A new cyber fraud scheme trend includes a personalised message to the target, with specific details making it appear credible.
This trend is composed of elements of spear phishing being used in bulk campaigns.
Kaspersky experts say traditional bulk phishing emails target large audiences with generic messages, usually filled with typos.
Roman Dedenok from Kaspersky says spear phishing targets people with emails that look similar and have content of legitimate communications from trusted entities. The content of the emails is made up to avoid detection by security filters, and often contain no technical errors.
“Mass phishing campaigns meanwhile cast a wide net, sending generalised messages to large lists of email addresses lacking personalisation and often contain mistakes and poor design.”
An HR phishing email message using ghost spoofing: the sender’s name contains the HR team’s email address, lending an air of authenticity to the email. Picture: Supplied.
ALSO READ: How to protect yourself from password leaks
In late 2023, an HR phishing email, which had the recipient’s name and referenced their company’s name, made it seem legit. “Yet the linked phishing form was a generic fake Outlook sign-in, a typical sign of mass phishing.”
Dedenok says there was a campaign where a real corporate email address appeared in the sender’s name without modifying the actual domain. “This technique, usually reserved for targeted attacks, was used in mass phishing, adding an air of authenticity, but leading to a generic phishing form upon clicking the link.”
The number of mixed phishing emails, March-May, 2024. Picture: Supplied.
ALSO READ: Firewall fiasco: Half of SMEs hit by cyber security incident in past year
He says there has been an increase in hybrid phishing emails between March and May 2024. This could suggest that these cybercriminals are leveraging advanced technologies to reduce the cost and effort of personalising mass attacks.
“AI-powered tools can now create convincing email content, fix typos, and enhance the design, making these mixed attacks more effective and harder to detect.”
Dedenok says cybercriminals are increasingly adopting new cyber fraud methods and technologies in their bulk campaigns, leading to more personalised emails and an expanding range of spoofing technologies and tactics.
Download our app and read this and other great stories on the move. Available for Android and iOS.