It’s probably no surprise to most that cyber criminals have been targeting big brands of late. According to a survey from the Anti-Phishing Working Group (APWG), more than 54% of all targeted phishing attempts were toward just three brands in the second half of 2014: Apple, PayPal, and Chinese company Taobao.
The surprising news from this study was that it seems the phishers are now changing their tactics and targeting smaller companies more often. The companies that were victims fluctuated a lot toward the end of the year, indicating that perhaps the criminals are trying new strategies to see what works, while maintaining their success with the top brands. Seventy-five percent (75%) of the all phishing during the survey period involved the top ten brands, with over 1,000 separate instances per month.
Within the report is a suggestion that victims re-use passwords across various online sites. If the phishers can get those credentials from smaller sites in niche industries, perhaps they will be used in other places and result in success.
Most of us have multiple online accounts and it can get overwhelming to remember separate user name and password combinations for all of them. However, it is important to do just that for reasons such as this. This is a common strategy for cyber criminals and even though perhaps you are a frequent online shopper at a small local businesses that may be completely unknown to most, and therefore suspected to be less of a risk for a breach, re-using those credentials may get your bank account drained at some point.
Often smaller organizations are easier targets for hackers because they often cannot or do not invest the resources in hardened information security measures. After all, it’s not cheap initially. Cyber criminals know this and will take advantage of any open doors. And even if a company isn’t well-known outside of your small town, if it’s on the internet, it can be scanned and found by the bad guys. If they do find it and there is a weakness, they will exploit it.
So, don’t re-use login credentials. This was blamed in a breach of Yahoo! systems, as well as a theory in the Apple “naked celebrity” incident, the Uber breach of last year, and many others.
The most targeted sector for phishing attempts in this survey period was e-commerce with 39.5%. Not too far behind were banking (22%) and money transfer services (20.7%).
© Copyright 2015 Stickley on Security