Social networks, messengers, external cloud services often exploited by cyber-fraudsters
According to anonymized statistics of events captured in a Kaspersky product, voluntarily provided by its customers, the top five web services employees access more often from their corporate devices include a video sharing platform, a social network, a mail service and a messenger: YouTube, Facebook, Google Drive, Gmail, and WhatsApp - all leading services in their respective segments. Unfortunately, these same web services are also exploited for phishing and other malicious actions. Kaspersky analysis revealed the top five applications where phishing attempts were found most often: Facebook (4.5m phishing attempts), WhatsApp (3.7m), Amazon (3.3m), Apple (3.1m), and Netflix (2.7m). Google’s offerings bundled together, including YouTube, Gmail, and Google Drive, took the sixth position with 1.5m phishing attempts. With the two lists sharing many of the services, these results only confirm the trend that popular applications have become valuable platforms for fraudsters’ malicious actions. The product statistics also showed what web applications are most likely to be limited on organizations’ corporate devices. The top five most blocked applications only include social networks: Facebook, Twitter, Pinterest, Instagram and LinkedIn. These decisions can be made for a variety of reasons, such as complying with data regulations, or in line with specific organization requirements for social media use. And while it includes Facebook, which is actively exploited by scammers, it doesn’t include messengers, file sharing or mail services – probably because they are often used for working purposes as well as for personal needs.
- Show employees how to recognize fake or insecure websites and phishing messages. Encourage them to never enter their credentials before checking a website’s credibility, or open and download files from unknown senders.
- Conduct basic security awareness training for your employees. This can be done online and should cover essential practices including those that protect against phishing, such as account and password management, email security, endpoint security, and web browsing. Kaspersky Automated Security Awareness Platform provides such training in an easy and effective way.
- Adopt a proven endpoint security product with web, network and mail threat protection.
- It is also important to enhance IT managers’ expertise on relevant cyberthreats and how to prevent them. Kaspersky Endpoint Security Cloud now provides Cybersecurity for IT Online training that allows them to learn new skills on how to classify malware and how to recognize malicious and suspicious behavior in software. It is available as a beta version on the product management console.