According to findings by Egress, in the year 2023, nearly 94 percent of organizations experienced the repercussions of phishing attacks, marking a 40 percent surge from the previous year.
The rise in phishing activity can be attributed to the adoption of AI, especially generative AI. This technology streamlines the process for threat actors to create deceptive content for phishing endeavors, such as fraudulent emails and, in more advanced scenarios, deepfake videos. Moreover, AI aids in concocting the malware frequently embedded by threat actors on their victims’ systems as part of phishing campaigns, as explored in a write-up on malware creation using AI.
Adopting Phishing as a Service (PhaaS), a concept highlighted in discussions like an article covering PhaaS and AI, has been instrumental in the current proliferation of phishing threats. With PhaaS, malevolent entities can enlist proficient attackers to execute phishing campaigns on their behalf, making it effortless for individuals with motives to launch phishing attacks with ease.
Phishing’s Enhanced Adaptability
Unveiling the reasons behind the surge in phishing involves delving into how threat actors leverage AI and PhaaS to engage in novel approaches, particularly by swiftly responding to evolving situations.
Previously, creating phishing content manually (instead of using generative AI) was a laborious task, impeding threat actors from capitalizing on unforeseen events swiftly for impactful campaigns. Similarly, lacking PhaaS solutions hindered groups aiming to conduct phishing attacks against an entity, as initiating an attack was not a simple process. Recent advancements, however, indicate a shift in this paradigm.
Discover emerging phishing and impersonation strategies in The Phishing & Impersonation Protection Handbook
Phishing Attacks Aligned with Shifting Events
Phishing tends to seize upon ongoing incidents globally to exploit the excitement or apprehension surrounding these occurrences, especially with evolving events like the CrowdStrike “Blue Screen of Death” (BSOD).
Phishing Post the CrowdStrike BSOD Situation
During a mishap involving a faulty update by cybersecurity firm CrowdStrike on July 19, causing Windows machines to malfunction and present the notorious Blue Screen of Death (BSOD), threat actors promptly began launching phishing efforts. Despite CrowdStrike rectifying the issue swiftly, cyber malevolents initiated phishing campaigns aimed at those seeking resolutions to the problem. Following the incident, Cyberint identified 17 typo-squatting domains linked to the event, with some domains even soliciting donations through PayPal under the guise of aiding those affected. A meticulous investigation traced the donation page to a software engineer named Aliaksandr Skuratovich, who advertised the website on LinkedIn.
Several fraudulent attempts were employed to amass donations for a fix that was already provided by another entity, with certain typosquatted domains demanding payments, reaching up to 1,000 euros, for a solution available at no cost from CrowdStrike. While the domains were eventually taken down, several organizations had already fallen prey to these schemes. Cyberint’s scrutiny revealed that the crypto wallet associated with the scam accumulated approximately 10,000 euros.
Phishing Attacks Adapting to Prearranged Occurrences
Unlike spontaneous events, attacks concerning planned events often manifest a wider range of intricate tactics. Threat actors have enough time to strategize compared to the immediacy necessitated by unforeseen scenarios like the CrowdStrike episode.
Phishing Incidents Surrounding the Olympics
Malicious campaigns linked to the 2024 Paris Olympics underscore the adeptness of threat actors in orchestrating elaborate schemes tied to current incidents. For instance, Cyberint encountered deceptive emails purporting that recipients had secured Olympic tickets and were required to remit a nominal fee for delivery.
If individuals provided their financial details to complete the payment, the attackers exploited this information to pose as victims and conduct unauthorized transactions using their accounts.
Regarding a case of phishing related to the Olympics, in March 2024 threat actors set up a sophisticated website pretending to sell tickets. However, the website turned out to be a fraudulent operation.
Despite being a new site without a strong reputation based on its history, the website managed to rank high in Google searches. This increased the chances of individuals seeking Olympics tickets online falling for the scam.
Phishing and soccer
Similar incidents unfolded during the UEFA Euro 2024 soccer tournament. Notably, threat actors launched fake mobile applications posing as the UEFA, the organization behind the event. The applications utilized the official name and logo of the association, making them appear legitimate to unsuspecting users.
It’s important to note that these applications were not available on mainstream app stores like those operated by Apple or Google, which typically detect and remove malicious apps. Instead, they were found on unregulated third-party platforms, making it challenging for consumers to identify them – especially since many mobile devices lack safeguards to prevent the download of harmful software from such sources.
Phishing and repetitive occurrences
In cases of recurring events, phishers exploit the circumstances to orchestrate potent attacks.
For instance, schemes involving gift card fraud, fake invoices, and deceptive order confirmations see a surge during the festive season. During this time, phishing attempts increase, aiming to deceive victims into applying for fictitious seasonal job postings as a means to gather personal details.
The holiday season presents an ideal environment for phishing due to heightened online shopping activities, attractive promotions, and an influx of marketing emails. Scammers exploit these factors, resulting in substantial financial and reputational harm to businesses.
Timing is crucial in phishing scenarios
Unfortunately, the prevalence of AI and PhaaS has made phishing more accessible, and we should anticipate malicious actors continuing to leverage these tactics.
Refer to The Phishing & Impersonation Protection Handbook​ for strategies that businesses and individuals can implement.
Businesses can, however, expect spikes in attack volumes in response to specific events, or during peak periods (such as recurring phishing campaigns), and take appropriate measures to minimize risks.
For instance, educating employees and consumers to exercise caution when engaging with content related to current happenings can help counter potential threats.
While AI and PhaaS have simplified phishing techniques, businesses and individuals can still shield themselves from such threats by understanding threat actors’ methods and deploying robust security measures, reducing susceptibility to phishing attempts.
About Author
