Skip to main content

Voice messages and ZIP files are a hacker's favourite tools

(Image credit: Photo Credit: andriano.cz/Shutterstock)

Scammers are using more than email to impersonate people and trick victims into giving away valuable information. According to a new quarterly report by email and data security firm Mimecast, hackers have also started using phones for the same purpose.

Researchers are dubbing these attacks ‘vishing’ because they’re similar to phishing attacks and have the same goal in mind. While in many cases, these attacks are low effort and low cost, there are some that are complex, targeted campaigns that leverage a variety of vectors and can last for days.

These “organised and determined” threat actors usually target organisations in banking and legal industries, looking to spread Azorult, Hawkeye, Nanocore, Netwired, Lokibot, Locky and Remcos malware, to name a few.

But that doesn’t mean that email is out of the picture. Quite the contrary – it’s still the most popular attack vector. Out of the 207 billion emails that Mimecast analysed, 34 per cent came with malware in a .zip file. ZIP is “consistently the most detected format”, as hackers bet on the victims being reckless and not paying attention to what they’re downloading.

“Threat actors seek numerous ways into an organisation - from using sophisticated tactics, like voice phishing and domain spoofing, to simple attacks like spam,” said Josh Douglas, vice president of threat intelligence at Mimecast.

“This quarter’s research found that the majority of threats were simple, sheer volume attacks. Easy to execute, but not as easy to protect against as it shines a very bright light on the role human error could play in an organization’s vulnerability.”