Get answers from your peers along with millions of IT pros who visit Spiceworks.

Websense reported on October 8, 2012 about their July-August 2012 research. They said: “A disturbing new twist on targeted attacks has started to emerge this year that directly affects professionally managed networks. If we look at the days of the week when most phishing emails are sent, we notice a huge uptick in volume on Fridays, Sundays and Mondays.



Most phishing emails are sent on Fridays, followed by Monday and Sunday. The bad guys have learned that they can evade email security measures by sending an email with a clean link on Friday or over the weekend – bypassing email URL scanning. Then, over the weekend they compromise the URL with malicious code. The top phishing days of the week (percentage) are:

Friday (38.5%)

Monday (30%)

Sunday (10.9%)

Thursday (6.5%)

Tuesday (5.8%)

Wednesday (5.2%)

Saturday (3.2%)

A typical attack of this type would have the bad guy doing the following:

Find a URL that can be easily compromised… but do nothing at that time. Leave it ‘as is’ for now. Craft an email that will not trigger spam, AV or other security measures based on its content, but include links to the currently 'safe' URL. Since they typically pretend to be something legitimate, it is best to simply copy a legitimate message… and only change one link to the 'safe' URL. Send the email over the weekend, or late at night, so email defenses will approve the email and deliver it into the user’s mailbox. Just before you believe employees will begin accessing email, compromise the URL and install that part of the attack strategy.

Evasion techniques like these help when hackers are going for the big game – spear-phishing employees with access to a specific network or data or whale phishing, the targeting of executives at companies."

That is why it is very important to have all employees get high-quality security awareness training:

http:/ / www.knowbe4.com/ products/ kevin-mitnick-security-awareness-training

Warm regards,

Stu