The Latest in Phishing Attacks: January 26, 2015 edition
At the beginning of January, University of Buffalo researchers presented findings from a first-of-a-kind study that found the dramatic rise in phishing attacks could be related to:
" 'information-rich' emails including graphics, logos and other brand markers that communicate authenticity."
The study found that 68% of users in the study fell victim to these "information-rich" emails.
Speaking of information-rich emails, we've compiled our usual list of the latest phishing attacks from the wild.
- The "Ham-Fisted" LinkedIn phishing attack made many headlines and warned of "irregular activities" in user's LinkedIn accounts. The login page that attempted to steal credentials was an identical copy to LinkedIn's own sign-in page and can be distinguished with effective security education.
- A string of emails claiming to be from some of the largest law firms in the county that demand "Your appearance in court" were widely reported in the United States. A reminder that notices to appear in court must be hand-delivered, so an email claiming otherwise is a fake.
- Did you receive an email from the Department of Labor about the Affordable Care Act? The United States Computer Emergency Readiness Team (US-CERT) issued an alert about the fake email. If you look closely you'll see that the email is not from dol.gov, but instead from a Turkish nutrition website.
- Outlook.com users need to be aware of a fake email claiming to be from Microsoft that instructs users to reactivate their account because of fraudulent activity.
- Students, beware. A "work from home" email attempts to have you set up direct depost for payment, but instead will drain your bank account of funds. Make sure to verify the website and vendor, especially when taking action as dramatic as sharing your banking details. Additionally, we have heard of many cases where macros are being embedded in Microsoft Office files.
Want to dramatically decrease phishing attacks? Read our case study on how a college in the Northeastern U.S. cut successful phishing attacks from the wild by 90%.