Case Studies

Anyone’s attacked

by Mark Rowe

Anyone can be a VAP (very attacked person) and VAPs aren’t always the people you expect, because attackers are constantly shifting focus. Someone who
seems unappealing to attackers today can easily become a VAP tomorrow, according to a report by an email and cloud app security product company.

That’s because attacks target users in countless ways, across new digital channels and with objectives that aren’t always obvious. They trick your workers – such as sales and engineering staff, and those in R&D – into opening an unsafe attachment or clicking on a dubious web link. They impersonate your CEO and order your finance department to wire money. And they con your customers into sharing login credentials with a website they think is yours, says Proofpoint.

Among the most targeted malware and credential phishing attacks, nearly 30 per cent targeted generic email aliases. These email addresses are shared typically by two or more employees. They are addresses such as [email protected] and [email protected] that have value to attackers for three main reasons:

• They are sent to multiple victims.
• They are easy to obtain (often public-facing).
• They are harder to protect; multi-factor authentication, for instance, doesn’t work well with email addresses shared among several colleagues.

In email attacks, identity deception usually involves some form of spoofing. Domain spoofing is easy, the report warns. Anyone with a mail server can define what appears in the email’s “from” and “reply to” headers; even domains they don’t own. Attackers often send email from a well-known or trusted domain so that recipients are more likely to take the bait. Authentication controls such as DMARC can help ensure that only someone from your company, or someone you authorise, can send email using your domain. Or, domain names look similar and are easy for a casual reader not to take alarm at.

To download the report, Protecting People, visit the Proofpoint website.

Related News

  • Case Studies

    Property survey

    by Mark Rowe

    Any estate agent will tell you about typical property buyers’ most obvious deal-breakers: think location, space, condition, transport links, crime, local schools…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing