INKY has revealed its annual report on electronic mail safety, discovering that phishing accounted for 30% of all reported cybercrimes final 12 months.
“Phishing threats grew in each quantity and class, introducing new assault vectors like QR codes, cross-site scripting, and weaponized file varieties (e.g., RTF and DOT),” the report says.
“Cybercriminals additionally more and more exploited trusted companies similar to DocuSign and PayPal, underscoring the pressing want for adaptive, strong safety options.”
Menace actors proceed to make use of QR codes as an alternative choice to text-based phishing hyperlinks. Curiously, as electronic mail safety options have tailored to test for photos containing malicious QR codes, attackers have begun utilizing Unicode characters to manually assemble QR codes from black and white squares. A telephone’s digicam will nonetheless acknowledge this as a QR code, however an electronic mail filter will merely see a desk of textual content characters.
The researchers additionally noticed a rise in phishing assaults that used URL encoding to hide malicious hyperlinks.
“URL encoding converts characters right into a format that may be transmitted over the Web,” INKY explains. “This encoding replaces unsafe ASCII characters with a ‘%’ adopted by two hexadecimal digits. Areas are changed by ‘+’, and particular characters like ‘<’, ‘>’, ‘/’, and others are changed by their respective hexadecimal codes. Then, to the delight of cybercriminals in all places, internet browsers will robotically decode the obfuscated strings again into ASCII.”
Moreover, attackers are abusing respectable notifications from companies similar to Adobe to insert phishing messages.
“On the lookout for the tell-tale indicators of a phishing electronic mail is one thing many people have come to do robotically,” the report says. “Nonetheless, issues get a lot trickier when the phishing emails come within the type of respectable Adobe notifications, have been authenticated (SPF & DMARC) by adobe.com, and use precise Fixed Contact instruments.”
KnowBe4 empowers your workforce to make smarter safety choices every single day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
INKY has the story.
