Cybercriminals are increasingly using sophisticated social engineering techniques and new types of fraud to trick online users, according to a study by Positive Technologies. Social engineering preys on victims' emotional vulnerabilities and trusting natures, with 92% of respondents and 37% of attack groups concerned about this. In Q3 2023, attackers targeted individuals through social networking sites (19%), instant messaging platforms (16%), and email (27%). Global statistics show that cybercriminals are increasingly using attachments with the.pdf extension to bypass email security systems, hiding malicious links within PDF files under QR codes.
Phishing attacks have been carried out by cybercriminals using platforms that provide the means to do so. One such service, EvilProxy, launched a global campaign against the upper echelons of over a hundred companies, with 65% of the victims being executives. A new fraudulent scheme was identified at a bank in South Korea, using the Letscall toolkit, which employs both phishing websites and voice fraud (vishing) in its arsenal of deception techniques.
Cybersecurity professionals advise always exercising caution online and never downloading files or opening links from unknown senders. They also foresee a rise in attacks that use neural networks, which are steadily growing the attackers' toolkit. One such malicious application is WormGPT, a generative neural network for phishing and BEC attacks based on the publicly available JPT-J language model. It allows even a novice attacker to carry out sustained attacks that allow for meaningful correspondence in any language and automate the creation of convincing fake emails.