A report from Trustwave notes that phishing remains one of the most popular and effective techniques for attackers to gain access to organizations.
“Trustwave SpiderLabs consistently finds that phishing is one of the most effective methods attackers use to gain an initial foothold in financial services organizations,” the researchers write.
“However, this method is highly dependent on the quality of the lure, the writing style, and the contextual and grammatical clues given in the phishing email. These issues have often been the weakness of phishing attacks, particularly as security awareness training has continually taught personnel what to look for.”
The researchers note that generative AI tools and large language models (LLMs) are allowing cybercriminals to easily craft convincing social engineering attacks. While legitimate AI tools like ChatGPT attempt to curb malicious use, criminals have created their own versions of these tools designed to create phishing lures and malware.
“The quick maturity and expanded use of LLM technology makes the crafting of phishing emails even easier, more compelling, highly personalized, and harder to detect. Our team regularly encounters and analyzes phishing emails with malicious attachments or links against our financial services clients. We see that as LLM technology progresses, creating these compelling phishing emails will likely be made easier and effective as an attack vector. We’re also seeing an increase in deepfakes as a result of more sophisticated technology.”
Trustwave adds that HTML attachments are the most common malicious attachments delivered via phishing emails, and most of these emails attempt to convey a sense of urgency.
“Our team noted the most common themes of the emails containing these malicious attachments are related to voicemail notifications, payment receipts, purchase orders, remittances, bank deposits, and quotation requests,” the researchers write.
“We have also observed that 24% of the emails with malicious attachments attempted to spoof American Express. DHL is next at 21% and Microsoft in third with 15%.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Trustwave has the story.