Author: Laura-Jane Hatcher

Despite being one of the oldest types of cyberattacks, phishing remains among the most prevalent and dangerous cybersecurity threats to organizations worldwide, accounting for 36% all successful data breaches in 2022. That number is likely to rise in 2023, as recent reports show phishing attacks are up by a staggering 102% in the year’s first quarter alone.

Organizations must now contend with more than a tidal wave of phishing emails. Armed with ChatGPT and readily accessible AI tools, cybercriminals are crafting more sophisticated scams that are connected to ever more realistic websites intent on luring the unsuspecting into submitting their Personally Identifiable Information (PII).

The best defense? Awareness. It’s now more important than ever to stay up to date on the latest email scams circling the digital space.

Let’s look at the top three phishing threats we’ve seen in 2023.

Sophisticated Brand Spoofing

Phishing emails that imitate legitimate brands like Microsoft or Amazon are nothing new. In 2022, 30 million phishing messages illegally used the branding of a Microsoft product (such as Office or OneDrive) to deceive individuals. 6.5 million phishing emails tied to Amazon were also sent last year.

Photo by Vade Secure

What is new is the worrying level of authenticity these emails now employ. With the assistance of ChatGPT, cybercriminals are better able to mimic a company’s voice with fewer grammatical and spelling errors, once a hallmark of identifying a suspected phishing email.

On top of that, threat actors are now spoofing the very tactics used to thwart them, as was the case with one alarming phishing campaign masquerading as a Microsoft 365 Password Expiration notice.

This phishing email, first discovered by email security giant Vade Secure in March 2023, used both YouTube attribution links and a Cloudflare Captcha. Not only did this provide a level of authenticity to the Microsoft 365 password reset process, but it also allowed the campaign to bypass email gateways whitelisting the platform.

Legitimate Emails, Malicious Links

Another alarming trend appears at first glance like a refined form of spoofing. But what makes this phishing attack so sinister, is that it doesn’t just look like the real thing, it is—or rather the email itself is.

In this method, which has seen a startling rise in popularity in recent months, attackers use genuine services from productivity suites like Google Workspace and Microsoft 365 to prompt victims to receive a legitimate email notification carrying a malicious link.

Photo Kaspersky Daily

This has been widely seen in Google Docs, where threat actors simply create a Google document and then turn comments on. There, the phishing message is drafted, the malicious link added, and the target is mentioned via the @ feature, triggering an automatic email. The recipient will then receive a notification that displays both the comment and the fraudulent link. Because the alert is from a legitimate source, it slips through most email security systems.

Though this form of phishing may predominantly be used in Google Docs, Microsoft 365’s SharePoint is also becoming a popular vehicle through which hackers can extract PII. Because SharePoint allows any file on a private server to be shared with any external recipient, threat actors may freely utilize the automatic email notification to send links to a legitimate SharePoint which hides an dangerous link or documents.

File Archiver in the Browser

One of the most frightening new phishing threats comes in the form of a dangerously accurate mimicry of a file archiver software service like WinRAR.  

Using HTML, CSS and Google’s newly rolled out .ZIP domains, cybercriminals can create an extremely realistic phishing landing page that looks as though it’s the legitimate file archive software, made complete with the downloaded file.

Photo by Ravie Lakshmanan on Hacker News

Not only this, but security researchers warn this campaign is so sophisticated, the process of ‘unzipping’ the malicious file can be simulated and even searched in the Windows File Explorer if the file name corresponds with an existing .ZIP domain. This could see malware or ransomware easily embedded undetected onto a victim’s computer.

Constant Vigilance

The landscape of the digital world is as ever changing as the threats facing it. Just as the advent of new technological tools and software improves our productivity and livelihoods, so does it too for cybercriminals. Awareness and education are now paramount in protecting the cybersecurity posture for you and your teams.   

Feeling overwhelmed? Don’t be. VENZA and CyberTek are here to help. Cybersecurity is complex, but in partnership with us, your company can get started in as little as one month. Get a live demonstration today by contacting our Customer Success  team.

Ready to elevate your game? Contact Sales to discuss signing up for our programs or adding new solutions to your contract. 

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.