20 Apr You can snuff out phishing emails based on location
Origins of social engineering scams create helpful red flags
There are ways to fight back against phishing schemes and social engineering by taking advantage of knowledge. In other words, understanding the origin point of phishing emails creates a virtual “double-take” which assists in detecting them early. Security experts at Barracuda, in tandem with Columbia University, created an extensive profile of common phishing-attack sources. And, while phishing strikes can originate from anywhere on the globe, there are common locations.
Researchers ascertained their information from 2 billion emails and 218,000 phishing emails, analyzed from specific geographies. These were taken during January 2020, and discovered several critical details.
The likeliest source of phishing emails came from these areas: Central America, the Middle East, Africa, and parts of Eastern Europe. And, despite the malicious nature of the attackers, they come from legitimate cloud servers.
Attack specifics
As you readily know, these are phishing and social engineering scams which implement common phishing strategies. That is to say, the use of spoofed emails and messages to bypass network security and steal information (or deploy ransomware/malware). From the analysis, researchers pinned down critical traits of attacks arriving from the aforementioned regions.
Phishing attacks from these regions have multiple “stops”
According to the joint report, roughly 80 percent of safe emails are routed through two or fewer countries. On the other hand, over 60 percent of phishing emails go through two or more regions’ servers. That’s an important distinction to make when checking the path of an incoming message. While it doesn’t automatically mean the arriving message is malicious in nature, it can put it on higher alert.
Higher chances of a malicious email come from the following regions
Once again, emails fitting the first qualification (sent through several servers) are also likely to be phishing scams if originating from: Central America, Eastern Europe, Africa, and the Middle East.
Some other countries that showed the highest level of phishing attacks were the following:
- Puerto Rico
- Bahamas
- Iran
- Palestine
- Latvia
- Lithuania
- Serbia
- Russia
- Kazakhstan
- Ukraine
When spotting emails from these sources, it can help elevate suspicion and prevent an attack altogether.
Attacks are from legitimate servers and cloud sources
It’s easy to assume that phishing emails and malicious messages originate from shady accounts. However, phishing is effective for the opposite reason: emails are sent from compromised accounts. In this case, they’re coming from large, legitimate cloud providers to mask their intent.
For example, Amazon has a large probability of hosting a phishing email from a compromised account. Therefore, it’s important to keep in mind that “legitimate” doesn’t always mean it is.
Creating efficient counter-phishing strategies
Even with the additional info, taking the fight to phishing emails proves challenging. With the expansion of remote working, networks abroad are more vulnerable than ever.
While information strategies – such as informing workers about key phishing traits – are useful, there is an inherent demand for efficiency. Phishing attacks can happen in high volume, so it’s not always possible to counter them all (or practical for time reasons). Still, many methods exist for phishing defense, especially when you have source information such as we’ve gone over.
Automated flag methods, for instance, provided an efficient way to organize potential threat emails into a DMZ zone. From there, IT teams and staff can double check to see if the message is a phishing attempt. Content awareness training also helps, informing workers about phishing email techniques and their origin points.
Of course, if you’re still struggling with phishing emails and social-engineering schemes, help is always available. You can contact Bytagig today for more information.
Share this post:
Sorry, the comment form is closed at this time.