Cybercriminals were reportedly using three new novel tactics like misuse of web translation, the insertion of special characters and image-only emails in phishing attacks during January 2023, a new report surfaced.
While the overall volume of attacks which were using these tactics is currently low (with each tactic accounting for less than 1 per cent of attempted phishing attacks), they are widespread and was affecting between 11 per cent and 15 per cent of organisations, often with multiple attacks, according to IT security firm Barracuda Networks.
ALSO READ: YouTube TV hikes price of its services to $72.99 per month
Parag Khurana, Country Manager, Barracuda Networks India said, "With cyberattack rising rampantly in India in recent times, cybercriminals continue to develop their phishing approaches to trap unwary recipients and avoid being spotted and blocked. To defend your organisation, one needs the latest AI-enhanced email protection that can effectively inspect the context, subject, sender, and more to determine whether a benign-looking email is in fact a well-disguised attack."
The first tactic reportedly involves using Google Translate web links, the report stated.
The attacker uses poorly-formed HTML pages or a non-supported language to prevent Google from translating the webpage. Google has further responded by providing a link to the original URL stating that it cannot translate the underlying website.
ALSO READ: WhatsApp may limit polls to only 1 choice on the Android beta
The attackers had embedded the URL link in an email, and if a recipient clicks on it, they are taken to an authentic-looking website which is a fake phishing website which was controlled by the attackers.
The second tactic involves the users using image-based attacks by the spammers, and the researchers have found that attackers are now increasingly using images, without any text, in their phishing attacks.
These images, which can be fake forms such as invoices, include a link or a callback phone number that, when followed up, leads to phishing.
ALSO READ: ChatGPT Plus subscription now in India: Know the price and other details
As these attacks do not include any text, traditional email security is use to struggle for detecting them, IANS reported.
Data shows that around one-in-10 (11 per cent) organisations were targeted with this type of phishing email in January 2023, each receiving on average around two such emails during the month.
The third tactic involves using special characters hackers, like zero-width Unicode code points, non-Latin script, spaces, or punctuation to evade detection.
This tactic is also used in "typo-squatting" web address attacks, which use to mimic the genuine site, but with a slight misspelling.
However, when used in a phishing email, the special characters are actually visible to the recipient.
Such attacks can also be difficult to detect because special characters can be used for legitimate purposes, such as in email signatures, the report mentioned.
In January 2023, more than one-in-seven (15 per cent) organisations received phishing emails that use special characters in this way, each receiving on average around four such emails during the month.
Inputs from IANS
