NEWSLETTER SIGN UP

Why we need to overcome ‘Everyday Blindness’.

From Security Magazinehttps://www.securitymagazine.com/articles/91631-why-we-need-to-overcome-everyday-blindness

Last month, a school district in Manor, Texas, was caught in a phishing email scam that cost $2.3 million. An individual at the Manor ISD school district paid money in three separate transactions by responding to a phishing email. The individual didn’t recognize the bank account information had changed and sent the money to a fake bank. According to Ian Baxter, Director of Engineering for IRONSCALES, in addition to a very sophisticated phishing email, perhaps that individual at MISD had in-attentional blindness.

Phishing websites, also known as spoofed websites, are a very common deception tactic that attackers rely on to obtain a person’s login credentials to a legitimate website. The operation, known as credential theft, is simple: send unsuspecting recipients an email spoofing a trusted brand and persuade them to click on a link that then takes them to a login page, where they will be asked to enter their username and password. Then, attackers have the information they need to login to a real account and begin illegal activity, such as credit card fraud, data extraction, wire transfers and more.

While fraudulent URLs aren’t new, says Baxter, they are being used more often, and they are especially problematic for companies that rely on rules-based email security such as secure email gateways, multi AV scanners and sandboxing solutions, as such tools and solutions lack visual anomaly detection capabilities required to assess a fake login page from a legit login page in real-time.

For example, IRONSCALES analysts reviewed 25,000 emails in Q3 2019 with verified malicious links and attachments. They found that 23 percent (5,750) included links to active phishing websites. This represents a five-percent increase when compared to the previous 90-day period. Of that, the top five most spoofed websites were:

  1. Microsoft (37 percent)
  2. PayPal (25 percent)
  3. HSBC Holdings (8 percent)
  4. Adobe (5 percent)
  5. Wells Fargo (3 percent)

And a lot has to due to in-attentional blindness, Baxter says, which is an individual failing to perceive an unexpected change in plain sight. The issue became an Internet sensation, he notes, in 2012 when a video asked viewers how many whiteshirted players passed a ball. Focused on the task at hand, more than half of the viewers failed to recognize a woman in a gorilla suit in the middle of the picture.

Adversaries know this, Baxter says, and they now see the importance of creating attacks that deceive the human brain, in addition to defeating technological controls. Yet, he says, there are often clear indicators within phishing websites that can help people identify fake URLS if they know what to look for.
According to Baxter, there are five categories to which each phishing website fell into:

  1. Blurred (45 percent) – When an image appears blurry and out of focus.
  2. Resized (25 percent) – When an image appears stretched or elongated.
  3. Creative (15 percent) – When an attacker tries to make a connection through design.
  4. Retro (10 percent) – When an image or copy uses outdated branding and messaging.
  5. Sense of Urgency (5 percent) – When a copy contains uncommon immediacy and calls to action.

Thanks to in-attentional blindness, most people do not immediately see these visual similarity clues, Baxter says, and they wrongly assume the spoofed login page as legitimate and enter their credentials that are about to be used in a cyberattack.

In addition to websites, emails have the same problem, Baxter says. “What better way of making an email seem legitimate when sending a link to a fake login page than to spoof an actual email address such as (noreply@paypal.com), or using an email address from a domain look-alike such as (noreply@paypaI.com). Can YOU tell the difference between these two?”

So what’s the solution? According to Baxter, “Visual similarity/computer vision is the best technological answer, as it does not rely on code scanning or signatures to detect fake/malicious login pages, instead, it visually compares the page to known existing legitimate landing pages. For example, if a web page looks similar to a legitimate page while directing them to a non-authenticated/trusted URL, then a phishing attack is most likely underway.”

Featured Posts

Recent Posts

Electronic reports

The easiest way to know exactly what your security officers are doing.

Electronic security reports include real time electronic reporting, real time reporting, and GPS-based tour tracking. Electronic reports offer you a range of options in an easy-to-read format that far surpasses handwritten reports. Depending on the information you require, you can get very brief reports, or more detailed reports with date-stamped photos, videos, and audio recording. The reports provide detailed information about any incidents or unusual circumstances an officer encounters.

Click to see an example of our electronic reports.

Sign up today for the latest expert security information on how to guard your business, asset, and personal safety.

  • Security Tips & Recommendations
  • Important Security News
  • Security Program Resources
  • This field is for validation purposes and should be left unchanged.

 

Making these places safe for you

Services


Company


Benefits


Connect With Us


Let Our Expertise Work for You


Pro Security Group is a private security firm that provides security guard services, security systems installation and monitoring, courier service, and private investigation services. We are a woman-owned security business established in 2002 and licensed by the Texas Department of Public Safety to provide security under state license TXDPS #C11055.

© 2018 Pro Security Group | All Rights Reserved. Website Design: Creative Man Studio