Top words cybercriminals use in fake emails
Posted on 25 September 2012.
The top words cybercriminals use create a sense of urgency, to trick unsuspecting recipients into downloading malicious files. The top word category used to evade traditional IT security defenses in email-based attacks relates to express shipping, according to FireEye.


Urgent terms such as “notification” and “alert” are included in about 10 percent of attacks. An example of a malicious attachment is “UPS-Delivery-Confirmation-Alert_April-2012.zip.”

“Cybercriminals continue to evolve and refine their attack tactics to evade detection and use techniques that work. Spearphishing emails are on the rise because they work.” said Ashar Aziz, founder and CEO, FireEye. “Signature-based detection is ineffective against these constantly changing advanced attacks, so IT security departments need to add a layer of advanced threat protection to their security defenses.”

Cybercriminals also tend to use finance-related words, such as the names of financial institutions and an associated transaction such as “Lloyds TSB - Login Form.html,” and tax-related words, such as “Tax_Refund.zip.” Travel and billing words including “American Airlines Ticket” and “invoice” are also popular spear phishing email attachment key words.

Spear phishing emails are particularly effective as cybercriminals often use information from social networking sites to personalize emails and make them look mostly authentic. When unsuspecting users respond, they may inadvertently download malicious files or click on malicious links in the email, allowing criminal access to corporate networks and the potential exfiltration of intellectual property, customer information, and other valuable corporate assets.

FireEye highlights that cybercriminals primarily use zip files in order to hide malicious code, butalso ranks additional file types, including PDFs and executable files.





Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //