Sendmail customer EMC recently warned businesses that Fridays are the most popular day of the week for phishing attacks - e-mails designed to trick us into revealing our passwords, bank account logins and other valuable information.
For senior managers attending our Spring 2013 EMEA User Symposium at the end of April, many from Europe's top 500 companies, it was an all too familiar story. Indeed phishing, along with encryption and rogue e-mail applications traffic, was high up on their list of headaches.
EMC's research reminds us that fraudsters are intimately familiar with human behaviour patterns and know when we are most likely to be caught off guard. If you think about it Friday's the perfect day to try a scam, especially in the afternoons when the week's work is either done or shelved till Monday. This is when workers are most likely to find time to share images and videos with friends and colleagues. It is also the time when they are most likely to click on a malicious link sent from a trusted contact's hacked account.
About one in four of the phishing attacks are targeted at US regional banks. The US is also the top host country for phishers, with 44pc of attacks hosted there, followed by the UK, Germany and Canada. According to a Kaspersky Labs report released at the end of June this year the number of fraudulent websites and servers used in attacks has more than tripled since 2012, and more than 50pc of the total number of individual targets were fake copies of the websites of banks and other credit and financial organizations. The 30 most popular websites imitated by phishing fraudsters are worldwide household names and are visited by hundreds of thousands of consumers every day.
Cloud e-mail hosts like Yahoo!, Google, Facebook and Amazon are top targets of malicious users. Mass phishing attacks targeting users of cloud-based e-mail are fairly common and often have a political motive. Most recently for example phishing attacks targeted tens of thousands of Gmail users in Iran in the run-up to elections in the country.
Online payment systems and the websites of banks and other credit and financial organizations are common targets, along with social networks, online stores and auction venues, blogs, IT company and telecom operator websites. For those senior managers attending our Symposium, employee education to help them identify suspicious e-mails and scams continues to be paramount as is working closely with enterprise e-mail experts like ourselves.
Understandably when the management of a major institution starts to consider moving part of their company's e-mail infrastructure to the cloud there is a lot of soul searching and deliberation involved. One of the reasons our EMEA User Symposium is so popular with customers is that its informal, confidential setting represents a rare opportunity to debate strategies, pick up best practice tips and share experiences with fellow professionals.
Together we are working to keep 'phish' permanently off the menu for everyone.