By the year 2023, approximately 94% of corporations faced repercussions from phishing activities, a surge of 40% from the previous year, as per the findings released by Egress.
The rise in phishing incidents can be attributed to AI, especially generative AI. This technology has significantly facilitated threat actors in crafting content for their phishing campaigns, including malicious emails and more advanced mediums like deepfake videos. Moreover, AI enables the development of malware that these malicious entities plant on the systems of their targets during phishing attacks, as elaborated in this article.
Additionally, the concept of Phishing as a Service (PhaaS) has been highlighted as a crucial factor in the escalating phishing threats. PhaaS allows malevolent parties to engage skilled attackers for executing phishing plots, making it accessible for individuals aiming to launch phishing attacks for personal gain or vendettas against unaware victims.
The Agile Nature of Phishing
To comprehend the surge in phishing activities, an examination of how threat actors leverage AI and PhaaS to adapt swiftly to developments, primarily by responding promptly to altering circumstances, is essential.
Previously, the manual creation of phishing content (contrasted with generative AI) necessitated considerable time and effort, hindering threat actors’ ability to exploit unforeseen events for impactful campaigns. Similarly, minus PhaaS solutions, groups interested in targeting organizations with phishing endeavors lacked expedited methods to initiate attacks. However, recent advancements indicate a shift in this paradigm.
Discover popular phishing and impersonation tactics in The Phishing & Impersonation Protection Handbook
Phishing Attacks and Their Adaption to Dynamic Circumstances
Phishing tends to capitalize on ongoing global events, leveraging the hype or apprehension surrounding such occurrences. This trend becomes more pronounced in instances of evolving happenings like the CrowdStrike “Blue Screen of Death” (BSOD) incident.
Exploiting the CrowdStrike BSOD Incident
On July 19, CrowdStrike, the cybersecurity entity, rolled out a faulty update, resulting in Windows devices failing to boot correctly and users encountering the infamous Blue Screen of Death (BSOD).
Although CrowdStrike resolved the issue promptly, malevolent actors swiftly launched phishing campaigns to exploit individuals and enterprises seeking resolution to the malfunction. Within the initial day post the CrowdStrike mishap, Cyberint detected 17 domains with typosquatted URLs related to the incident. Some of these domains replicated Crowdstrike’s fix workaround, purportedly soliciting donations via PayPal. Investigating further, Cyberint traced the donation page to a software engineer named Aliaksandr Skuratovich, who also promoted the site on his LinkedIn profile.
Efforts to solicit donations for a fix originating externally were among the milder strategies employed post the CrowdStrike incident. Other typosquatted domains enticed users with non-existent fixes (freely available from CrowdStrike) in exchange for payments up to 1,000 euros. While these domains were eventually shut down, several organizations had already fallen prey to them. An analysis by Cyberint unveiled that the crypto wallet linked to the scam amassed approximately 10,000 euros.
Phishing Tactics Tailored to Scheduled Events
Pre-planned events witness more intricate and diverse phishing strategies. Threat actors enjoy a prolonged preparation period compared to the urgency following unexpected occurrences such as the CrowdStrike episode.
Olympic-themed Phishing
Phishing endeavors centered around the 2024 Olympics in Paris exemplified threat actors’ ability to orchestrate impactful campaigns by associating them with contemporary events.
As an instance within this category, Cyberint identified phishing emails asserting that recipients had won Olympic tickets, necessitating a minor payment for delivery fee reimbursement.
If individuals inputted their financial details to submit the payment, the attackers capitalized on it to impersonate the victims and conduct transactions using their accounts.
In a different instance of phishing tied to the Olympics, malicious actors in March 2024 established a professional-looking website purporting to sell tickets. In reality, it was a scam.
Despite the site’s lack of history and therefore limited credibility, it managed to rank prominently in Google searches, increasing the chances of duping people looking to buy Olympics tickets online.
Phishing and soccer
Comparable assaults unraveled during the UEFA Euro 2024 soccer championship. Particularly, threat actors launched deceptive mobile applications posing as the UEFA, the organization behind the event. Given that the apps utilized the organization’s official name and logo, it likely misled some individuals into assuming their legitimacy.
It’s essential to mention that these applications were not accessible on Apple’s or Google’s official app stores, which typically identify and remove malevolent apps (although there’s no assurance they’ll act swiftly enough to prevent harm). Instead, they were distributed through unregulated third-party app marketplaces, making it relatively more challenging for consumers to discover them – yet most mobile devices lacked safeguards to block the apps if a user navigated to a third-party app store and tried downloading malicious software.
Phishing and recurring occasions
When it pertains to recurrent events, phishers understand how to leverage circumstances to initiate potent attacks.
For instance, gift card scams, payment frauds, and counterfeit order confirmations escalate during the festive period. Likewise, phishing schemes that bait victims into applying for bogus seasonal jobs to obtain their personal data also spike.
The holiday period provides an ideal breeding ground for phishing due to the surge in online shopping, enticing offers, and a deluge of promotional emails. Scammers exploit these aspects, leading to considerable financial and reputational harm for enterprises.
The relevance of timing in phishing
Regrettably, AI and PhaaS have simplified phishing, and we should anticipate threat actors continuing to embrace such tactics.
Refer to The Phishing & Impersonation Protection Handbook for strategies that businesses and individuals can implement.
Nevertheless, enterprises can foresee rises in attacks in reaction to specific developments or (in the case of recurrent phishing campaigns) seasonal periods and take steps to mitigate the risks.
For example, they can educate staff and customers to exercise extra caution when engaging with content related to a prevailing event.
While AI and PhaaS have simplified phishing, both enterprises and individuals can defend against these threats. By comprehending the tactics utilized by threat actors and deploying efficient security measures, the likelihood of falling prey to phishing attacks can be diminished.
About Author
