Most Common Spear Phishing Word

Wednesday, September 26, 2012 @ 04:09 PM gHale


What’s in a word? Quite a bit if you are a spear phishing attacker that wants to get by security systems.

Correct word usage seems to be working because the number of malicious emails keeps increasing spam campaigns have also improved.

RELATED STORIES
IEEE Breach via FTP Servers
Most Data Breaches an Inside Job
Honeypot Now SQL Injection Capable
USB Malware Heart of Investigation

Right now, new spam emails are able to avoid blockage by signature- and reputation-based defense mechanisms, said researchers at FireEye. Not only that, researchers identified an interesting trend in the words utilized in the names of malicious files.

The most common word used in the second half of 2011 in cyber criminal campaigns was “label,” according to the report entitled, “Top Words Used in Spear Phishing Attacks to Successfully Compromise Enterprise Networks and Steal Data.”

However, in the first half of 2012, “label” dropped to the 6th position. Currently, the most commonly utilized words in spear phishing attacks are “dhl” and “notification.”

Each of these words appears in almost a quarter (23.42%, respectively 23.37%) of all the malicious attachments that land in inboxes.

Other words that stand out of the bunch are “delivery,” “express,” “2012,” “shipment,” “ups,” “international,” “parcel,” “post,” “confirmation,” “alert,” “usps,” “report,” “jan2012,” “april,” “idnotification,” “ticket” and “shipping.”

This shows that most of the malicious files that come via spam emails somehow relate to shipping. While this may not seem new, the figures from the report reveal names related to this topic have grown from 19.20% to 26.35%.

Another growth area is the number of files referencing words associated with “urgency.” Compared to the last six months of 2011, this year, over 10% of attachments attempted to induce a sense of urgency.

Other topics, besides “postal” and “urgency,” were banking and taxes, airline notifications and billing.



Leave a Reply

You must be logged in to post a comment.