If there is one thing we can learn from studying cybercriminal behavior in the previous year, it’s that they will always find ways to use new technologies and trends to their advantage in an attempt to dupe their victims. And despite this constant evolution, it’s also true that cybercriminals have some tried and true tactics that will remain forever favored. With some of these in mind—we can stay prepared against potential threats in 2014.
Don’t take the bait!
For cybercriminals, sending email messages with malicious links or attachments will continue to be a dominant strategy in corrupting computers and mobile devices for years to come. This strategy, known as phishing, presents itself in a variety of forms, but a study last year found that cybercriminals are partial to certain email subject lines over others. I’ve noted these common subject lines below, but just remember—there are plenty of other “phish” in the sea so it’s important to keep an eye out for all kinds of suspicious emails, and not just ones containing the following subject lines.
Without further ado, the top five most commonly used subject lines in worldwide phishing emails are:
1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear <insert bank name here> Customer
4. Comunicazione importante
5. Undelivered Mail Returned to Sender
As you can see, there are a variety of strategies being deployed: a social networking invitation, “returned mail” error messages, and phony bank notifications—among others. Whereas in the past, “phishermen” cast big, untargeted nets hoping to trap as many victims as possible, increasingly these cybercriminals are doing their research ahead of time in order to create targeted, custom messages that will ensnare more victims—as seen in the JP Morgan Chase phishing scam earlier this year.
The McAfee Labs™ Threats Report: Third Quarter 2013 stated that though phishing attacks decreased during the first half of 2013, they were on the rise again in Q3—up by about 60,000. What’s more? The majority of these malicious phishing URLs are hosted in the U.S.—right in our own backyard. Don’t let this fact fool you, however. Phishing is very much a worldwide phenomenon. Other countries guilty of hosting phishing URLs include Germany, Brazil, United Kingdom, and France.
Phishing emails can come in a variety of forms, but they all go after the same things: your identity…and your wallet. As we move into the New Year, I’d recommend adding the below list of tips to your resolutions. Make sure to protect yourself from the cybercriminals behind increasingly sophisticated and customized phishing attacks, and abide by the tips below:
- Avoid opening attachments or clicking on links from unknown senders. This is one of the primary methods that cybercriminals use for installing malware on your device. If you do not personally know the sender of the message, do not download the attachment or click on any links.
- Think twice before sharing personal information. If you do visit a website from an email and you are asked to supply your name, address, banking information, password, or any other personal information—do not give this info, as it is likely a phishing attempt. If you have any doubts on the validity of a claim, give the company headquarters a call to verify.
- Be cautious on social networks. Cybercriminals take advantage of our natural instinct to trust those we know well. By hacking someone’s social media account and posting a link or sending a flurry of messages as that person, criminals know that they have a high likelihood of duping people into clicking on a link. Even if sent through a friend, be cautious if things look suspicious, especially if the message contains only a link and no text.
- Install comprehensive security software. In the event that you do end up clicking a link or downloading an attachment from a malicious email, McAfee LiveSafe™ service will have your back. This software provides full protection against malware and viruses on Macs, PCs, smartphones, and tablets.
Remember—phishy emails can be an easy door into your sensitive information without the right precautions. Be on the lookout for the above email subject lines, and any other suspicious looking emails as well.