Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing Attacks Are Exploiting the War in Iran

    KnowBe4 Team | Apr 3, 2026

    Criminal threat actors are taking advantage of the fear and uncertainty surrounding the conflict in the Middle East, according to researchers at Bitdefender. The researchers observed a 130% spike in phishing emails targeting Gulf countries following the first US-Israeli strikes on Iran on February 28th.

    “After Feb. 28, phishing and malware emails targeting Gulf countries surged and stayed elevated,” the researchers write. “Within days, activity doubled, and at peak reached nearly four times the baseline levels, signaling a sustained and coordinated spike rather than a one-off campaign. This clearly suggests that phishing and malware delivery campaigns are being deployed and adjusted in real time, with attackers capitalizing on heightened regional sensitivity and business disruptions.”

    While state-sponsored threat actors are conducting phishing campaigns in the region, Bitdefender believes much of this surge is driven by financially motivated attackers. Criminals frequently exploit world events to launch social engineering attacks designed to make people act quickly. In this case, many of the attacks are using business-themed lures such as invoices, contracts, banking documents, and delivery notifications, which take advantage of shipping disruptions across the region.

    Bitdefender outlines the following best practices to help users avoid falling for social engineering attacks:

    • Careful with unexpected attachments. Even if an email looks business-related (invoice, contract, shipment), treat attachments with suspicion, especially if you weren’t expecting them. When in doubt, confirm with the sender through a separate, trusted channel.
    • Don’t trust file types at face value. Not all threats come as obvious .exe files. In these campaigns, malware was hidden in formats like .eml, .jar, .rar, and .hta. If you’re not sure what a file does, don’t open it.
    • Avoid opening compressed archives from unknown sources. Files delivered in .zip or .rar archives are commonly used to bypass filters and hide malicious payloads. These should always raise an extra layer of caution.
    • Watch for urgency and pressure tactics. Messages that push you to act quickly (verify an account, release a payment, review a document ‘immediately’) are designed to override your judgment. Take a moment to verify before clicking anything.
    • Check links before clicking. Hover over buttons or links to inspect the actual destination. If the domain looks unfamiliar, misspelled, or unrelated to the supposed sender, don’t proceed.
    • Verify financial and legal requests independently. If an email involves money, contracts, or sensitive data, confirm it through official channels: call the company, use a known contact, or log in to your account directly instead of using email links.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Bitdefender has the story

    FAQs

    Why has there been a sudden surge in phishing attacks in the Gulf region?

    Cybercriminals are exploiting the fear and uncertainty surrounding the conflict in Iran and the wider Middle East. Following the US-Israeli strikes on February 28th, researchers observed a 130% spike in malicious emails. Attackers are using the regional instability and shipping disruptions as "social engineering" lures to trick people into acting quickly without thinking.

    What kind of email lures are attackers currently using?

    While the attacks are linked to the geopolitical situation, the emails often look like standard business communications. Common lures include fake invoices, contracts, banking documents, and delivery notifications. These are designed to exploit business disruptions and pressure employees into opening attachments or clicking links to "resolve" urgent issues.

    What are the best practices for defending against social engineering tactics?

    To defend against sophisticated social engineering campaigns, you should treat all unexpected business emails—especially those containing .zip, .rar, or .hta attachments—with high suspicion. Always hover over links to inspect the true destination before clicking, and never let "urgent" language pressure you into bypassing security protocols. Most importantly, verify any financial or legal request through a secondary, trusted channel, such as a known phone number or official company portal, rather than replying to the email.

     

    Return To KnowBe4 Security Blog

    See KnowBe4 Cloud Email Security in Action

    Request a personalized demo today to see how KnowBe4's Cloud Email Security products will enhance your email security.

    Request a Demo

    Topics: Phishing, Cybercrime

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    We Train Humans and AI Agents. Socially engineered or prompt engineered? It's all human risk. Learn more

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.