In January 2023, cybercriminals used 3 new methods for phishing consumers

According to a recent research, in January 2023, cybercriminals were apparently using three new creative techniques, including the exploitation of online translation, the insertion of unusual characters, and image-only emails.

According to IT security company Barracuda Networks, while the overall number of attacks utilizing these techniques is currently low (with each technique accounting for less than 1% of attempted phishing attacks), they are pervasive and were affecting between 11% and 15% of organizations, frequently with multiple attacks.

Barracuda Networks India's National Manager, Parag Khurana, said: "Cybercriminals continue to refine their phishing techniques since cyberattacks have increased drastically in India in recent years in order to catch naive receivers and escape being detected and banned. The most recent AI-enhanced email security is required to secure your organization since it can efficiently evaluate the context, topic, sender, and other factors to identify whether an email that seems innocent is really a well-covert assault."

According to the research, the first approach is leveraging online URLs for Google Translate.

To prevent Google from translating the site, the attacker utilizes HTML pages that are badly formatted or a language that is not supported. Google has further reacted, noting that it is unable to translate the underlying webpage and provided a link to the original Address.

When a recipient clicks on the URL link that the attackers had placed in an email, they are sent to a bogus phishing website that seems legitimate but is really one that the attackers control.

The second strategy includes spammers utilizing image-based assaults to trick users. According to analysts, attackers are increasingly using just pictures in their phishing schemes rather than words.

These pictures, which might seem like phony invoices or other forms, include a link or a callback number that, when called, takes the user to phishing.

The lack of content in these assaults makes it difficult for regular email security to identify them, according to IANS.

According to data, around one in ten (11%) organizations were the victim of this sort of phishing email in January 2023, with each getting an average of two of these emails each month.

The third method includes hiding your identity by utilizing unusual characters such as punctuation, non-Latin script, zero-width Unicode code points, or whitespace.

This strategy is also used in "typo-squatting" web address assaults, which spoof legitimate websites but use a tiny misspelling as their web address.

The receiver may see the special characters when they are used in phishing emails, however.

Due to the fact that special characters might be used for legal reasons, such as email signatures, the research said that such attacks can be difficult to identify.

In January 2023, more than one in seven (15%) organizations reported getting phishing emails that do this with special characters, with each organization reporting receiving on average four such emails each month.