Don’t like Mondays? Neither Do Attackers.
Monday may be our least favorite day of the week, but Thursday is when researchers say that security professionals should watch out for cyber-criminals; paying attention to trends like this can greatly reduce the potential for damage.
Attackers will spend just as much time planning when an email should go out as they do on what it will look like. According to Proofpoint in its Human Factor Report, malicious email attachment message volumes spike more than 38 percent on Thursdays over the average weekday volume, while Wednesdays came in second. “Attackers do their best to make sure messages reach users when they are most likely to click: at the start of the business day in time for them to see and click on malicious messages during working hours,” Proofpoint researchers wrote in the report. Weekends came in last, however, this doesn't mean that Saturday and Sunday are completely safe.
Malicious emails can arrive any day of the week, but there is a clear preference from attackers as to when to send certain threat categories. For example, Keyloggers and Backdoors tend to be sent on Mondays, and Wednesdays are peak days for banking Trojans. Ransomware tends to be sent between Tuesdays and Thursdays, while point-of-sale Trojans arrive towards the end of the week (Thursdays and Fridays) since security teams do not have as much time to detect and mitigate new infections before the weekend. On the weekends, according to Proofpoint, ransomware is what attackers primarily send with few exceptions.
Security teams need to be particularly alert on Thursdays as malicious attachments, malicious URLs, ransomware and point-of-sale infections all favor that day. In addition to these, credential stealing campaigns also favor Thursdays.Thursday were host to a clear increase in malicious attachments being sent, but emails with malicious URLs (the most common vector for phishing attacks designed to steal credentials) were constant throughout the week, with only a slight increase on Tuesdays and Thursdays.
Attackers understand employee email habits and know that feeding employees with a well-crafted email at the optimal time will bring higher success rates. The bulk of attack emails are sent four to five hours after the start of the business day, peaking around lunchtime. Proofpoint’s analysis found that nearly 90 percent of clicks on malicious URLs occur within the first 24 hours of delivery, with a half of them occurring within an hour, and a quarter of the clicks occurring within just ten minutes.
The time between delivery and clicking is shown to be the shortest during business hours (8 a.m. to 3 p.m. Eastern) in the US as well as Canada. The UK and rest of Europe had similar patterns to the US and Canada, however, there was some stratification in the averages according to region. For example, clicking on malicious links peaked around 1 p.m. in France while it peaked early in the workday in Switzerland and Germany. Users in the UK spaced out their clicks throughout the day, but there was a clear drop in activity after 2 p.m.
While it’s important to block and keep malicious messages from reaching the inbox to begin with, the other side of email defense is to be able to identify and flag messages that made it to your inbox and block those links when you realize that they are malicious. If you are able to accomplish this, you can greatly reduce the potential danger that these emails pose.
Proofpoint focused on email-based attacks, however, email wasn’t the only medium in which attackers paid attention to the day of the week. An analysis of all attacks, investigated by the eSentire Security Operations Center in the first quarter of 2017, found that some methods of attack were more likely on given days. The volume of threats, which in eSentire’s report included availability attacks such as distributed denial-of-service (DDoS), fraud, information gathering, intrusion attempts, and malicious code, was highest on Fridays followed by Thursdays. The day of the week did not matter as much when it came to availability attacks, but weekends showed a great dop-off in the amount of risk involved. Malicious code was most common on Thursdays, and intrusion attempts were higher on Fridays.
There is no day off when it comes to defense. The security tools scrutinizing email messages as they arrive, before letting them reach user inboxes, have to be capable of handling peak volumes without sacrificing performance. But if defenders know that the second half of the week tends to be worse in terms of malware and credential theft, they can put in extra monitoring and scanning to detect possible new infections. By allocating more time in the second half of the week to investigate alerts, security teams may detect attacks sooner, and reduce the potential damage.
Be on the look out for this fishy email
Be on the look out for this fishy email! There is a big phishing email going around and many of our customers have reported receiving it. Make sure to look at the url these emails are coming from and double check before clicking any links.
*Our customers are encouraged to contact our help desk when receiving emails like the above - do not click on any links.
According to techrepublic.com, there are 10 easy ways to be able to spot phishing emails. Every day countless phishing emails are sent to unsuspecting victims all over the world. While some of these messages are so outlandish that they are obvious frauds, others can be a bit more convincing. So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one single technique that works in every situation, but there are a number of things that you can look for.
1: The message contains a mismatched URL
One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.
2: URLs contain a misleading domain name
People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name info.brienposey.com would be a child domain of brienposey.com because brienposey.com appears at the end of the full domain name (on the right-hand side). Conversely, brienposey.com.maliciousdomain.com would clearly not have originated from brienposey.com because the reference to brienposey.com is on the left side of the domain name.
I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.
3: The message contains poor spelling and grammar
Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably didn't come from a major corporation's legal department.
4: The message asks for personal information
No matter how official an email message might look, it's always a bad sign if the message asks for personal information. Your bank doesn't need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.
5: The offer seems too good to be true
There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.
6: You didn't initiate the action
Just yesterday I received an email message informing me I had won the lottery!!!! The only problem is that I never bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.
7: You're asked to send money to cover expenses
One telltale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it's a scam.
8: The message makes unrealistic threats
Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it's probably a scam. Let me give you an example.
About 10 years ago, I received an official-looking letter that was allegedly from US Bank. Everything in the letter seemed completely legit except for one thing. The letter said my account had been compromised and that if I did not submit a form (which asked for my account number) along with two picture IDs, my account would be canceled and my assets seized.
I'm not a lawyer, but I'm pretty sure that it's illegal for a bank to close your account and seize your assets simply because you didn't respond to an email message. Not only that, but the only account I had with US Bank was a car lease. There were no deposits to seize because I did not have a checking or savings account with the bank.
9: The message appears to be from a government agency
Phishing artists who want to use intimidation don't always pose as a bank. Sometimes they'll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.
I can't tell you how government agencies work outside the United States. But here, government agencies don't normally use email as an initial point of contact. That isn't to say that law enforcement and other government agencies don't use email. However, law enforcement agencies follow certain protocols. They don't engage in email-based extortion—at least, not in my experience.
10: Something just doesn't look right
In Las Vegas, casino security teams are taught to look for anything that JDLR—just doesn't look right, as they call it. The idea is that if something looks off, there's probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.
The Dangers of Out-of-Office Auto-Reply Messages
Trust Us: Your Auto-Reply Message Can Get You Into Trouble
So, you're headed off on a business trip. You've got your plane tickets, hotel reservations, and everything is good to go. Only one thing left to do, it's time to set your Outlook Out-of-Office Auto-Reply message so that clients or coworkers e-mailing you will know how to contact you while you're away, or will know who they can contact during your absence.
Seems like the responsible thing to do, right? Wrong! Out-of-Office Auto-replies can be a huge security risk.
Out-of-Office replies can potentially reveal a huge amount of sensitive data about you to anyone who happens to e-mail you while you're away.
Here's an Example of a Common Out-of-office Reply:
"I will be out of the office at the XYZ conference in Burlington Vermont during the week of June 1-7. If you need any help with invoice-related issues during this time, please contact my supervisor, Joe Somebody at 555-1212. If you need to reach me during my absence you can reach me on my cell at 555-1011.
While the message above is helpful, it may also be harmful because, in a couple of short sentences, the person in the e-mail above revealed some incredibly useful information about himself. This information could be used by criminals for social engineering attacks.
The example out-of-office reply above provides an attacker with:
Current Location Information
Revealing your location aids attackers in knowing where you are and where you aren't. If you say you're in Vermont, then they know that you aren't at your home in Virginia. This would be a great time to rob you. If you said you were at the XYZ conference (as Bill did), then they know where to look for you. They also know that you're not in your office and that they might be able to talk their way into your office saying something like:
"Bill told me to pick up the XYZ report. He said it was on his desk. Do you mind if I pop in his office and grab it." A busy secretary might just let a stranger into Bill's office if the story seems plausible.
The contact information that Bill revealed in his out-of-office reply may help scammers piece together elements needed for identity theft. They now have his e-mail address, his work and cell numbers, and his supervisor's contact info as well.
When someone sends Bill a message while his auto-reply is turned on, his e-mail server will send the auto-reply back to them, which in-effect confirms Bill's e-mail address as a valid working address. E-mail Spammers love getting confirmation that their spam reached a real live target. Bill's address will likely now be added to other spam lists as a confirmed hit.
Place of employment, job title, line of work, and chain of command
Your signature block often provides your job title, the name of the company you work for (which also reveals what type of work you do), your e-mail, and your phone and fax numbers. If you added "while I'm out please contact my supervisor, Joe Somebody" then you just revealed your reporting structure and your chain of command as well.
Social engineers could use this information for impersonation attack scenarios. For instance, they could call your company's HR department pretending to be your boss and say "This is Joe Somebody. Bill Smith is off on a trip and I need his Employee ID and Social Security Number so I can correct his company tax forms."
Some Out-of-Office message setups allow you to restrict the reply so that it only goes to members of your host e-mail domain, but most people have clients and customers outside of the hosting domain so this feature won't help them.
How can you create a safer out-of-office auto-reply message?
1. Be intentionally vague
Instead of saying that you will be somewhere else, say that you will be "unavailable". Unavailable could mean you are still in town or in the office taking a training class. It helps keep the bad guys from knowing where you really are.
2. Don't provide contact info
Don't give out phone numbers or e-mails. Tell them that you will be monitoring your e-mail account should they need to contact you.
3. Leave out all personal information and remove your signature block
Remember that complete strangers and possibly scammers and spammers may see your auto-reply. If you wouldn't normally give this info to strangers, don't put it in your auto-reply.
Just a note to my readers, I will be in Disney World all next week, but you can reach me by carrier pigeon (just kidding about the Disney World part).
Eight Ways You Can Hide Your Online Identity
Eight Ways You Can Hide Your Online Identity
By Wendy Boswell as written on websearch.about.com
How to Surf the Web Anonymously and Hide Your Tracks
Would you like to be a little bit more anonymous when surfing the Web? You can be with the following simple tips that will help you hide your identity online.
Why is this important? More people than ever before in history are going online, and with that, there are increasingly more security concerns. It's smart and makes sense to take time to learn more cautious Web browsing habits as we'll talk about in this article, in addition to the information below:
Protect Your Web Privacy: Web privacy is something that should be a top priority for anyone spending time on the Internet. A few common sense tips can make the difference between staying safe and private online....or not.
Hackers - Are They Good or Bad?: The news brings us stories of systems, governments, and corporations being hacked into by highly skilled programmers every day. Are these exploits always hostile? Or are they meant to be for the greater good? About.com shows you the difference between good and bad hackers, as well as a list of famous hackers that have done some pretty amazing (albeit somewhat infamous) things.
How to Keep Your Kids Safe Online: This generation is growing up with the Internet, but there are still plenty of safety risks. Learn how to protect your kids from cyberbullying, sexting, and other inappropriate Web
Anonymous Web Surfing
Be invisible on the Web with anonymous surfing. Learn about anonymous surfing, what anonymous surfing is, why you might be interested in surfing anonymously, how much information is easily learned about you via your Web surfing habits, anonymous proxies and services, and more.
Hide Your Search Habits
Don't want anyone seeing what you're searching for? Search engines (and other people that use your computer) can and do keep records of searches - here's a few ways you can keep your searching history private.
Avoid Intrusive Registrations
Don't want companies to know your information? If you're as tired as I am of sites forcing you to go through registration just to view their content, than BugMeNot is for you. It's easy to use and makes life much simpler, not to mention it's a good guard of your online privacy and enables you to surf anonymously.
Use a Junk Email Account To Handle Signups
For many years now, every time I absolutely have to give my email address online, I've used a fake, temporary, or junk email address that I don't mind being filled up with spam. For instance, say you want to sign up for a contest and don't want your "real" email addy spammed; well, you just get an email address for that contest and that contest only. There are plenty of places you can grab a free email account from on the Web; I've listed a few of my favorites that will help you conceal your online identity.
Use RSS To Hide Your Tracks
Instead of flitting all over the Web to visit your favorite sites, you can hide your tracks a bit better with the anonymous power of RSS technology - you'd be surprised at how much you can do with RSS.
Protect Yourself From Dangerous Malware
One of the easiest ways for you to get tracked online is through malicious software applications (malware) that watch what your computer is doing. You can get rid of these with free spyware removal tools.
Practice Common Sense Web Safety
A lot of the traps that people get caught in online could be avoided with some common sense Web safety. Use my Safe Search Checklist to keep yourself from being tracked online.
Upgrade Your Facebook and Social Media Privacy Settings
Online Privacy: You Are In Charge
Never underestimate the power you have to make sure your safety online is not compromised.