Most Phishing Attacks Originate from US, says INKY CEO Dave Baggett

'Impersonating sites of reputable organizations has become super-easy,' says Dave Baggett, Co-Founder and CEO of INKY

Cybercriminals are exploiting the COVID-19 pandemic to hook unsuspecting people curious for information on the crisis. They are bombarded with fabricated new work from home policies or fake layoff/furlough notifications. The Internet Crime Complaint Center (IC3), the online crime reporting mechanism of the Federal Bureau of Investigation (FBI), has seen the frequency of complaints shoot up since the beginning of the pandemic. According to reports, the number of complaints has tripled or quadrupled.

Origin of The Perpetrators

According to several reports and social media, most of these attacks are executed by criminals in Russia, China, or North Korea. However, INKY, a cloud-based cybersecurity company, has a totally different view. Its latest report traces most phishing attacks to the US.

Dave Baggett, Co-Founder and CEO of INKY, says a large number of IP addresses tracked in the phishing email headers originated from somewhere in the US. Asked why the US figures so prominently in the phishing attack ecosystem, Dave claimed: "The majority of our users are American. Phishers prefer to target victims within their own geography because it's more natural to research and impersonate since it's the same culture and language. Non-American attackers also spoof a USA origin to evade geographical filters."

In an exclusive interview with the International Business Times, the INKY co-founder and CEO gives his detailed take on the attacks. Excerpts from the interview:

IBT: What are the new trends you have observed recently in the phishing world?

Dave: Malicious HTM or HTML attachments that build credential harvesting sites on a victim's local network. Bad actors get stolen credentials directly emailed to them if the victim uses it.

We have also observed dynamic algorithms that impersonate the recipient's domain in a phishing email.

IBT: How easy is it for someone to execute an attack of this nature?

Dave: Executing a phishing attack is easier than you can think. Anybody could buy a cheap confusable domain name and some hosting space to execute an attack. And impersonating sites of any reputable organizations have become super-easy. Anyone can just download real company logos, trademarks, copyrights, and HTML/CSS codes from the internet and add them on a site to imitate.

Read full article.