Gmail is the scene of an explosion of cyberattacks. Faced with the resurgence of phishing attacks, the FBI has spoken out to warn the 2.5 billion users of the email service. In a reaction relayed by Forbes, the American federal police warns Internet users that they could "receive an email appearing to come from a legitimate company, asking you to update or verify your personal information by replying to it or visiting a website".
To achieve their goals, hackers continue to make extensive use of identity theft. In particular, they can pretend to be Google's support service, as was the case during an ultra-sophisticated cyberattack that occurred last month. The offensive has even forced Google to review its defense mechanisms against phishing.
Sophisticated and convincing phishing emails
The Federal Bureau of Investigation points out that phishing emails have become particularly convincing. Armed with generative AI, cybercriminals can write a perfect email, "convincing enough to get you to take the requested action". These sophisticated phishing attacks are more likely to result in the theft of personal data or banking details.
Thanks to artificial intelligence, hackers are increasingly able to bypass the security filters put in place by Google. These filters are supposed to block dangerous emails, and thus prevent the user from coming across them. As a Hoxhunt report indicates, there has been a 49% increase in phishing attacks that bypass filters since the beginning of 2022. According to Pyry Åvist, Hoxhunt’s CTO, “AI is being leveraged by cybercriminals to usher in a new era of social engineering tactics.”
Phishing is child’s play
With just $5, malicious campaigns can be created using AI. Cybercriminals can design fraudulent sites with just a few clicks. Then, the hackers just have to convince the target to click on the site. Asked by Forbes, Adrianus Warmenhoven, security expert at Nord Security, specifies "phishing is easier than assembling flat-pack furniture":
With AI, it is indeed possible to clone an official website in a few minutes. To "build convincing copies of trusted websites where you could lead your victim", there is no need to know how to code... Furthermore, a study by Cyble Research and Intelligence Labs shows that it is easy to develop deceptive links, which relay to a malicious site, while appearing to be harmless sites. With kits available on black markets, cybercriminals can even spoof a company’s domain name.
In this context, the FBI recommends never clicking “on anything in an unsolicited email or text message.” Finally, keep in mind that “companies generally do not contact you to ask for your username or password.”
Source: Forbes
0 Comments