Websense has posted some interesting new phishing research a few days ago. They started out: "With cloud infrastructure easily scalable and rented botnets coming on the cheap, the cost of conducting massive phishing campaigns continues to decline for cybercriminals. Even if the return rate is small or the campaign is poorly executed, phishing can result in serious money for criminals. Phishing will never simply go away—meaning ongoing headaches for security professionals."
They listed the top 10 countries hosting Phishing sites, but also the most dangerous phishing subject lines, based on research conducted Jan-Sept 2013:
- Invitation to connect on LinkedIn
- Mail delivery failed: returning message to sender
- Dear <insert bank name here> Customer
- Important Communication
- Undelivered Mail Returned to Sender
That incidentally was confirmed by KnowBe4's own research which showed that the LinkedIn invites had the highest scores on our simulated phishing attacks, which prospects can do for free as a Phishing Security Test.
More at the websense blog: http://community.websense.com/blogs/securitylabs/archive/2013/12/11/new-phishing-research-5-most-dangerous-email-subjects-top-10-hosting-countries.aspx
