Emails in which hackers pose as someone else are on the rise, and the financial industry is taking the brunt of the blow.
This is according to a new report by cybersecurity company Proofpoint which found fake emails targeting financial services have jumped by more than 60 per cent, compared to the same period last year. Email attacks from more than 100 financial services in 2017 and 2018 were analysed.
It seems as hackers are using multiple identity deception tactics in their email scam attempts. These vary from domain spoofing, to display name spoofing, to lookalike domains.
According to Proofpoint, domain spoofing is a common identity deception tactic. Hackers use it to send malicious emails from the victim’s own trusted domain.
In the final quarter of last year, more than two thirds (69 per cent) of financial services were victims of such an attack. Of those that were attacked, more than half (56 per cent) have had at least five, and sometimes more, employees as targets. Just 17 per cent of organisations have had just one person targeted in the same quarter.
Almost all organisations (97 per cent) have had their domain spoofed at some point during last year.
Employees are generally considered the weakest link in an organisation’s security posture. Businesses are advised to train and educate their employees not to click on suspicious links in emails, and to be very careful when opening attachments.
Image Credit: Gustavo Frazao / Shutterstock