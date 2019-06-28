Duping people using email communication is one of the oldest methods employed by hackers. After nearly 20 years of email coming into picture, it continues to be the most reliable weapon for cyber criminals.

Hackers would send misleading emails giving phishing links (similar looking websites) from similar looking email ids. People would fall for this bait, click on the malicious link, inviting trouble.

FireEye, US-based cyber security solutions provider, said that phishing attacks went up by 17 per cent in the first quarter this year over the previous year.

The firm, which analysed a massive sample of 1.3 billion emails between January and March this year, found that phishing attacks through emails continues to be a major weapon for hackers.

“A typical phishing email impersonates a well-known contact or trusted company to induce the recipient to click on an embedded link, with the ultimate goal of credential or credit card harvesting,” a FireEye executive said.

“The top spoofed brands across these activities included Microsoft, with almost 30 per cent of all detections – followed by OneDrive, Apple, PayPal and Amazon, each with incidence in the range of 6-7 per cent,” the executive added.

HTTPS encryption

Contrary to the popular perception, HTTPS (Hypertext Transfer Protocol Secure ) encryption is not very safe.

“Use of HTTPS in URL-based attacks shot up by 26 per cent in the quarter. This indicated malicious actors are taking advantage of the common consumer perception that HTTPS is a safer option to engage on the web,” he said.

File-sharing services too remain a major source for hunting. Trusted file-sharing services such as WeTransfer, Google Drive and OneDrive. Dropbox was the most commonly used bait.

Human resources departments too have become a target for attacks by hackers. “Emails requesting changes to an executive’s personal data, such as bank details, with the objective of diverting an executive’s salary to a third-party account,” the FireEye threat report said.

“We’re seeing new variants of impersonation attacks that target new contacts and departments within organisations,” Ken Bagnall, Vice-President (Email Security), FireEye said.

The danger is that these new targets may not be prepared or have the necessary knowledge to identify an attack.

Unfortunately, once the fraudulent activity is discovered, the targeted organisation thinks they’ve paid a legitimate invoice, when the transaction was actually made to an attacker’s account.