Social engineering attacks on rise: US security firm

ANKARA

Social engineering attacks are increasing, where deception is used to manipulate people into disclosing confidential or personal information that could be used for fraudulent purposes.

After analyzing 1.3 billion emails, U.S. security firm FireEye detected increases in three main areas, including spoofed phishing attempts, HTTPS encryption in URL-based attacks and cloud-based attacks focused on publicly hosted, trusted file-sharing services, it said in a report published Tuesday.

According to its email threat report, the company discovered a 26% increase in malicious URLs using HTTPS, a 17% rise in phishing attempts, a significant increase in file-sharing service exploitation and new impersonation techniques.

Phishing is a type of social engineering attack where an email impersonates a well-known contact or trusted company to induce the recipient to click on an embedded link, with the ultimate goal of credential or credit card harvesting.

The report said the top-used brands across these activities included Microsoft, with almost 30% of all detections, followed by OneDrive, Apple, PayPal and Amazon, each within the 6%-7% range.

It added that HTTPS encryption in URL-based attacks had overtaken attachment-based attacks as a means of delivery in 2018 due to consumer perception that HTTPS is a safer option to engage in on the internet.

Analysis of the emails also showed a significant increase in links to malicious files posted over trusted file-sharing services such as WeTransfer, Google Drive and OneDrive. Dropbox was the most commonly used.