While spam tends to be dismissed as being more of an annoyance, new research shows that there is a very real and ever-present threat in emails that are marked as “spam”.
I’ve written plenty about phishing attacks that target bank customers. It’s nothing new. What’s interesting is a recent article by security researchers at BitDefender where banking-related phishing attacks are considered spam. According to the article, 23% of all financial-themed emails marked as spam were actually phishing attacks attempting to obtain banking credentials, PINs, and other financial information.
In all cases, the emails impersonated a legitimate bank to look like official correspondence, and each sought to have the recipient login to their account or provide details.
I’m honestly not sure why a phishing attack is considered spam – I suppose, in a way, because it’s unwanted, it is spam. But, given the "harmless" image of spam – and the very much NOT benign nature of phishing attacks – it may be a bit improper to even refer to such emails as spam at all. Calling them what they are (phishing attacks) would certainly help to elevate the employee’s state of vigilance – particularly those that have undergone security awareness training.
No matter what you call it, I call it dangerous and potentially harmful. Stay vigilant, my friends!