Social engineering attacks ― which includes spear phishing and social media emulation ― spiked in the second quarter of 2018 thanks to new hacking methods and the World Cup, according to new research from the cybersecurity firm Proofpoint.
Attempts to trick users into giving personal information spiked more than 500 percent from the first to second quarter of 2018, researchers at Proofpoint said.
“Social engineering is increasingly the most popular way to launch email attacks,” the cybersecurity firm said in their second quarter threat report. “Criminals continue to find new ways to exploit the human factor.”
The use of cryptocurrency, fake antivirus and browser plugins were responsible for the jump in attempts to manipulate users via email, according to the report.
Proofpoint said this summer’s World Cup in Russia offered a unique opportunity for hackers to prey on victims. “For years we have seen attackers exploit major events and trends for social engineering,” the report said.
Roughly 17 percent of suspicious accounts the firm investigated during the World Cup involved streaming services to watch matches.
Overall, the volume of email fraud that organizations receive has increased 87 percent year-over-year, the report said.
Proofpoint said that agencies and companies should assume that users will click on malware and have security systems as a backup to stop hacking attempts.
Some parts of the U.S. government have already followed this advice.
The Department of Homeland Security received more than 30 million emails from December 2017 to May 2018, the top IT official at the agency, John Zangardi said Sept. 7. Roughly 21 percent of those emails were malicious, he said during the Billington Cybersecurity summit.
Even though 10 employees clicked on the link, the department’s network was not infected.
The employees “got a little extra training,” Zangardi said.