‘This time it’s personal’ will be motto of 2015 as cyber-criminals are predicted to become more selective in the way they target victims. According to Stephen Bonner, a partner in KPMG’s cyber security practice, the next twelve months will see criminals move away from mass spear-fishing tactics in favour of highly targeted ‘campaigns’, based on the data trail people leave in their online lives.
In 2013 there was a dramatic 91% rise in spear-phishing campaigns according to Symantec. Here are the latest phishing attacks from the wild we saw over the holiday season:
Nobody likes parking tickets, but don't take the bait if you receive an email about an outstanding parking violation. The most recent attack targeted residents of San Diego, CA, but there have also been reports of similar incidents in New York City, Philadelphia, Chicago, Los Angeles, and Houston.
APS, a large utility company in Arizona, is warning its 1.2 million customers about a recent phishing campaign telling customers to pay their bills online.
When Twitter went down in late December, hackers took advantage of the down-time and sent phishing emails to unsuspecting Twitter users asking for their login information.
ICANN, the organization that is the central domain registrar for the world, suffered a spear-phishing attack that, "allowed administrative access to all files in it; public information in the ICANN GAC Wiki, and there was unauthorized access to user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal."
A sophisticated spear-phishing campaign against German steelworks caused extensive damage, including an unscheduled shutdown of a furnace in the plant. The attack originated from a corporate office network, and hackers were eventually able to gain control of the industrial control systems in production networks.
Want to protect your employees from phishing attacks?