Malware Attacks and Phishing Scams Increase

A 2015 year-end global security report released by AppRiver, a software and security solutions provider, shows that a significant increase in spam messaging containing malware occurred in the last month of 2015. This amounted to 705 million quarantined messages with malware alone in December, compared with 944 million overall for the first 11 months of 2015.

Jon French, security analyst for AppRiver, points out that peaks are not abnormal and that the final-month jump could result from more people going online during the holiday season. “Our malware traffic was pretty consistent throughout the year,” he says. “Our best guess as to the increase in volume [in December] is that it was around the time when people were doing a lot of online shopping.”

For the entire  year, AppRiver quarantined 26 billion spam messages in its filters, some of which captured socially engineered phishing emails, obfuscated JavaScript files and ransomware. That said, the overall percentage of spam files that contained malware in 2015 was “pretty average,” according to French. “Malware is obviously a higher-impacting thing than spam,” he says. “So, even though malware’s numbers are significantly lower than spam’s, they have a much higher impact.”

The report also shows that in 2015, the highest percentage of spam messaging, about 49.4 percent, came out of North America, followed by Europe at 28.5 percent and Asia at 14.1 percent. The U.S. accounted for 8.6 billion messages overall. The Netherlands, Vietnam, Germany and Russia also made the top 10 list of countries originating the most spam mail.

Socially Engineering Phishing Is a Top Concern

A main area of concern for 2015 was the use of socially engineered phishing, in which a fraudster spoofed a manager or executive’s name and email address and then sent out an email with a question such as, “Are you at your desk?” to an unsuspecting employee. After several exchanges that convince the employee he or she is interacting with a corporate executive, the criminal follows through with a request for a wire transfer of money.

AppRiver reports that companies have lost many thousands of dollars through phishing attacks, with employees sending out wire transfers in amounts often ranging from $20,000 to $50,000. These types of phishing emails are generated from all around the world, and businesses of all sizes, nonprofits and even churches have been victimized.

To protect themselves, companies need to establish specific authentication procedures, such as placing a call to a CEO, establishing a ticketing system, verifying the request through a text message or using some type of two-factor authentication, French advises.

Socially engineered phishing emails, along with other types of email attacks, remain a concern in 2016. Although phishing emails do require criminals to identify the names of upper-level management and set up spoofed email addresses, the incentive for them is the large amounts of money they can get as a result of their efforts.

These scams work, according to French, who points out that “Anything that works will certainly continue.”