“Email fraud has seen explosive growth and it’s clear that today’s cybercriminals are relentlessly targeting people, rather than infrastructure,” said Tim Bentley, vice president of Asia-Pacific and Japan for cyber security and compliance company, Proofpoint.
“As these threats continue to grow in volume and sophistication, it is imperative that Australian organisations implement a people-centric security approach that includes a comprehensive email fraud defence and security awareness training. Ultimately, Australians must consider the individual risk each user represents, and understand how they are targeted, in order to better protect them.”
The report from Proofpoint, revealing threats and trends across its own global customer base and in the wider threat landscape, found that banking trojans remained the top email-borne threat in Q4 2018, making up 56% of all malicious payloads.
Proofpoint says social media channels remain key vectors for fraud and theft, While the platforms themselves continue to develop automated protections, social media fraud remains a key challenge for consumers and the brands in which they interact, with fraudulent social media support account phishing, or “angler phishing,” increasing by 442% year-on-year.
“Interestingly, phishing links on social channels continue to drop as platforms address this issue algorithmically,” Proofpoint notes.
Proofpoint says Australian organisations can further protect themselves in the coming months by taking the following steps:
- Assume users will click – Social engineering is increasingly the most popular way to launch email attacks and criminals continue to find new ways to exploit the human factor. Leverage a solution that identifies and quarantines both inbound email threats targeting employees and outbound threats targeting customers before they reach the inbox.
- Build a robust email fraud defence – Highly-targeted, low volume business email compromise scams often have no payload at all and are thus difficult to detect. Invest in a solution that has dynamic classification capabilities that you can use to build quarantine and blocking policies.
- Protect your brand reputation and customers – Fight attacks targeting your customers over social media, email, and mobile—especially fraudulent accounts that piggyback on your brand. Look for a comprehensive social media security solution that scans all social networks and reports fraudulent activity.
- Partner with a threat intelligence vendor – Smaller, more targeted attacks call for sophisticated threat intelligence. Leverage a solution that combines static and dynamic techniques to detect new attack tools, tactics, and targets—and then learns from them.
- Train users to spot and report malicious email: Regular training and simulated attacks can stop many attacks and help identify people who are especially vulnerable. The best simulations mimic real-world attack techniques. Look for solutions that tie into current trends and the latest threat intelligence.
To download the Proofpoint Q4 2018 threat report click here.