Phishing Insights: How The War in Israel is Fueling New Email Threats
It’s no secret that cybercriminals leverage current events and holidays to mask their phishing attempts, create urgency, and improve their chances of a successful attack. While many security and IT teams anticipated a flood of Amazon Prime Day-themed phishing attempts this week, the escalated war in Israel has birthed a new phishing threat.
Cybercriminals are always quick to leverage war, conflict, natural disasters, or humanitarian efforts to launch phishing attempts for a few different reasons:
- Because they are top of mind in news headlines and social media, it creates familiarity.
- As events rapidly unfold, people, eager to stay updated, may inadvertently let their guard down.
- When natural or manufactured disasters occur, most people are looking for ways to help those impacted.
These, among other factors, create the recipe for a highly successful social engineering attack. And with the rise of generative AI, crafting convincing, crisis-based social engineering attacks is becoming easier and more scalable.
Unfortunately, similar to how we saw an increase in phishing emails at the onset of the war with Russia and Ukraine, we should expect to see a flood of phishing attempts focused on the recent war in Israel. In fact, we have already identified and quarantined one such attempt (see screenshot below).
New Event-based Threat
At first glance, this email appears to be a spam message. However, after further investigation, our AI identified the link as malicious. This wasn’t an isolated event either. Variations of these phishing attempts were sent to many of our Israeli-based employees.
How to Protect Yourself
In our efforts to support those affected by these malicious attacks, it is imperative that we remain vigilant and adhere to the best practices of email security. Alongside this, it is vital to consider the overall context and relevance of the email, while implementing tried and true methods such as verifying display names and email addresses, comparing the sender's domain with that of the company, and exercising caution when faced with unusual or urgent requests. If you have any doubt regarding the email's authenticity, DO NOT click on any links or call any numbers provided in the email. Instead, forward the email to your IT/Security team for analysis.
Even if an email appears to be from a known company or individual, trust your instincts. Reach out to the sender through a separate, reliable contact method to verify the message. Remember, prioritizing caution and safety is always preferable to regretting the consequences.
If you suspect a phishing attempt, report it to your IT/Security administrator. This not only protects you and your organization but safeguards your colleagues who might have received a similar email. It is better to err on the side of caution.
As the events continue to unfold, we will keep everyone updated.
We provides a SelfLearning NexGen User-Friendly platform combining AI and HumanInsights (HI) along with providing a number of advanced detection techniques for such Impersonation attempts, Polymorphic Attacks, Phishing, Fake Login, SocialEngineering, AccountTakeover, and URLs Links detection using ComputerVision Technology, 50+ engines scanning for advance MalwareDetection BEC Anomaly Detection using Natural Language Processing and offers a multi-layered approach, all combined with our Award Winning MLearning and AI-powered IncidentResponse and Virtual SOC remediating these attacks at the Mailbox level.
SRC Cyber Solutions LLP in India provides the most comprehensive Mailbox Level Protection.
If you want to know more kindly Click here