One of the main factors behind the surge in phishing is the advent of generative AI
In 2023, a staggering 94 percent of businesses experienced phishing attacks, marking a 40 percent increase from the previous year, according to research from Egress. This dramatic rise highlights a significant shift in the cyber threat landscape, with AI and Phishing as a Service (PhaaS) at the forefront of these changes.
One of the main factors behind the surge in phishing is the advent of generative AI. This technology has made it easier for cybercriminals to craft sophisticated phishing content, such as malicious emails and, in more advanced cases, deepfake videos. AI can also assist in writing the malware that threat actors often plant on their victims’ computers and servers as part of phishing campaigns. With AI, attackers can quickly adapt and respond to new events, enabling them to launch high-impact phishing campaigns with greater ease.
Phishing as a Service, or PhaaS, is another development contributing to the rise in phishing threats. PhaaS platforms allow malicious parties to hire skilled attackers to execute phishing campaigns on their behalf. This service model makes it easy for anyone with a grudge or a desire to extract money from unsuspecting victims to launch phishing attacks without needing technical expertise.
The true extent of the surge in phishing can be understood by analyzing how threat actors use AI and PhaaS to operate in new ways. In the past, creating phishing content manually was time-consuming, making it difficult for attackers to capitalize on unexpected events quickly. However, with the help of AI and PhaaS, phishing has become more agile. Threat actors can now respond swiftly to changing events, enabling them to launch targeted attacks in response to specific incidents.
Phishing campaigns often exploit current events to tap into the excitement or fear surrounding them. A notable example is the CrowdStrike “Blue Screen of Death” (BSOD) incident. On July 19, 2023, cybersecurity vendor CrowdStrike issued a buggy update that caused Windows machines to display the Blue Screen of Death, preventing them from booting properly. Although CrowdStrike quickly fixed the issue, threat actors seized the opportunity to launch phishing campaigns targeting individuals and businesses seeking a resolution.
Within the first day of the CrowdStrike incident, Cyberint detected 17 typo-squatting domains related to the issue. Some of these domains shared CrowdStrike’s workaround fix and solicited donations via PayPal. Cyberint traced one such donation page to a software engineer named Aliaksandr Skuratovich, who even posted the website on his LinkedIn page. Other domains offered the fix, which CrowdStrike provided for free, in exchange for payments of up to 1,000 euros. Although these domains were eventually taken down, they had already collected around 10,000 euros from unsuspecting victims.
Phishing attacks linked to planned events, such as the 2024 Olympics in Paris, showcase how threat actors can execute more effective campaigns by tying them to current events. For example, Cyberint detected phishing emails claiming that recipients had won tickets to the Games and needed to make a small payment to cover the delivery fee. However, attackers used the provided financial information to impersonate victims and make unauthorized purchases.
In another instance, threat actors created a professional-looking website claiming to offer Olympics tickets for sale. Although the site was not very old and lacked strong authority, it ranked near the top of Google searches, increasing the likelihood that people searching for Olympics tickets online would fall for the ruse.
Similar phishing attacks occurred during the UEFA Euro 2024 football championship. Threat actors launched fraudulent mobile apps impersonating UEFA, the event’s organizing body. These apps, which used the organization’s official name and logo, appeared legitimate to many users. Although these apps were not hosted in the official app stores run by Apple or Google, they were available through unregulated third-party app stores, making them harder to detect and remove.
Phishers also exploit recurring events to launch powerful attacks. For instance, gift card fraud, non-payment scams, and fake order receipts surge during the holiday season. Phishing scams that lure victims into applying for fake seasonal jobs to collect personal information also spike during this time.
The holiday season creates a perfect storm for phishing due to the rise in online shopping, attractive deals, and a flood of promotional emails. Scammers exploit these factors, leading to significant financial and reputational damage for businesses.
While AI and PhaaS have made phishing easier, businesses and individuals can still defend against these threats. By understanding the tactics used by threat actors and implementing effective security measures, the risk of falling victim to phishing attacks can be reduced. Educating employees and consumers to be extra cautious when responding to content associated with current events is a crucial step in mitigating the risk.
As threat actors continue to adopt these strategies, it’s essential for businesses to anticipate spikes in attacks in response to specific developments or times of the year. By staying vigilant and proactive, organizations can better protect themselves and their stakeholders from the ever-evolving threat of phishing.
