Phishing attacks elevate

Hackers are changing their tactics by targeting employee groups of up to 250 people at one time with fake emails or by targeting the smaller company in a merger and acquisition.


ISS SourcePhishing attacks are moving from targeting a few key employees in businesses to much wider groups of employees.

“Once they are in, attackers are using what they learn about the environment to attack bigger groups,” said Scott Gréaux, vice-president of product management and services at corporate security awareness training company PhishMe.

Some organizations are seeing phishing campaigns targeted at up to 250 employees at a time, but using slightly different fake emails to avoid detection, he said.

Phishing attacks are also moving away from using attachments because of greater awareness among corporate users about the potential dangers of email attachments.

Instead, they are using emails about topical or local events likely to be of general interest to just about anyone in the organization.

Another evolution of highly targeted phishing attacks is to use compromised email accounts to send malicious links to others in the same organization.

“These are known as proximity phishing attacks because they come from the compromised accounts of people in other departments of the same organization,” Gréaux said.

Another recent trend is interest in companies involved in mergers and acquisitions, he said. These organizations present an opportunity to compromise the smaller company and then use that foothold to target the larger organization after the merger.

“Phishers are typically very patient and will gather information over longer periods of time than fraudsters, who tend to use information quickly for profit,” Gréaux said.

Phishing continues as one of the top infiltration methods used by attackers. It has been the starting point of several attacks on high-profile organizations.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Learn how to create value with re-use; gain productivity with lean automation and connectivity, and optimize panel design and construction.
Machine design tips: Pneumatic or electric; Software upgrades; Ethernet advantages; Additive manufacturing; Engineering Leaders; Product exclusives: PLC, HMI, IO
Industrial wireless cyber security: More complex than black and white; IIoT at the I/O level; Process modeling; Cyber security research
Robotic advances: Software, form factors; System-based ROI; Embedded control; MES and information integration; SCADA and cyber security; Position sensor; Controller, I/O module
Learn how Industry 4.0 adds supply chain efficiency, optimizes pricing, improves quality, and more.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security
Cyber security attack: The threat is real; Hacking O&G control systems: Understanding the cyber risk; The active cyber defense cycle