Phriday Phishing
by Jose NazarioI sure do post a lot about phishing here, don’t I? It’s because it’s such a fascinating subject, mixing the motives of the attacker, sometimes some code analysis (ie deconstructing their JavaScript), and victim analysis.
I had a look at the recent data shared by Symantec in Phishers Take Summers and Weekends Off, Too and decided to see if any such trend was hiding in our data. Turns out our data is slightly different, but we also see a noticeable dip on the weekend. What’s odd is that we see a dip on Thursday, too, and a huge surge on Fridays. I do not know why.
My theory is not simply that they look at it as a Monday through Friday job, but that they recognize that many people wouldn’t expect their bank to send them a notice on a weekend about fraudulent account activity. (That’s one of the common hooks for phishers, “We think your account was hacked, please log in to check on things”.)
Phishers face a dramatically different set of constraints than normal spammers. Unlike some scams, which try to appear to be coming from a friend with a “hot stock tip”, phishers have to appear to be legitimate. Misspellings (like “Sing In” seen on a recent eBay phish), \|1agara-speak, and the confusing images are dangerous to use, they’re an obvious tell-tale sign to the phishing target. And that will make their messages easier to classify than many other kinds of spam.
