AI Fraud Advancement, Microsoft Leads Phishing, HR Phishing Trends – Cybersecurity News [24 July 2023]

Listen to this blog post below

 

Stay informed and secure with this comprehensive Weekly Cybersecurity News, bringing you the latest insights and updates to enhance your phishing protection.

 

Advanced AI Fraud Tool Released for Sophisticated Attacks

Malicious actors have introduced a new AI tool, FraudGPT, following the footsteps of WormGPT, to aid in offensive activities such as crafting spear phishing emails and creating malicious tools. 

The Fake ChatGPT scam has been advertised on dark web marketplaces and Telegram channels, with a monthly subscription cost of $200. It boasts various capabilities, including writing malicious code, creating undetectable malware, and identifying vulnerabilities.

Over 3,000 confirmed sales and reviews have been reported, but the LLM (Large Language Model) used for its development remains unknown. This emergence of AI-based malicious digital tools poses a significant threat, facilitating phishing and business email compromise attacks at scale, potentially leading to data theft and unauthorized wire payments.

Organizations must adopt in-depth defense strategies and leverage security for fast analytics to counter such fake ChatGPT scams.

 

Microsoft Tops Phishing Scam List in Q2 2023

In Q2 2023, leading tech organization Microsoft topped the list of most targeted brands for phishing scams, as reported by Check Point Research in their latest Brand Phishing Report. Notably, the top three spots were occupied by technology giants, with Google and Apple closely following Microsoft.

The technology sector experienced the highest number of impersonations, with banking and social media networks being heavily targeted by threat actors. For instance, Wells Fargo secured the fourth position due to malicious emails requesting sensitive account information. Prominent brands like Walmart and LinkedIn were among the top ten impersonated entities.

 

Advanced impersonation categories

Image sourced from tessian.com

 

Omer Dembinsky, the Data Group Manager at Check Point Software, highlighted the unchanging tactics employed by malicious actors in flooding inboxes with deceptive emails. He urged individuals to stay vigilant and be cautious of suspicious emails that may lead to phishing attacks.

Phishing campaigns imitate the official websites of well-known brands, tricking users with similar domain names and web page designs. The phishing news emphasizes the need for individuals and organizations to adopt proactive measures to safeguard against brand phishing attempts.

 

HR-Related Email Subjects Increasingly Used as per KnowBe4 Phishing Test Findings

KnowBe4’s Q2 2023 phishing report reveals a concerning trend: HR-related email subjects account for 50% of the top-clicked phishing attempts. 

Threat actors exploit users’ emotions to trick them into clicking malicious links or attachments, causing distress or excitement. As per the phishing test results, holiday-related subjects were also used as bait, with HR-themed incentives referencing national holidays like the 4th of July.

These tactics aim to exploit employee trust and prompt hasty actions that can lead to disastrous outcomes for organizations. Stu Sjouwerman, CEO of KnowBe4, emphasizes the need for new-school security awareness training to combat these sophisticated phishing tactics, as an educated workforce is the best defense against cyber attacks.

With Kevin Mitnick, KnowBe4’s Chief Hacking Officer, contributing his expertise in designing the training, the platform remains vital in fostering and maintaining an organization’s strong security culture.

 

Social Media Platform Faces Influx of Deceptive AI Services, Posing Malware Risks

Threat actors use Facebook to impersonate well-known generative AI brands like ChatGPT, Google Bard, Midjourney, and Jasper. 

Unsuspecting users are being lured into downloading content from these fake pages and ads, unwittingly exposing themselves to malware. The malware is designed with the capability to steal passwords, crypto wallets, and browser data. The fraudulent pages attract users by offering new services and enhanced versions of AI applications.

 

 

Fake posts and groups gain traction as users like, comment on, and share the content, propagating the scam further. The threat actors behind these scams create pages with numerous followers, comments, and likes to pretend to be authentic. These incidents reveal a growing trend of using AI-based solutions to propagate info stealers.

To identify phishing attacks, individuals should verify sender email addresses, scrutinize website domains for misspellings, avoid downloading software from untrusted sources, and verify links before clicking.