All type of Cyber Awareness Programs seem to fail because Phishing continues to be an effective tactic, according to the McAfee Labs Threats Report: August 2014.
While Techworm recently reported Phishing Campaign using Nude Models’ Photos, McAfee’s reports clarify the picture more. From your Bank account to your Facebook Account, everything seem to be under the trap of Phishing. While organizations are trying their best to stop phishing, Hackers are coming with new type of Phishing Techniques everyday.
Out of 16,000 business users who took the McAfee Phishing Quiz, which asks users to select if they are viewing a phishing email or legitimate email, 80 percent fell for at least one of seven phishing emails, according to the report.
Human resources staffers performed the worst, with employees in accounting and finance falling not far behind, the report indicates, adding research and development staff performed the best, with IT workers being a close runner-up.
McAfee observed that spoofed email addresses was most effective at fooling respondents, explaining in the report that a UPS phishing email using this tactic, coupled with carefully placed branding elements, was the most successful.
Rather than trying to reduce susceptibility to zero, organizations should focus on improving attack detection by nurturing human sensors that will report suspicious emails.
Some tell-tale signs of phishing are emails that appeal to emotions through fear or urgency, contain and ask users to open unexpected links or attachments, request login credentials, and contain elements such as overly generic text and greetings, Belani said.
In a post, Symantec warns that the Kelihos botnet is being used to send phishing emails purporting to be from Apple.
In a sample email, the message indicates that the user’s Apple ID was used to make a purchase on a device not previously linked to that account. The user is urged to check their Apple ID by clicking a link in the email. Clicking the link brings the user to an Apple phishing page that asks for an Apple ID and password, and presumably steals the credentials if entered, the post indicates.