Story image

Thursdays are the most dangerous days for our inboxes, Proofpoint finds

08 Jun 17

Be especially wary of the dangers lurking in your inbox on Thursdays - because that's when malicious email attachments are likely to spike, according a new report from Proofpoint.

The Human Factor 2017 report says that attackers are going after people more than tech flaws in order to spread malware, steal credentials and money and transfer that money elsewhere.

Business email compromise (BEC) scams may be driving the increases in email attack volumes. The report says that they jumped from 1% of all mail scams in 2015 to 42% housing banking email trojans in 2016.

BEC attacks are the fastest-growing attack types and according to Proofpoint statistics, cost $5 billion worldwide so far.

99% of email-based financial fraud attacks worked through human-based clicks rather than automated malware. Most phishing messages were after Apple IDs, but users most clicked on Google Drive phishing links.

Enterprises don't have full control over all devices uses in their network - the report found that 42% of clicks to malicious links came through mobile devices. 8% occurred through older versions of Windows that are not supported by new patches.

Thursday is also the most popular day for malicious attachment volume - which spikes 38% on that day alone.

Keyloggers and backdoors pop up on Mondays; Ransomware attacks spread more frequently between Tuesday and Thursday. Banking Trojans pop up mostly on Wednesdays. Thursday and Friday are major targets for point-of-sale campaigns.

The report found that 'peak clicking times' - i.e. when users click on suspicious links - coincide with business hours. 95% of those clicks happen in 24 hours, and 50% of clicks happen within the first hour of receiving it.

The median time between emails received and clicked links is just one hour. Most occur within one day after getting the email. More than 90% of those malicious links led to credential phishing pages.

The report also found that social media 'fraudulent support account phishing' jumped 150% last year. Called "angler phishing", attacks targeted bank customers, social media customers and other services that targeted customer posts on companies' social media channels.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.