back to article Cybercrooks home in on infosec's weakest link – you poor gullible people

Cybercrims are ramping up their efforts to target employees through fraudulent email and social media scams, according to a new study by email security firm Proofpoint. Retailers and government agencies saw huge quarter-on-quarter increases in email fraud attempts in calendar Q2, with attacks per company and agency soaring 91 …

  1. This post has been deleted by its author

  2. Will Godfrey Silver badge
    Thumb Up

    Unusual wording

    But not necessarily wrong

    Oxford Dictionary: sharpen (a blade), refine or perfect (something) over a period of time.

    Based on the premise that the scammers are steadily 'improving' their attacks, they are indeed 'honing' them in.

    1. Will Godfrey Silver badge
      Unhappy

      Re: Unusual wording

      Dear downvoters,

      The wording of the article title was changed from 'hone' to 'home' after I posted (and time had run out for an edit).

  3. Andrew Commons

    Lambs to the slaughter

    Your office soccer team (imagine you have one, any other team sport will do) gets a game against a top professional team. They get thrashed. Management decides awareness of the rules will help and the whole office gets training. There is a rematch with the office team. They get thrashed. The office team is taken to one side and given two days intensive awareness of the rules and tactics before another match. They get thrashed.

    So it is with security.

    The security industry has realised that the People side of the process hasn't really been fully milked yet and the technology snake oil is starting to wear thin. So this is where the new focus is.

    The office team will never beat the professionals. You have to change the rules to do that. But organisations don't have the balls to change the rules. Restrict Internet access for example, only allow business emails, segregate areas of the business that need unfiltered interactions,... All technically possible. Then look explicitly at how Process and Technology failures can impact you and implement countermeasures.

    Don't put the weakest link on the front line.

    1. Mark 85

      Re: Lambs to the slaughter

      Don't put the weakest link on the front line.

      In the old days, the military did that on purpose... cannon fodder. I wonder if the corporate mindset is the same?

    2. Claptrap314 Silver badge

      Re: Lambs to the slaughter

      Your example is, at best, about one-quarter right.

      It's not a game like football. It's more like a siege on a castle. The defenders don't know when or how the attack is coming, but they have walls. And a hundred other technologies carefully designed and implemented to thwart attacks.

      And some idiot keeps raising the front gate for every joker that comes along with a line.

      Yes, the attackers have some advantages. But checking the domain name of the sender BY ITSELF is 99.99% of my spam.

      1. Andrew Commons

        Re: About one quarter right...

        @Claptrap.

        Let's look at some of the things the 'top professional team' will do.

        * Originate emails from compromised accounts. The sender information is completely valid and if the address book and Inbox/Outbox are used to select recipients they are used to receiving emails from the compromised sender. Going a step further, they may be used to receiving emails with links from the trusted (but compromised) sender.

        * Use a valid domain where the domain owner has not implemented any countermeasures such as SPF or DMARC. A major bank had such a domain, it was regularly used for phishing attacks, they never used the domain for customer emails but the customers didn't know that.

        * Use non-standard email headers to trick the email client into presenting an external email exactly as if it had been sent internally. The displayed From address is a valid internal address, all adornments applied to internal emails are present, visually perfect.

        * Time emails so that they get into the recipients Inbox at the start of local business hours. They get actioned quickly when the user starts work. Volume sent is small to make them harder to detect, 10 or 12 is enough.

        * Use information gleaned from the Internet to make the Subject and content more convincing. An online job add was used to provide context in one case, anything out there will be used against you.

        This is just a small sample. The top teams are highly skilled and they will take care in their targeted attacks. Your walls don't really exist. The recipients, the users, are way out of their depth.

        1. Claptrap314 Silver badge

          Re: About one quarter right...

          I pay attention. I am aware of the things you mentioned. But I reject your claim that these things are entirely indefensible. For instance, if a client can mis-represent the origin of a message, it should never be considered for use. (Outlook, IE...)

          Likewise, there are only a handful of accounts that have any business need to access a bank. "Everyone" has smart phones. If they need to conduct personal business, do it on personal systems.

          And so forth. No system is perfect. Security is not free. Businesses need to be rational about their costs, pay for the security that they want. That includes regular paranoia training.

    3. Anonymous Coward
      Anonymous Coward

      Re: Lambs to the slaughter

      Restrict Internet access for example, only allow business emails, segregate areas of the business that need unfiltered interactions,... All technically possible.” .. and use a computer that doesn't run remote executables by clicking on a malicous weblink.

  4. FlamingDeath Silver badge

    But I.T is a utility, like a toilet

    When companies employ IT staff, in their minds, they're employing janitors

    1. Crisp
      Coat

      Like a toilet?

      I thought that was because all the crap usually comes our way...

  5. Anonymous Coward
    Anonymous Coward

    I run our companies mail server security ... the number of quarantined emails every days has been increasing for years now - I used to be surprised when I saw emails in the holding queue occasionally, nowadays I come in every morning and delete the entire queue.

    1. RobinCM

      At the university I used to work for, the spam filtering used to outright delete around 80% of the messages arriving for the domain and only very rarely did we get somebody complain that an email they were expecting hadn't arrived. That was about four years ago.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like