logo
Just in:
Where Minds Meet to Launch Space Economy Association Off the Ground // OpenAI limits Sol launch amid cyber risks // Binzhou’s Leap from Manufacturing to Intelligent Manufacturing // 5 Law Firms Making a Difference in Cincinnati // Abu Dhabi starts new Saadiyat arts landmark // Alibaba Cloud gains edge in agentic AI race // Save the Children Hong Kong’s Play to Thrive: Prioritising Personal Growth Over Competitive Success // This summer will never stop us from our wellness routine // CG Capital, the Leader in Branded Residences in Thailand, Marks Milestone Success for InterContinental Residences Bangkok Asoke Amid Global Economic Uncertainty // PlayStation sales hit May low // PRHK 2026 Benchmark Report highlights how Hong Kong’s IPO revival, AI, and the GBA are reshaping the SAR’s PR industry // ClawHub breach exposes agent marketplace risk // World’s First Commercial Multimodal LLM for Cultural Tourism Enters Broad Application // Beijing widens Japan curbs as Takaichi row deepens // Construction Management Awards 2026 – Now open for nomination Introduction of the Inaugural “Excellent Construction Safety Culture Award” Guides the Construction Industry Toward a New Milestone in Safety // Bracell Welcomes Fernando Branco’s Appointment to Lead ABAF and Reinforces Commitment to Sustainable Forestry Development in Bahia // Most UAE expats under-insured, reveals survey // Bid To Rebuild Bengal To Its Old Glory Is Welcome, Though Difficult // Hawaii tests plastic waste in roads // Masdar starts Kazakh wind power push //
Biz Tech
0 likes

Phishing: Would you fall for one of these scam emails?

1489418953 mwr3

phishing.jpg

Phishing scams continue to be an effective method.


Image: Getty Images/iStockphoto

Staff are still falling for phishing scams, with social media friend requests and emails pretending to come from the HR department among the ones most likely to fool workers into handing over usernames and passwords.

Phishing scams aim to trick staff into handing over data — normally usernames and passwords — by posing as legitimate email. It’s a technique used by the lowliest criminals as part of ransomware campaigns, right up to state-backed hackers because it continues to be such an effective method.

ADVERTISEMENT

In a review of 100 simulated attack campaigns for 48 of its clients, accounting for almost a million individual users, security company MWR Infosecurity found that sending a bogus friend request was the best way to get someone to click on a link — even when the email was being sent to a work email address.

Almost a quarter of users clicked the link to be taken through to a fake login screen, with more than half going on to provide a username and password, and four out of five then going on to download a file.

A spoof email claiming to be from the HR department referring to the appraisal system was also very effective: nearly one in five clicked the link, and three-quarters provided more credentials, with a similar percentage going on to download a file.

mwr3.png

The effectiveness of a phishing campaign.


Source: MWR InfoSecurity

Workers are apparently slightly more cautious about emails that ask them to download an invoice; this one saw the lowest clicks and downloads of any of the lures the company tried. Only three percent of workers reported the simulated attacks.

mrw1.png

Example of a phishing scam.


Source: MWR InfoSecurity

“The click rates can vary massively from five percent to 45 percent depending on the scenario and how it tempts the user to click,” said Jason Kerner of MWR’s phishd division. The company measures how likely it is for workers to fall for a phishing scam.

ADVERTISEMENT

“You get the really spammy type plain-text emails asking for a money transfer — they’ll just delete or report it. Whereas if we do ones from the internal helpdesk of that company and it originates from a domain that looks very similar to their domain — it could even have the company name just slightly misspelt — people aren’t picking up these warning signs,” he said.

“A quick glance isn’t enough,” said Kerner. “You have to train them to go through the steps and double check it if it looks a bit suspicious; check the ‘from’ address — is it pointing at a domain you normally go to for this kind of thing, especially if it’s from another department?”

Other warning signs include elements of urgency in the email — like a money transfer that has to be done immediately — along with typos or mistakes in branding.

mrw2.png

Another scam: Would you click through?


Source: MWR InfoSecurity

Some might argue that gaining access to a staff email account is of limited use, but the security company argues that this is a handy for an assault. A hacker could dump entire mailboxes, access file shares, run programs on the compromised user’s device, and access multiple systems, warned MWR InfoSecurity. Even basic security controls, such as two-factor authentication or disabling file and SharePoint remote access, could reduce the risk.

The company also reported bad news about the passwords that users handed over: while over 60 percent of passwords were found to have a length of 8 to 10 characters — the mandatory minimum for many organizations — the company argued that this illustrates how users stick to minimum security requirements. A third of the passwords consisted of an upper-case first letter, a series of lower-case letters, and then numbers with no symbols.

It also found that 13.6 percent of passwords ended with four numbers in the range of 1940 to 2040. Of those, nearly half ended in 2016, which means one-in-twenty of all passwords end with the year in which they were created.

“This method of circumventing complexity requirements is a gift for attackers,” the company warned.

To mitigate these risks the company said that organisations should:

  • Monitor the internet for dumped user credentials and new attacks.
  • Train employees to report malicious emails.
  • Build controls that assume compromised credentials.
  • Monitor externally accessible servers, such as a mail server of VPN, for unusual activity.

Read more about phishing and security

(via PCMag)

Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.

ADVERTISEMENT

Share

Related news

Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Social Media Auto Publish Powered By : XYZScripts.com
Just in:
Ras Tanura crash kills Aramco personnel // Beijing widens Japan curbs as Takaichi row deepens // Most UAE expats under-insured, reveals survey // Tehran blocks French role in Hormuz clearance // Afogreen Build Highlights Growing Adoption of Building Performance Modelling in Australia’s Sustainability-Driven Construction Sector // This summer will never stop us from our wellness routine // Alibaba Cloud gains edge in agentic AI race // Hawaii tests plastic waste in roads // Dubai advances Gold Line contractor race // France and Oman press toll-free Hormuz passage // 5 Law Firms Making a Difference in Cincinnati // World’s First Commercial Multimodal LLM for Cultural Tourism Enters Broad Application // Construction Management Awards 2026 – Now open for nomination Introduction of the Inaugural “Excellent Construction Safety Culture Award” Guides the Construction Industry Toward a New Milestone in Safety // Bid To Rebuild Bengal To Its Old Glory Is Welcome, Though Difficult // OpenAI limits Sol launch amid cyber risks // Bracell Welcomes Fernando Branco’s Appointment to Lead ABAF and Reinforces Commitment to Sustainable Forestry Development in Bahia // PlayStation sales hit May low // Oil gains as Gulf truce faces strain // ClawHub breach exposes agent marketplace risk // XRG and Eni deepen Argentina LNG push //