Taking Back the ID

Phishers use AI to bypass email security, fake life insurance policy scams and more

Phishing scams never disappeared; they’re just more sophisticated. Also reject letters promising millions from insurance policies. And beware of invoices for COVID-19 tests you never ordered.

If you think businesses and individuals are now immune to phishing attacks, you’re dangerously wrong. A new Cloudflare report says that email is still the primary initial attack vector for cybersecurity incidents. Why? Because despite years of corporate in-house education, we load emails with vast amounts of trade secrets, personally identifiable information (PII), financial data and other sensitive matters. And users continue to click on links they should ignore. Plus, fraudsters now, of course, are using artificial intelligence (AI) to bypass email security systems. (See “Introducing Cloudflare’s 2023 phishing threats report,” by Elaine Dzuba and Juliette Cash, Cloudflare, Aug. 16, 2023.)

According to the Cloudflare report:

  • Attackers use links as the No. 1 phishing tactic and are evolving how they get you to click and when they weaponize the link.
  • Identity deception takes multiple forms and can easily bypass email authentication standards.
  • Attackers may pretend to be hundreds of different organizations, but they primarily impersonate the entities we trust and need to get our work done.

The FBI’s Internet Crime Complaint Center (IC3) 2022 report on business email compromise (BEC) says that U.S. organizations lost more than $17 billion to BEC schemes between October 2013 and December 2022. Global businesses counted losses of nearly $51 billion for the same period, according to reports the IC3 received from organizations. (Also see “Analysis: Social Engineering Drives BEC Losses to $50B Globally,” by Elizabeth Montalbano, Dark Reading, June 13, 2023.) 

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.