts.”
Image Credit: wk1003mike / Shutterstock