Connect with us

Hi, what are you looking for?


Why businesses need extra vigilance to combat phishing attacks

According to researchers at Virginia Tech, a new generation of hackers can easily spoof the email address of a co-worker or seemingly from a business, and use this to send forged emails to victims. To work well this not only requires computer skills, since the words need to appear genuine too. Trials show that with the right amount of social engineering, it is relatively straightforward to obtain sensitive information from an unsuspecting recipient.

Many users of business email are cognizant about strange email addresses, especially emails containing links or attachments. People are less vigilant when an email appears to come from a trusted source. People also tend to be cautious of emails written poorly.

However, hackers are becoming more sophisticated. Writing has, in many cases improved and when this is coupled with a hacker obtaining the email address of a co-worker or from corporate, then it is much easier to fall for a scam.

According to Professor Gang Wang: “These kinds of phishing attacks are especially dangerous. Technology changes so quickly, and now a hacker can obtain your information easily.”

He explains further: “This information can be used to commit cyberattacks that run the gamut from being mildly annoying, like having to deal with a checking account that has been hacked, to serious consequences of physical life and death if information, for example, to a hospital’s computer mainframe is obtained.”

He adds that most email systems (which use the international Simple Mail Transfer Protocol) were designed without spoofing in mind, and this leaves them vulnerable. Even with no protocols, there are vulnerabilities.

In his research Professor Wang has assessed SMTP extensions, such as SPF (sender policy framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication), and found almost half to be poorly configured and hence vulnerable to phishing attacks.

To show this, Wang and his team set up user accounts under the target email services as the email receiver and then used an experimental server to send forged emails, with a fake sender address, to the receiver account. The study used 35 popular email services, such as Gmail, iCloud, and Outlook. The click through rate from recipients was up to 26 percent.

From this Professor Wang has recommended tighter security protocols. The findings will be presented to the 27th Annual USENIX Security Symposium in Baltimore, Maryland, in August 2018.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

The United Arab Emirates, which has launched a bold Mars mission, now hopes to become a pioneer in the depths of the metaverse.


A tie-up between Vodafone and Three UK would create the biggest player in the UK mobile industry - Copyright AFP/File Roslan RAHMANVodafone on Monday...

Tech & Science

With the help of high-resolution satellite observations, scientists detail the unique pattern of sea level change linked to the Greenland ice sheet.