In the dynamic landscape of cyber-attacks, about 90% of successful infiltration started with phishing emails. This rate is unsurprising considering that over 960 thousand unique phishing sites have been detected during the first quarter of 2024. All these are topped off with the fact that artificial intelligence or AI is now being used by these cyber criminals to elevate their tactics. Even after shutting down a PhaaS or Phishing as a service operation, even Interpol conceded that cyber-attacks like phishing are “borderless and virtual in nature”. Hence NYC cybersecurity companies continue to update and warn business owners about the various tactics used by hackers.
Generative AI is now being implored by threat actors. This includes creating realistic emails, fraudulent websites as well as deepfake videos. Furthermore, NYC cybersecurity companies add that AI is also being used to create malware that gets planted into the users’ devices.
Phishing as a Service of PhaaS is also another tool to contend with. This is basically the threat actors hiring “professional” phishers to run strategies and operations on their behalf. Because of these “for hire” phishers, anyone with malicious intent can now launch phishing attacks against competition or anyone they have a grudge on.
Before, phishing content was manually created and to do so needed a lot of time and labor. As such, this limits the speed at which scammers could react to sudden changes. However, NYC cybersecurity companies update that phishing has become much more active now that attackers are quickly adapting their tactics to make use of current events. They now use AI and PhaaS which helps scammers to quickly make use of recent or unexpected events to maximize their impact.
Phishers usually ride on shocking news to take advantage of people’s fear or curiosity regarding the matter. For example, CrowdStrike released a buggy update in July 2023 which caused a lot of Windows machines to display the Blue Screen of Death (BSOD). As such, in taking advantage of the situation, 17 domains that are clones of CrowdStrike’s support site were detected within a day. In some of these sites, they falsely claimed to offer a fix for a fee. Thereby tricking users into making payments. Scammers were able to swindle at least 10,000 euros before these domains were shut down following the resolution of the original CrowdStrike issue.
Scammers also take advantage of events that are scheduled ahead of time. Sports related events are among the favorites. The recent Olympics, for example, had its fair share of hackers using phishing schemes. One of the schemes included sending emails about winning tickets to the Olympics. These, allegedly, can be claimed by paying shipping fee. This leads to victims paying the fee plus giving away personal information to the hackers. Another example involved a professionally designed website or fake apps that offer tickets to the Olympics or the Euro 2024 football championship. Using the branching for the event or organizations allows these sites or apps to rank high on google searches or even apps platforms. Hence, increasing the chances of being able to deceive people looking for legitimate tickets. NYC cybersecurity companies caution that concerts, pageants and other events are just as susceptible to these tactics.
With the holidays rolling in monthly succession starting in September, hackers are also gearing up to up their ante. Shopping deals and promotional emails are expected to flood inboxes encouraging expenditure during the holidays. As expected, a good number of these emails may come from illegitimate sources. The aim to get into your company’s system or gather personal and business data. Aside from these, other tactics used are fake job applications, non-payment schemes or gift card frauds. It is therefore important, according to NYC cybersecurity companies, to ensure that you and your staff stay vigilant. This is so as not to become victims of these traps.
For recurring events, business owners can put out warnings for their customers about the expected threat. This may include providing legitimate websites for orders and encouraging them to counter check the sites and apps being used. On the other hand, employee training and reminders on email security are necessary. This must also include safe and easy protocols for reporting any suspected emails coming in.
For AI and PhaaS-backed campaigns, it is best to get help from one of your reliable NYC cybersecurity companies. We at EBSolution can provide you with strong cybersecurity measures to monitor, detect and neutralize threats. Furthermore, we can strengthen your overall cybersecurity posture with the addition of business recovery and data management to ensure business continuity in the event of an attack penetrating your defenses. Share with us your needs and concerns today! We will make sure to provide your business with the best custom-fit solutions.