INKY has revealed its annual report on electronic mail safety, discovering that phishing accounted for 30% of all reported cybercrimes final 12 months.
“Phishing threats grew in each quantity and class, introducing new assault vectors like QR codes, cross-site scripting, and weaponized file varieties (e.g., RTF and DOT),” the report says.
“Cybercriminals additionally more and more exploited trusted providers equivalent to DocuSign and PayPal, underscoring the pressing want for adaptive, strong safety options.”
Menace actors proceed to make use of QR codes as a substitute for text-based phishing hyperlinks. Curiously, as electronic mail safety options have tailored to examine for photographs containing malicious QR codes, attackers have begun utilizing Unicode characters to manually assemble QR codes from black and white squares. A cellphone’s digicam will nonetheless acknowledge this as a QR code, however an electronic mail filter will merely see a desk of textual content characters.
The researchers additionally noticed a rise in phishing assaults that used URL encoding to hide malicious hyperlinks.
“URL encoding converts characters right into a format that may be transmitted over the Web,” INKY explains. “This encoding replaces unsafe ASCII characters with a ‘%’ adopted by two hexadecimal digits. Areas are changed by ‘+’, and particular characters like ‘<’, ‘>’, ‘/’, and others are changed by their respective hexadecimal codes. Then, to the delight of cybercriminals all over the place, net browsers will robotically decode the obfuscated strings again into ASCII.”
Moreover, attackers are abusing respectable notifications from providers equivalent to Adobe to insert phishing messages.
“Searching for the tell-tale indicators of a phishing electronic mail is one thing many people have come to do robotically,” the report says. “Nevertheless, issues get a lot trickier when the phishing emails come within the type of respectable Adobe notifications, have been authenticated (SPF & DMARC) by adobe.com, and use precise Fixed Contact instruments.”
KnowBe4 empowers your workforce to make smarter safety selections on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.
INKY has the story.