Google’s research found that some phishing websites worked 45% of the time, with on average people submitting their personal information 14% of the time. Following on from this, around 20% of hijacked accounts are accessed within 30 minutes of a hacker obtaining the login info. The study also indicated that a snowball effect occurs once a hacker has made its way into the victims email:
‘Hijackers then send phishing emails from the victim’s account to everyone in his or her address book. Since your friends and family think the email comes from you, these emails can be very effective,’ Google said via its security blog. ‘People in the contact list of hijacked accounts are 36 times more likely to be hijacked themselves.’
The report points to two-step authentication, providing a back-up email to your account, as well as reporting any incidents of phishing emails that make it to your inbox. Given the sheer size of target lists that are often bought and sold on the online back market, Google was quick to note that although the stats might be low, the affect is far reaching.
For the Australian industry, the motivation to report such manual penetration of systems is considerably low. Often the negative publicity a company might receive will far outweigh any benefits of seeking prosecution. As such many cybercrimes often go on unreported and only add to the long term problem.
Speaking on the challenge that phishing poses to organisations, Nigel Phair from the Centre for Internet Safety in Canberra recently told OmniChannel Media:
‘The end user continues to be the biggest vulnerability within any organisation. With that we keep seeing different types of phishing, spear phishing etc. targeting specific people within the organisation. It’ a great way to bypass traditional IT security defence mechanisms.’
Phair points to education as being a critical driver in keeping systems safe. With more elements of businesses becoming digitised and virtualised,communicating with the end-user on not becoming vulnerable to phishing attacks will be a critical element of the agenda for security teams. OCM.
You may also like:
Don’t miss our latest security Digital Dialogue: