More than 25% of all recipients open phishing emails, and a well executed phishing landing page can yield a success rate as high as 45%, according to a recent study from Google and the University of California. How many marketers can claim a success rate as high as this? According to MailChimp, not many.
Sophisticated cybercriminal networks are more effective than ever in understanding their target ‘audience’. Through thorough research, they can create a phishing scam designed around a person's typical email use, preferences and habits.
In the case of socially engineered attacks, cybercriminals can profile targets via publically available data on social media platforms like Linkedn, Facebook, Twitter and Instagram. Not only using information on the target, the proliferation of social media allows networks to collect data on colleagues, family and friends, and where possible determine their movements, like when they might be at a conference or in a presentation or meeting. These insights translate directly into higher campaign performance.
Marketers are desperately trying to understand how to tap into these lucrative social networks, but leveraging social networks to mine data on their targets is just the beginning for cybercrime networks. Knowing that people are far more likely to open an email from a friend, cybercriminals help themselves to your contact list. According to Google online security people in the contact list of hijacked accounts are 36 times more likely to be hijacked themselves.
Not only are these cybercriminals utilising data more efficiently, they’re faster to the punch than most marketers. In a single Australia Post scam detected by MailGuard in March, the cybercriminals executed more than 160 variations of the same attack within a 3-hour window, continually testing to determine the most effective combination of traits and attributes in order to achieve their optimal success rate.
Most recently the Pokemon Go phenomenon was hijacked by cybercriminal networks, who jumped onto the latest craze with a malicious version of the game targeting users in countries where the game is not yet available. Virtually identical to the real thing, the malware infects the device to give a scammer total control over a victim’s smartphone and access to their personal information. It took cybercriminal networks just 72 hours to produce this dangerous software.
This agility relies largely on the automated nature of cybercrime. Just as marketing automation platforms help marketers to serve contextually relevant content to their target audience, cybercriminals employ a similar approach to super-charge the execution of their attacks within a very small campaign timeframe. Imagine telling your average marketing campaign manager that you want to see success within a few hours of launching their campaign.
According to the same study by the University of California and Google, 20% of compromised accounts were accessed within 30 minutes of the compromise, and 50% of accounts were accessed within 7 hours. A separate study also concluded that 81.9% of compromises occurred within minutes of infection.
Now if only marketing was that easy….
Craig McDonald is the CEO and founder of MailGuard, a leading Australian technological innovator providing complete enterprise-grade protection against email and web security threats such as phishing and malware, spyware, viruses and spam
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.