Security News

Amid all of the buzz around ChatGPT and other artificial intelligence apps, cybercriminals have already started using AI to generate phishing emails. In the end, human-generated phishing mails caught more victims than did those created by ChatGPT. Specifically, the rate in which users fell for the human-generated messages was 4.2%, while the rate for the AI-generated ones was 2.9%. That means the human social engineers outperformed ChatGPT by around 69%. One positive outcome from the study is that security training can prove effective at thwarting phishing attacks.

Today, phishing is the fastest growing Internet crime, and a threat to both consumers and businesses. Finance, technology, and telecom brands were the most commonly impersonated industries, notably for the unprecedented access and financial benefit that bank accounts, email and social media, and phone companies can give attackers, according to Cloudflare.

An open source adversary-in-the-middle phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. DEV-1101, per the tech giant, is said to be the party behind several phishing kits that can be purchased or rented by other criminal actors, thereby reducing the effort and resources required to launch a phishing campaign.

Researchers with cybersecurity firms Codefense and Cryptolaemus, which track Emotet activity, both reported a sudden startup in the spamming from the botnet. Emotet started life almost a decade ago as a banking trojan, but it soon evolved into a malware delivered through spear-phishing campaigns, including emails that contain malicious Microsoft Word and Excel attachments.

92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, according to Egress. "The growing sophistication of phishing emails is a major threat to organizations and needs to be urgently addressed," said Jack Chapman, VP of Threat Intelligence, Egress.

An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets. Using a hardware wallet like Trezor adds protection from malware and compromised devices, as the wallet is not meant to be connected to your PC. When setting up a new Trezor wallet, users are given a 12 or 24-word recovery seed that can be used to recover a wallet if a device is stolen, lost, or malfunctions.

According to the cyber intelligence report from Agari, hybrid phishing attacks have increased by 625%. One of the most damaging is callback phishing - also often known as a TOAD. First appearing in the wild in March 2021 as BazarCall, the attacks were mounted to install ransomware on corporate networks. Low levels of cybersecurity awareness can be the root cause of successful cyberattacks, especially attacks such as Callback phishing.

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report.

Spain's National Police and the U.S. Secret Service have dismantled a Madrid-based international cybercrime ring comprised of nine members who stole over €5,000,000 from individuals and North American companies. The cybercrime gang specializes in online scams, employing social engineering, phishing, and smishing to collect sensitive victim details and then use that information to commit financial fraud.

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet's secret recovery phrase. The emails look like they were sent by Namecheap, prompting recipients to complain to the company, which then started an investigation and soon after reacted by stopping all the emails.