Analyses reveal 2013's most conspicuous phishing giveaways

Global volumes of phishing emails dropped significantly in 2013 compared with 2012 – but that's only because today's phishing attempts are smaller and better-targeted, according to security vendors offering end-of-year warnings about 2013's most risk-prone emails and celebrities.

Recent analysis by Websense found that China and Hong Kong had joined the ranks of the top 10 phishing countries for the first time in 2013, while the US lost its rank as the number-one source of phishing emails for the first time.

Country of origin was only one telltale sign, however: five types of subject headings could be taken as telltale signs of phishing emails, Webse noted. These include:

1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear Customer
4. Comunicazione importante
5. Undelivered Mail Returned to Sender

Those telltale phishing subject lines may be a sure fire indication that something strange is going on, but they're not the only way for users to identify potentially malicious emails.

A ranking of the most 'dangerous' celebrities – those whose names are most often used in spam and phishing attempts in order to pique recipients' interest – found that Jennifer Aniston's name was used in 19 percent of all spam messages that include celebrity names.

Rihanna was a close second at 16 percent, while Selena Gomez was mentioned in 13 percent of jump emails.

Interestingly, not all celebrities were linked with the same types of phishing attacks. For example, Aniston's and Rihanna's names are regularly linked with sexual and pornographic content while Selena Gomez's name is used to advertise plastic surgery and purported 'free' online concerts from phishing sites that in reality collect personally identifiable data.

“The scams go so far that sometimes, celebrities are declared dead and allegedly photographed beaten or involved in hideous sex scandals,” Bitdefender e-threat analyst Loredana Botezatu said in a statement.

“The messages promise scandalous pictures or videos only to make users open attachments and click links to infect their devices with malware, expose them to inappropriate content or steal sensitive into right under people’s noses.”

Other popular celebrity phishing bait includes Miley Cyrus, Scarlet Johansson, Marilyn Monroe, Katy Perry, Beyonce Knowles, Sandra Bullock and Eminem.

Movies are also popular lures to get users to click on phishing mails, with Gravity the most popular and 12 Years a Slave, Insidious and The Avengers filling out the top four.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags: phishing

How to keep your smartphone (and its data) secure

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Audit Management Solutions

Manage the complete audit lifecycle from audit universe identification and risk assessment to management/board reporting and quality assurance.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.