Time-sensitive keywords prominent in phishing attacks

Online fraudsters prefer sending phishing emails that force their victims to believe they have to take immediate action, according to a new report.

Security firm FireEye's report (PDF) showed that, in particular, phishers prefer key words related to bogus shipments their victims are supposed to receive. Through the first half of this year, the top three terms included in malicious email attachments are “dhl,” “notification,” and “delivery."

And clearly organizations are doing a poor job at stopping these types of attacks. According to FireEye's recent “Advanced Threat Report,” there was a 56 percent increase in malicious messages that got past enterprises' existing security defenses, between the first and second quarter of 2012.

The results of the phishing report are based on words used in both targeted and non-targeted ruses, said Ali Mesdaq, security researcher at FireEye, in an email to SCMagazine.com Wednesday. He did not say how many suspect emails were analyzed.

“Urgency-related words had the highest growth rate of the categories we looked at,” Mesdaq said. “The sample size is based on our customers sharing data with us.”

International mail service, DHL Express, is at the top of the terms list, but the company is aware that its name is commonly used by cyber crooks, spokesman Daniel McGrath said in an email to SCMagazine.com Wednesday. As a result, it works hard to notify customers of such threats.

Mesdaq said companies like DHL, whose brands are regularly abused online, should read the report.

“Companies can use the research we released to help them educate users about tactics attackers are using,” he said. “If users are aware that ‘urgency' or ‘postal' related emails are a common tactic by attackers, they might be more careful when dealing with emails.”