December 10, 2013

New Phishing Research: 5 Most Dangerous Email Subjects, Top 10 Hosting Countries

Elisabeth Olsen

With cloud infrastructure easily scalable and rented botnets coming on the cheap, the cost of conducting massive phishing campaigns continues to decline for cybercriminals. Even if the return rate is small or the campaign is poorly executed, phishing can result in serious money for criminals. Phishing will never simply go away—meaning ongoing headaches for security professionals.

Top 10 Countries Hosting Phishing

To shed some light on how targeted attacks and user education awareness are evolving, Websense Security Labs researchers investigated current phishing trends. We found that the percentage of phishing attempts within all email traffic dropped to 0.5 percent in 2013 (down from 1.12 percent in 2012). This may sound like good news, but certainly does not mean the coast is clear for businesses.

Today’s phishing campaigns are lower in volume but much more targeted. Cybercriminals aren’t simply throwing millions of emails over the fence. They are instead targeting their attack strategies with sophisticated techniques and integrating social engineering tactics. Scammers use social networks to conduct their recon and research their prey. Once the intelligence is harvested, they use that information to carefully construct email lures and yield maximum success.

In addition to social engineering, geographic location also plays an intricate role in phishing. By rank, here’s a list of the top 10 countries hosting phishing URLs: (Based on research conducted 1/1/13-9/30/13)

  1. China
  2. United States
  3. Germany
  4. United Kingdom
  5. Canada
  6. Russia
  7. France
  8. Hong Kong
  9. Netherlands
  10. Brazil

Some interesting points about this list:

  • China and Hong Kong made their debuts this year, having never before been included in our lists
  • The UK moved up from the number six spot
  • The U.S. dropped out of the number one spot, for the first time in a long, long time
  • Russia moved up from the number 10 spot
  • Egypt and the Bahamas have disappeared from the list, after recent appearances

Five Most Dangerous Subject Lines

As you can see, where you are in the world can influence how much your organization is at risk. However, geographic location is only one piece of the puzzle for detecting and stopping unwanted emails. How the emails are titled also plays a significant role in the success of a phishing campaign.

To further investigate, our security researchers took a closer look and determined that the top five subject lines in worldwide phishing emails are the following: (Based on research conducted 1/1/13-9/30/13)

  1. Invitation to connect on LinkedIn
  2. Mail delivery failed: returning message to sender
  3. Dear <insert bank name here> Customer
  4. Comunicazione importante
  5. Undelivered Mail Returned to Sender

The list above portrays how cybercriminals are attempting to fool recipients into clicking a malicious link or downloading an infected file by using business-focused and legitimate-looking subject lines. Scammers will use any means necessary to increase the likelihood of an inspire-to-click campaign.

Phishing Security Tips and Infographic

To combat phishing attacks, be sure to adequately prepare yourself with a security solution that can expose advanced threats and alert your security team in real time. You can protect your organization by implementing web, data, email and sandboxing security solutions that share crucial intelligence to analyze potentially malicious content in real-time. Promoting and adhering to these tips can significantly decrease your organization’s chances of becoming a victim of a phishing campaign. Click here for a webcast on “Defending Against Today’s Targeted Phishing Attacks.” Below is also the Websense Security Labs infographic on this research:

Phishing Attacks

How has your organization tackled the ominous and ever–present phish? Please feel free to drop us a line below. We would be happy to answer any question(s) you might have.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.