Do you know what makes you vulnerable to an email scam/phishing attack/malware all up in your computer? It’s you. Yep – rather than focusing on software flaws, the most easily exploitable link in your online security chain is the humble human.
So when should you be keeping your eye out? A new report from Proofpoint has revealed the times, days and ways attackers are more likely to achieve successes.
Aussies click on malicious links at 9am more than any other time of the day. Bleary eyed, first thing at work. But the peak window for clicking activity in Australia is centred on 12pm, with more than 60 per cent of clicks occurring within three hours of 11am.
First thing, and lunchtimes. Think before you click, Australia.
Worldwide stats show we click on malicious URLs at every hour of the day, though. Whether at work or at home, day or night, we are clicking on URLs that can lead to phishing pages and malware downloads.
The peak clicking times globally coincide with business hours. During this time, malicious URLs are likely to have their shortest wait times before being clicked.
The median time-to-click for malicious URLs is less than one hour during business hours. Most clicks occur within one day after malicious URLs arrive in the user’s inbox.
Email-based threats can target users any day of the week, and attackers optimise the days and times of their campaigns for the biggest impact. Attackers do their best to make sure messages reach users when they are most likely to click: at the start of the business day in time for them to see and click on malicious messages during working hours.
Malicious attachment message volume spikes more than 38 per cent on Thursdays over the average weekday volume. Thursday is the top message volume day for attachments in all the countries examined in the report.
Want some other interesting facts from the report? Nearly 90 per cent of clicks on malicious URLs occur within the first 24 hours of delivery, with 25 per cent of those occurring in just ten minutes – and nearly 50 per cent of clicks occur within an hour.
More than 90 per cent of malicious email messages that featured nefarious URLs led users to credential phishing pages. And a full 99 per cent of email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware. Phishing messages designed to steal Apple IDs were the most sent, but Google Drive phishing links were the most clicked.
Social media “fraudulent support” account phishing increased 150 per cent in 2016. During these attacks cybercriminals create a lookalike social-media account posing as the customer-service account of a trusted brand. When someone tweets to a company looking for help, the attacker swoops in.