Search here
21-Mar-2023
How cybercriminals use new tactics for phishing attacks
Playing text to speech
Phishing attacks have been around for a long time, and cybercriminals are always coming up with new tactics to make them more effective. In recent years, we have seen a rise in the use of new and sophisticated tactics to lure unsuspecting victims into divulging their personal and financial information.
Cybercriminals utilized three new original strategies, for example, abuse of web interpretation, picture just messages, and the addition of exceptional characters in phishing assaults during January 2023, another report has shown.
Barracuda Networks, an IT security company, claims that, despite the fact that the total volume of attacks employing these strategies is currently low (each strategy accounts for less than one percent of attempted phishing attacks), they are widespread, affecting anywhere from eleven percent to fifteen percent of organizations and frequently involving multiple attacks.
"Cybercriminals continue to develop their phishing techniques in response to the recent rise in the number of cyberattacks in India to evade detection and blockage. The most recent AI-enhanced email protection, which can effectively examine the context, subject, sender, and other details to determine whether a seemingly benign email is in fact a well-disguised attack, is required to protect your business.
Utilizing web links translated by Google Translate is the first tactic.
To prevent Google from translating the webpage, the attackers use poorly formatted HTML pages or a language that Google does not support. Google responds by stating that it cannot translate the underlying website and providing a link to the original URL.
The attackers include that URL link in an email, and if the recipient clicks on it, they are taken to a phishing website controlled by the attackers, albeit one that appears to be genuine.
The second tactic involves spammers using image-based attacks. The researchers found that attackers are increasingly using images in their phishing attacks instead of text.
There is a link or a callback phone number included in these images, which can be fake forms like invoices and lead to phishing when clicked on.
According to the report, traditional email security may have difficulty detecting these attacks because they do not contain any text.
Information shows that around one-in-10 (11 percent) associations were focused on with this kind of phishing email in January 2023, each getting on normal around two such messages during the month.
Hackers use special characters like punctuation, non-Latin script, zero-width Unicode code points, and spaces to evade detection in the third tactic.
This strategy is likewise utilized in "mistake hunching down" web address assaults, which impersonate the real webpage however with a slight incorrect spelling.
When used in a phishing email, however, the recipient cannot see the special characters.
Special characters can be used for legitimate purposes, such as in email signatures, making such attacks difficult to spot, according to the report.
In January 2023, a larger number of than one-in-seven (15 percent) associations got phishing messages that utilization extraordinary characters along these lines, each getting on normal around four such messages during the month.
In addition to these new tactics, cybercriminals are also using more sophisticated phishing emails. They are creating emails that look like they come from a legitimate source, such as a bank, social media platform, or e-commerce site. The emails often contain a sense of urgency, such as a warning that the victim's account has been compromised or a request for an immediate payment to prevent the suspension of an account.
Furthermore, cybercriminals are using new tactics to target businesses. They may pose as a vendor or supplier and send an email with an attachment that appears to be an invoice or payment request. When the attachment is opened, malware is installed on the victim's computer, allowing the attacker to steal sensitive information.
In conclusion, cybercriminals are continually developing new and sophisticated tactics to carry out phishing attacks. It is crucial to remain vigilant and cautious when receiving unsolicited communications and take appropriate measures to protect your personal and financial information. By staying informed and adopting best practices for online safety, you can reduce the risk of falling victim to phishing attacks.
Comments
Solutions
Copyright 2010 - 2024 MindStick Software Pvt. Ltd. All Rights Reserved Privacy Policy | Terms & Conditions | Cookie Policy