Virus Makes Media More Vulnerable To Phishing

Phishing campaigns are increasingly targeting users’ fear and uncertainty over the coronavirus with media brands particularly vulnerable. Employing some basic strategies now can help reduce exposure.

By Or Katz | April 21, 2020 | 5:29 a.m. ET.

Phishing attacks increase when we are most vulnerable. Not surprisingly, in recent weeks, the COVID-19 outbreak has affected many people around the world. Data has indicated that more and more phishing attack campaigns have targeted or leveraged users’ fear and feeling of uncertainty to engage them in phishing scams.

According to Akamai’s research, some of these phishing campaigns are seizing the moment and are recycling phishing toolkits to make the effort of deploying and launching those campaigns even easier and faster.

Another effect of COVID-19 is the increase of working from home, which leads to the blend of work and personal related use of the same device for employees. As more of these use cases exist, it might lead to a situation where users and organizations are more likely to be exposed to a higher level of risk as the segregation between customer attacks and enterprise attacks fades away.

When it comes to phishing, the most common attack objectives are to lead victims into installing malicious software or stealing victims’ credentials. Both will give threat actors the ability to monetize the scam into selling victims’ valuable information to the highest bidder, which is later abused by other cybercriminals.

Media Brand Abuse

Media brands are known to be abused mainly due to the fact that their customers’ credentials are valuable to merchants on cybercriminals’ marketplaces and can be used to illegally access the stolen accounts.

BRAND CONNECTIONS

Another use case for such stolen credentials can be found in credential stuffing attacks where attackers are counting on the fact that individuals are re-using the same credentials over different services. For example, if a given user’s media-service provider credentials are also being used by that user on other web services, once those credentials are stolen, attackers will try to force themselves into as many web services as possible and to try to get access to as many accounts as they can.

Much like other merchants that have different levels of demand over different periods of the year, stolen media-services credentials also have high demand in different shopping seasons. According to research done by Akamai, during the holiday season of 2019, phishing attack victims were on the rise with both ecommerce and media as targeted industries.

The fact that both of those targeted industries were leading the growing momentum didn’t come as a surprise. Over that time of the year, consumers generally lower their defenses when looking for bargains, and stolen credentials for ecommerce and media sites become more valuable with increased demand.

Reducing Exposure

As more and more people are staying at home in the past few weeks, we predict there will be an increase in the demand for stolen media-services accounts. As a result, we will see an increase in phishing attacks that are targeting media-service customers.

Phishing is not a new attack vector, and unfortunately it is not going to die soon. Phishing attacks abuse users when they are the most vulnerable, whether it is their desire to find outstanding deals and coupons or they are concerned and looking for information about COVID-19 outbreak information. In both cases, their chances of engaging with phishing scams will be high and will lead to a higher scam success rate.

There are a number of strategies media businesses can implement in order to ensure their brands and consumers are secure and their organizations as a whole will be less exposed to phishing security risks. These include the following:

Apply multi-factor authentication (two-step verification). For example, when consumers try to sign-in on a site, they are required to use a code that was sent to their phones to verify the login attempt. Turning on multi-factor authentication adds an additional layer of defense if their user credentials were stolen.
Make sure the brand’s website can detect and block credential stuffing attacks and verify all users as humans and not bots. By doing so, it will help businesses to detect massive credential stuffing attacks, flag the stolen credentials and enable resetting of passwords for those users if needed.
Track if the brand is being abused in the wild, making sure it is not abused by phishing attacks campaigns. For example, businesses can collect and process threat intelligence data resources from a range of sources and shut down the phishing sites that are targeting their customers.

Users need to make sure they think twice before engaging with offers that are too good to be true; they also need to make sure that the website in front of them is trustworthy and legit. Above all, they need to make sure their loved ones, colleagues and friends are safe online, and they should avoid opening files that are delivered from unknown sources.

Or Katz is lead principal security researcher at Akamai Technologies.

Virus Makes Media More Vulnerable To Phishing

Comments (0)

Leave a Reply Cancel reply

Stay Connected

Subscribe

Events

Streaming Revenue Strategies for Local TV 16 May 2024

Collaboration and News Production in 2024 23 May 2024

Media Jobs

Digital Platform Specialist

Account Executive – Trainee/New Business Development

Director of Sales

Reporter

Sales Manager, Senior Newscast Producer and Digital Video Producer

Executive Producer, Meteorologist and Weekend Anchor/Senior MMJ

TVN Video

NewsTECHForum 2023 Keynote Panel —Democracy, Technology, TV Journalism and the 2024 Election

NewsTECHForum 2023 - Chasing AI: Threatening or Enhancing the News?

NewsTECHForum 2023 - Adapting to a Culture of Continuous Crisis

TV2025 2023 - Collaboration and the Future of Content Creation

TV2025 2023 - Building a Breakout Hit in a Multiplatform World

Webinar: Tech Leaders on Trends in 2024

Talking TV: Emily Barr on Sinclair's Shuttered Newsrooms

TV2025 2023 - Station Group Leaders on the State of the Industry

TVN Webinars

All TVN Videos

Sponsored Content

Generate more ad revenue with sponsored UGC segments

Drive audience engagement with streaming weather

Navigating the AI revolution in media sales: challenges, trust and harnessing custom AI solutions

Megaphone TV launches new interactive sponsorship platform

Elevate your media sales game: embracing data for a competitive advantage

The 4 walls of television interactive sponsorship sales

The future of cyber insurance: Navigating the complex digital landscape

Why an alerting strategy will help win customers in a multi-platform world

Future-proof compliance with AI speech-to-text technology

Applied AI: An unseen revolution in local TV advertising

Real-time news polls have never been this easy

The year of getting everything connected

Local stations continue to see interactive sponsorship success

What the latest AI breakthroughs mean for live and archive content

How top broadcasters expand compliance logging to embrace OTT monitoring

Delivering creativity on budget and without technological constraints

Byron Allen: Too much talk, not enough action on advertising equity

Market Share

Winners Of The Florida Association Of Broadcast Journalists Awards

WLBT CSD’s Balancing Act For Commercial Production And Station Promotion

WJZ’s First Hours Responding To Baltimore Bridge Collapse

Special Reports

NewsTECHForum: The Complete Videos

In 2024, Spot TV Is All About Political

Updated Top 30 Station Groups: Nexstar Retains Top Spot, Gray Now No. 2 As FCC-Rejected Standard General Drops Off

Streaming Revenue Strategies for Local TV

16 May 2024

Collaboration and News Production in 2024

23 May 2024