Sign up

The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.

 Legal Disclaimer

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.

 Advertiser Disclosure

The Most Trusted Brands Are Phishers’ Favorite Lures

Published
June 2, 2015
Byron Acohido

Byron Acohido is a Pulitzer-winning journalist and one of the nation’s most respected cybersecurity and privacy experts. He is the Editor-in-Chief of ThirdCertainty.com. Acohido is a native of the 50th state of Hawaii. He graduated from Damien Memorial High School in Honolulu and the University of Oregon School of Journalism, and also practiced journalism at The Herald, of Everett, WA, and the Dallas Times Herald. He also taught college courses at the University of Alaska Anchorage as the Atwood Chair of Journalism. He is highly-regarded in tech, journalism, government and academia as an author, analyst, instructor and public speaker dedicated to fostering fresh thinking and fruitful discussions about cybersecurity and privacy.

Most of us don’t think twice about opening and maintaining multiple free email accounts where we live out our digital lives. And we’re getting more and more comfortable by the day at downloading and using mobile apps.

Yet those behaviors can harm us. ThirdCertainty sat down with David Duncan, chief marketing officer for threat intelligence and security company Webroot, to discuss how cybercriminals are hustling to take advantage of our love of free Web mail services and nifty mobile apps.

3C: Phishing attacks leveraging our love of Google, Apple, Yahoo, Facebook and Dropbox are skyrocketing. How come?

Duncan: There are 10 times more phishing attacks based on emulating tech companies than financial firms. You’d think it would be the other way around, but it’s not. The focus is on stealing information from your various email accounts because it’s easier to spoof people into acting on something that appears to come from Google or Apple than from Bank of America or Citibank.

3C: Because we’re less suspicious of Google and Apple than big banks?

Duncan: Yes. Phishers prey on the fact that we see those brands as trustworthy brands.

3C: What ruses should folks watch out for?

Duncan: It’s the typical ones. You’ll get something advising you of the need to change your password or share your contacts. They’ll send you a link to click. A certain percentage of gullible users will click on the link and follow instructions to give up their credentials.

I can’t say I know of any specific new strategies other than the fact that the focus is on impersonating big domains like Google and Yahoo because people don’t think too much about something that appears to be coming from those trusted sources.

3C: Is there really a one-in-three chance the average person will fall for a phishing scam?

Duncan: Yes, there is a 30% chance of Internet users falling for a zero-day phishing attack over the course of the year. It used to be about one out of every seven phishing emails actually got through. But we’re human beings, which means we’re gullible.

3C: What about mobile apps? What’s the risk there?

Duncan: A year ago, we tracked about 8 million mobile apps, and around 75% were trustworthy and 10% were benign. So 15% were malicious or suspicious. Now we’re classifying 15 million mobile apps, and we’re finding 35% to 40% are suspicious or malicious in character.

3C: That’s a pretty significant change.

Duncan: People don’t think of installing an app on their mobile device as installing a potentially unwanted application that’s being delivered from an untrustworthy app store.

3C: So is this mostly an Android exposure?

Duncan: Probably 90% is Android, maybe 10% is iOS. Apple has a more secured kind of walled guard for verifying and authenticating the source of applications. But it also depends on what users are accustomed to. If you go over to certain geographies in the world, people may not necessarily always go to the iTunes store. There are a lot of third-party websites where even iOS apps are cheaper or they’re free.

More Money-Saving Reads:

Image: iStock

Share
Published by
Byron Acohido
June 2, 2015

You Might Also Like

What Can Someone Do With Your Social Security Number?

Find out what someone can do with your stolen Social Security num... Read More

October 19, 2023

Identity Theft and Scams

11 Tips for How to Prevent Identity Theft

The Federal Trade Commission’s Consumer Sentinel Network re... Read More

May 17, 2022

Identity Theft and Scams

COVID-19 Scams

COVID-19 vaccines are being rolled out across the country, and th... Read More

May 20, 2021

Identity Theft and Scams