The Human Factor: Study analyzes user behavior during cyber attacks

The key finding of "The Human Factor" study is that cybercriminals are increasingly focusing on human error rather than technical errors to obtain money, personal data or intellectual property. Proofpoint's goal is to increase public awareness and sensitivity to this issue in order to improve security.

For example, Proopoint is seeing an increasing share of business email compromise (BEC) attacks against decision makers. These attacks represent the fastest growing segment of cybercriminals with an estimated damage of about five billion US dollars. Fraudsters send emails without malware to trick recipients into transferring money or revealing personal information.

Proofpoint comes to quite interesting and surprising conclusions:

• Sharp increase in the share of business email compromise (BEC, aka CEO fraud) attacks from one percent in 2015 to 42 percent last year (measured with the emergence of mails with banking Trojans).
• Someone always clicks - and quickly. Nearly 90 percent of all clicks occur within the first 24 hours after mail receipt. A quarter of them happen within the first ten minutes and half of them after about an hour. It is hardly surprising that the average time between the arrival of the mail and the click on the fraudulent link is shortest during business hours between 08:00 in the morning and 15:00 in the afternoon. - In this aspect, the local habits of users in different regions do not differ.
• More than 90 percent of fraudulent emails were designed to trick users into entering their credentials on spoofed phishing sites. Of particular note: Today, nearly all attacks (99 percent) that target fraud require human interaction to install malware. Thus, few exploit vulnerabilities in software. Among the phishing emails, while those aimed at stealing Apple IDs were the most common, those asking for Google Drive data were the most clicked.
• Half of all clicks on fraudulent URLs are from devices that are not subject to enterprise systems management. Around 42 percent now come from a mobile device. This rate has more than doubled from the long-term comparable figure of 20 percent. Eight percent of all clicks still come from potentially unprotected versions of Windows for which there are no longer any security patches due to their age.
• Fraudulent pseudo-support to harvest personal data via social media increased 150 percent in 2016. In this approach, the criminals create a social media account for support requests that is almost indistinguishable from that of a legitimate company. If a user seeks help from that very company and tweets their request, for example, these scammers attempt to redirect the request to their account. They usually then ask the person seeking help to enter their login details.
• Watch out on Thursday: on this day of the week, the volume of mails with malware attached increases by 38 percent compared to the average volume on weekdays. Tuesday, Wednesday and Thursday are particularly popular with ransomware senders. Banking Trojans peak on Wednesday. Campaigns attacking point-of-sales tend to occur on Thursday or Friday. Keyloggers and backdoor attacks prefer Mondays.

Other countries, other e-mail customs

Attackers now know the habits of mail users and send their mail attacks around four to five hours after the start of the normal working day, most of them at lunchtime. However, there are significant differences in the response to these mails around the world: While in the USA, Canada and Australia people often react to the mails exactly in these four to five hours, the French like to click at noon around 13:00. German and Swiss users, on the other hand, tend to be impatient and click right in the first few hours of the working day. The situation is completely different in Great Britain: Here, clicking is evenly distributed over the time until around 2:00 p.m., after which it becomes significantly less.

Proofpoint's "The Human Factor " report is based on research of countless attack attempts across more than 5,000 Proofpoint enterprise customers in 2016.

Here to download the complete report