Phishers are becoming smarter, more targeted: Websense

Attackers appear to have figured out how to use the grammar check feature when writing their phishing scams, but that's not the only area in which they've improved.

Most people are familiar with spam — unsolicited emails with long promises of an enhanced lifestyle or other ways to keep it up with the Jones' — some of which are actually legitimate businesses. But phishing schemes that are intended to extort money or information from an individual are the flavour of the day, and according to Websense, the scammers behind them are getting smarter.

According to the company's recent research, traditional phishing attacks now represent 1.62 percent of all spam emails. The company said that, although that might sound like an insignificant amount, some spam campaigns can deliver more than 250,000 emails each hour.

But most phishing attempts are laughable, right? Not necessarily, according to the company's Consulting Systems Engineer Michael Cryer. While in the past, phishing attempts were riddled with grammatical errors or were easily identified as linking to malicious content, scammers have changed their tune.

"In a lot of cases, it's almost down to a one-to-one kind of design, to make sure it has a higher potential for success," Cryer said.

"It tends to be a specific individual, or a small group of individuals."

But going even further than that, Cryer said that there was a new form of phishing technique the company has dubbed the "watering hole" scam, where attackers look for sites that employees might visit as part of their daily business, then compromise those sites to take advantage of the inherent trust the target may have.

By compromising a site that the user trusts, attackers have a number of options open to them, such as directly dropping payloads on to a vulnerable target's computer, and so eliminating the need to first send suspicious emails.

However, emails are still an option that is open to attackers, and according to the company, phishing emails even have timed delivery patterns, designed to evade scanners.

According to Cryer, many attackers will send their emails on a Friday, knowing that they are unlikely to be read until Monday morning. Although the content of the phishing email will link to a third party server that has been compromised by the attacker, no malicious content will be uploaded until the weekend.

What this does is fool any anti-phishing software that attempts to verify that the links are safe when the email is delivered, because at the time of scan, there will be no suspicious content. But by Monday, when the attacker's payload has actually been uploaded, the situation has changed, and the email that was previously marked as safe is now pointing to dangerous content.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All