Τα ηλεκτρονικά μηνύματα ηλεκτρονικού "ψαρέματος" (phishing emails) was the first stage of some of the biggest hacks and data leaks on the internet in recent years.
'Άλλωστε οι ομάδες πίσω από αυτές τις επιθέσεις συνεχίζουν να αναπτύσσουν νέες τεχνικές εξαπάτησης.
In a speech at the Black Hat 2019 security conference, Google security researcher Elie Bursztein and University of Florida professor Daniela Oliveira broke down why these social engineering Attacks remain effective, although they have been known for decades.
Το Gmail μπλοκάρει περισσότερα από 100 εκατομμύρια μηνύματα ηλεκτρονικού "ψαρέματος" (phishing emails) κάθε μέρα και η Google αναφέρει ότι το 68% αυτών των μηνυμάτων ηλεκτρονικού "ψαρέματος" που εμποδίζονται από το Gmail είναι νέες παραλλαγές.
The company says many of its campaigns targeting Gmail end users only reach a few dozen people. Business employee users are nearly five times more likely to receive one phishing email by regular Gmail users.
Users of educational services are twice as likely, government officials are three times more likely, and nonprofit executives are 3,8 times more likely to receive phishing than the average user.
Αν και οι εκστρατείες μαζικού phishing διαρκούν μόνο για 13 ώρες, οι πιο επικεντρωμένες επιθέσεις είναι πολύ πιο σύντομες - αυτό που η Google χαρακτηρίζει ως 'boutique campaign'. Απευθύνεται σε μερικά άτομα κάποιας εταιρείας και διαρκεί μόνο επτά λεπτά.
In half of the phishing campaigns the email seems to come from the email provider, while in a quarter of them it claims to come from a cloud service provider.
The others usually appear to come from financial services emails or an e-commerce site.
Google found that 45% of Internet users do not understand what exactly is phishing or the risks associated with it.
As phishing teams are now much more experienced in using psychology to trick us into clicking, the ignorance of some users to realize the magnitude of the threat is a very important problem.
"Αυτή η έλλειψη ευαισθητοποίησης αυξάνει τον κίνδυνο καταστολής και εμποδίζει δυνητικά την υιοθέτηση της επαλήθευσης σε 2 βήματα", he says Google.
_______________________
- Google Phishing Quiz Do you recognize phishing emails?
- Phishing: how it stops with mechanical learning