Phishing Cybercriminals Are Getting Smarter—and Using Proper English

The controversial Cybersecurity Information Sharing Act passed in the Senate Tuesday afternoon. Kacper Pempel/Reuters

Phishing emails, once mass-targeted with nearly a million threats dispersed daily to scrape personal data, used to be easy to identify because of their poorly constructed sentences. But in the past six months, these emails have become smarter and more dangerous.

The conventional wisdom of watching out for emails with poor spelling and grammar has become outdated in the past six months, according to James Lyne, the global head of security research at the security firm Sophos. Now professional cybercriminals are tricking people and businesses with carefully written emails—sometimes disguised to look like ones from business colleagues—to deliver malicious codes.

Lyne says the new phishing tactics have been a major boon for the cybercriminals, who have recently struggled against bypassing new security features on Windows and Apple computers, which catch and block phishing and malware, including viruses, worms and spyware. "We do have a bit of a renaissance occurring with these cybercriminals," Lyne tells Newsweek in an interview at the RSA information security conference in San Francisco.

Instead of using old methods, which often targeted hundreds of thousands of accounts with the same email and hoped for some to click on the malware, cybercriminals are targeting a few thousand people with finely crafted emails for higher penetration rates.

With increased fortifications against malware in the past four to five years, the cybercriminal class has become smaller, more professional and more stratified based on technological proficiency, Lyne says. With less vulnerable data to go around, the demand and value of each set of compromised personal data has skyrocketed.

The most popular means of spreading malware is emailing corrupted documents—most commonly from Microsoft Word—and baiting people to click on them. One method cybercriminals use is scraping the company website, finding an executive's email account and making a facsimile account based on its appearance. Then the cybercriminals send an urgent business-related invoice email to another executive to lure that person into clicking the document.

Another popular method Lyne discovered was targeting human resource officers with job applications containing résumés filled with malware. All these methods include tracking codes in the documents to provide cybercriminals with an accurate report on what methods work and don't work.

"They have better data on human behavior than any of us," Lyne says. "It's a question of when, not if, people will click [on phishing emails]."

One way to skirt this issue is by digitally communicating with co-workers and friends with a more modern alternative to email. Lyne points to Slack, a popular cloud-based collaboration tool. It's much less susceptible to delivering malware because it is more robust and up-to-date in its security technology, Lyne says. However, if a Slack account were compromised, Slack would also be vulnerable to phishing documents.

"Plan for failure," Lyne warns. "Be able to react to it quickly and limit the damages. If you get suspicious emails with a company name like Amazon, go directly to the website and call them."