Phishing: These are the days of the week when you're most at risk

Security threats vary by the day of the week, with more malicious software detected on Mondays.
Written by Steve Ranger, Global News Director
amnachphoto, Getty Images/iStockphoto

Companies face different security threats depending on the day of the week, with fraud and phishing peaking mid-week and more malicious code detected on a Monday.

A report from security company eSentire found the biggest number of security threats are detected on weekdays, largely because that is when workers are at their desks and opening emails.

Mondays and Fridays are less likely to see security threats, while fraud and phishing-related activity reaches its highest volume mid-week, when employees are in place to click on malicious links.

"It is highly probable that this trend occurs because malicious code and fraud-related attacks are relying on users' interaction (typically, by employees who occupy the workplace during the work week)," the report noted.

"For example, when email is used as a delivery method, a user must at some point initiate the download, execute a payload attachment or enter credentials to a fraudulent web page. Likewise, by browsing the web, users are exposed to malicious redirect attempts pointing a web browser to infrastructure controlled by adversaries," it said.

One oddity is that code attacks - attempts to insert malicious software in an operating system or application - are more likely to be detected on a Monday than on any other day of the week.

Viktors Engelbrehts, director of threat intelligence at eSentire told ZDNet the difference is most likely down to the rhythm of the working week.

On Mondays, users will read through emails accumulated through the weekend, and some of these will be weaponized phishing. "While delivery of those emails will be attributed to the 'fraud' category, the actual execution of malicious attachments will contribute to malware detection spikes," he said.

Another reason: most users turn their work PCs off over the weekend, so, if a PC is infected with malware, it will often try to update or reconnect with its command-and-control server once it is switched back on again, at which point it becomes more easily spotted by anti-malware tools.

Image: eSentire

In contrast, the consistent pattern of information gathering activity -- mostly scans and probes -- throughout the week suggests reconnaissance efforts are conducted using automated tools that are not dependent on users' interaction, which means there is no difference between weekend and weekdays.

Hackers -- particularly state sponsored ones -- are often observed to be working standard office hours for the countries in which they are located.

The report, which covered the second quarter of this year also found that phishing attacks continue to rise, possibly because vendors are making software harder to attack.

"New exploits for browser plugins are becoming a rarity, while Internet Explorer (a commonly targeted browser) commands a smaller share of the market. Furthermore, coordinated efforts against infrastructure/ actors has limited the availability of exploit kits on the market," it said. eSentire used data gathered from more than 1,500 network and host-based detection sensors distributed across multiple industries.


Editorial standards