Why has there been a sudden surge in phishing attacks in the Gulf region?

Cybercriminals are exploiting the fear and uncertainty surrounding the conflict in Iran and the wider Middle East. Following the US-Israeli strikes on February 28th, researchers observed a 130% spike in malicious emails. Attackers are using the regional instability and shipping disruptions as "social engineering" lures to trick people into acting quickly without thinking.

What kind of email lures are attackers currently using?

While the attacks are linked to the geopolitical situation, the emails often look like standard business communications. Common lures include fake invoices, contracts, banking documents, and delivery notifications. These are designed to exploit business disruptions and pressure employees into opening attachments or clicking links to "resolve" urgent issues.

What are the best practices for defending against social engineering tactics?

To defend against sophisticated social engineering campaigns, you should treat all unexpected business emails—especially those containing .zip, .rar, or .hta attachments—with high suspicion. Always hover over links to inspect the true destination before clicking, and never let "urgent" language pressure you into bypassing security protocols. Most importantly, verify any financial or legal request through a secondary, trusted channel, such as a known phone number or official company portal, rather than replying to the email.

Phishing Campaign Targets Japanese Firms During Tax Season

A criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET.

“The ongoing campaign uses convincing phishing lures related to tax compliance violations, salary adjustments, job position changes, and employee stock ownership plans,” ESET says. “All emails share the same goal – trick the recipients into opening malicious links or attachments. As employees actually expect to receive emails about these subjects this time of year, they’re more likely to trust and act on such messages without a second thought. Needless to say, this significantly increases the risk of compromise.”

Notably, the threat actor researches its targets before launching the attacks in order to tailor the phishing messages to each potential victim.

“The sender fields impersonate real employees and even CEOs at the targeted companies,” ESET writes. “Silver Fox is clearly doing some reconnaissance on each target before sending what aren’t generic blasts. The attackers are picking names that the targets are likely to recognize and trust, which makes it more difficult for the recipients to distinguish the malicious messages from real internal notifications. The emails typically contain either a malicious attachment or a link leading to a malicious file. The files are named to resemble common HR, financial, or tax-related documents.”

ESET concludes, “The operation is also a reminder for organizations to increase vigilance, reinforce awareness around phishing attempts, and ensure that employees verify the authenticity of tax‑ and HR‑themed requests – including those that look routine. Immediate reporting of suspicious emails to security teams is essential to reduce exposure and prevent successful compromise.”

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

ESET has the story: A cunning predator: How Silver Fox preys on Japanese firms this tax season

FAQs

What is the "Silver Fox" phishing campaign?

Silver Fox is a targeted phishing operation that exploits the Japanese tax season to compromise corporate networks. The attackers use highly convincing lures related to tax compliance, salary adjustments, and employee stock ownership plans to trick victims into clicking malicious links or downloading dangerous attachments.

How does the Silver Fox threat actor make their emails look authentic?

The attackers conduct detailed reconnaissance on their targets before sending emails. Instead of generic blasts, they impersonate specific individuals within the target company, including CEOs and HR staff. By using recognizable names and professional formatting, they make it difficult for employees to distinguish the malicious messages from legitimate internal notifications.

How can organizations protect themselves from these tax-themed attacks?

Organizations should increase employee vigilance through security awareness training and encourage staff to verify the authenticity of any tax or HR-themed requests, even if they appear routine. It is also critical to establish a clear protocol for employees to report suspicious emails to their security teams immediately to prevent a successful compromise.

Security Awareness Training Blog

Phishing Campaign Targets Japanese Firms During Tax Season

FAQs

What is the "Silver Fox" phishing campaign?

How does the Silver Fox threat actor make their emails look authentic?

How can organizations protect themselves from these tax-themed attacks?

See KnowBe4 Defend™ in Action

ABOUT KNOWBE4 TEAM

Subscribe to Our Blog

Posts By Topic

Get the latest insights, trends and security news. Subscribe to CyberheistNews.

Get the latest insights, trends and security news. Subscribe to CyberheistNews.