Hackers are impersonating high-profile software vendors such as Microsoft and Apple to lure victims into handing over their login credentials.
A study by Barracuda Networks found that 82 per cent of spear phishing attacks involved some kind of brand impersonation. A third of these attacks impersonate Microsoft, a fifth imitate Apple and a tenth reference DocuSign.
Researchers found that sextortion scams – in which fraudsters claim to have compromising emails of their targets – accounted for 10 per cent of spearphishing attacks and are rising in popularity.
Fraudsters often refer to passwords breached in other attacks to provide a veneer of legitimacy and convince victims they are in possession of compromised material which may not exist. They then urge victims to pay a ransom fee to prevent disclosures.
In order to evade spam filters, fraudsters assume control of the accounts of high-reputation senders whose details have been compromised.
“Spear phishing attacks are designed to evade traditional email security solutions, and the threat is constantly evolving as attackers find new ways to avoid detection and trick users,” said Asaf Cidon, VP, Content Security at Barracuda Networks.
“Staying ahead of these types of attacks requires the right combination of technology and user training, so it’s critical to have a solution in place that detects and protects against spear-phishing attacks, including business email compromise, brand impersonation, and sextortion.”