skip to Main Content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    IBM: ”Phishing Is A Popular Cybercrime Attack Vector”

    Phishing is a Popular Cybercrime

    Researchers at IBM describe how criminals use phishing kits to launch widespread phishing campaigns with minimal effort. Phishing kits are software products that automate the process of setting up spoofed websites and handling email campaigns.

    “The majority of phishing sites we see in our day-to-day analysis originate from phishing kits that are available for purchase on the dark web and are being reused by many different actors,” the researchers write. “Typical kits are professionally written and can contain thousands of lines of code. They can be configurable based on the campaign and even have proper error reporting. These kits range in price from a few hundred to a few thousand dollars and can be deployed in a matter of minutes. Conversely, malware attacks change all the time, shifting tactics around for all aspects, especially the underlying code.”

    The criminals usually buy cheap domains to host their phishing sites, though they can spend more money to gain access to more resilient infrastructure.

    “In most of the attacks we observe, phishers register cheap domains for malicious use, host attacks on a compromised domain or a combination of both,” the researchers write. “Some domain registrations are easy to fund, and this does not require exploiting or compromising an existing site. The downside is that it’s easier to detect and block a standalone malicious site versus an attack hosted on an established legitimate one. Dark web vendors who play in the phishing game sell access to compromised servers, but this option does raise the overall cost of the attack.”

    Attackers can also buy lists of target email addresses that have been collected from data breaches and other sources.

    “Once the phishing attack is ready, it has to get in front of potential victims,” the researchers write. “To send it out to the right audience, phishers can either contract an underground service that specializes in spamming, or they can go ahead and buy their own target lists. Target lists can be specific to a region or a language and can help attackers get into inboxes of webmail providers and company emails alike. Depending on the viability of the data and its contents, email lists can go for $50 to $500. The price is offset by the reuse of the same list for other attacks or reselling it to other criminals.”

    New-school security awareness training with simulated phishing emails can enable your employees to thwart these attacks.

    SecurityIntelligence has the story.


    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST Results

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    close

    Sign Up to the TIO Intel Alerts!

    Back To Top