The UK’s Supreme Court has been forced to warn netizens of a phishing campaign using the institution’s seal and logo to trick unsuspecting recipients.
The final court of appeal in the UK for civil cases told individuals to ignore the fraudulent message.
A brief statement on its website had the following:
“Orders made by the Supreme Court are only sent to the parties to proceedings before the Court, and will bear the courts seal and logo. The Supreme Court does not issue 'subpoenas' for criminal cases and if you receive an email purporting to be such you are advised to ignore it.”
The volume of global phishing attacks hit a 12-year high in the first quarter of 2016 and stayed high throughout the year.
Just this week, new stats from Proofpoint revealed that phishing via social media channels had jumped 500% in Q4.
It also claimed that the vast majority of phishing email links (99%) direct to dedicated sites designed to steal user credentials. Exploit kits accounted for just 1% by the end of Q4.
Ryan O’Leary, VP of WhiteHat Security’s Threat Research Centre, argued that the technique still tricks enough victims to make it worth the hackers’ while.
"The problem is that people receive important emails from services and well-known brands most days. The best phishing attacks capitalize on this by targeting something that is either important or requires immediate attention, be it online banking, a fake purchase or in this case a court summons. In doing so, people forget everything about security and just want to solve the perceived ‘problem’,” he explained.
“Individuals should implement two-factor authentication across every account that offers it, as this means hackers must have both compromised the login and the device itself. Businesses should continually educate their workforce on the tell-tale signs of a phishing email and should implement tools that warn users if they try to click on potentially dangerous links."