Understanding Phishing Threats

Leveraging this new OpenAI real time translator to phish via phone calls in the target’s preferred language in 3…2… So far, AI has been used for believable translations in phishing emails — E.g. my Icelandic customers are seeing a massive increase in phishing in their language in 2024. Before only 350,000 or so people comfortably spoke Icelandic correctly, now AI can do it for the attacker. We’re going to see this real time translation tool increasingly used to speak in the target’s preferred language during phone call based attacks. These tools are easily integrated into the technology we use to spoof caller ID, place calls, and voice clone. Now, in any language. Educate your team & family + friends. Make sure folks know: - AI can voice clone - AI can real time translate to speak in any language - Caller ID is easily spoofed with or without AI tools - AI tools will increase in believability Example AI voice clone/spoof example here: https://lnkd.in/gPMVDBYC Will this AI be used for good? Sure! Real time translations are quite useful for people, businesses, & travel. We still need to educate folks on how AI is currently use to phish people & how real time AI translations will increase scams across (previous) language barriers. *What can we do to protect folks from attackers using AI to trick?* - Educate first: make sure folks around you know it’s possible for attackers to use AI to voice clone, deepfake video and audio (in real time during calls) - Be politely paranoid: encourage your team and community to use 2 methods of communication to verify someone is who they say they are for sensitive actions like sending money, data, access, etc. For example, if you get a phone call from your nephew saying he needs bail money now, contact him a different way before sending money to confirm it’s an authentic request - Passphrase: consider using a passphrase with your loved ones to verify identity in emergencies (e.g. your sister calls you crying saying she needs $1,500 urgently ask her to say the passphrase you agreed upon together or contact with another communication method before sending money)

If you looked at this email fast, you’d swear it came from Microsoft. Same logo, layout, tone - everything checks out. Except for one thing: The sender’s domain was rnicrosoft(.)com instead of microsoft(.)com That tiny swap of “rn” instead of “m” is what’s called typosquatting. Attackers register near-identical domains to catch people who skim their inbox too fast. What makes this effective is how subtle it is. On mobile, you barely see the full address. On desktop, your brain autocorrects it. It feels right and that’s all they need. These kinds of tricks are showing up more often in credential phishing, vendor invoice scams, even internal HR impersonations. How to handle these cleanly (real, practical steps): - Expand the full sender address every time before you click. - Hover the link to view the real href, or long-press the link on mobile to reveal the URL. - Check the Reply-To header -- scammers often route replies elsewhere. - If it’s a password reset you didn’t request, open a new tab and log in from the official site rather than clicking the email. - Forward the phish to your security team or report it (company phishing inbox / your provider’s report feature). Examples of look-alikes to watch for: swapped letters (rn → m), zero for o (micros0ft), added hyphens or extra subdomains (microsoft-support[.]com). Small habit change, big payoff. Teams that rehearse these scenarios stop reflexively clicking.

EMERGING THREAT VECTOR: PROMPT INJECTION IN PHISHING CAMPAIGNS AGAINST AI DEFENSES ℹ️ In a newly uncovered phishing campaign, attackers have evolved beyond merely targeting human recipients; the email also includes hidden AI-oriented prompt manipulation to evade automated defenses. On the surface, the email mimics a standard “Login Expiry Notice,” warning the recipient that their password will expire and urging them to update their credentials. This reflects classic social engineering tactics, based on the use of urgency and impersonation of Gmail-like branding. ℹ️ However, what sets this campaign apart is the inclusion of a cryptic block of text embedded in the plain-text MIME part, written in the style of a user prompt for AI models like ChatGPT or Grok. It instructs the reader (or AI) to engage in deep reasoning, generate multiple perspectives, and refine responses before output. This is not meant for human users; it is a clever form of prompt injection, designed to confuse AI-based triage or classification systems into overthinking the content instead of flagging it as phishing ℹ️ Prompt injection is a form of adversarial attack where malicious actors manipulate the instructions given to an AI model. Instead of delivering a normal query, the attacker embeds hidden or deceptive instructions inside prompts, documents, emails, or web content. The goal is to override the AI’s intended behavior and force it to execute the attack goal. ℹ️ Prompt injection can be direct (where the attacker crafts the prompt themselves) or indirect (where the malicious content is hidden in data the AI consumes, such as an email body, website text, or PDF). Indirect injections are particularly dangerous because they target automated workflows where humans may not notice the hidden instructions. Reference: 🔗 https://lnkd.in/dDgBHJ5W #threathunting #threatdetection #threatanalysis #threatintelligence #cyberthreatintelligence #cyberintelligence #cybersecurity #cyberprotection #cyberdefense

AI-Powered Phishing Attack Targets Microsoft 365 Accounts, Experts Warn - Ubergizmo Cybersecurity researchers uncovered a sophisticated phishing campaign that exploited a legitimate artificial intelligence platform to steal corporate Microsoft 365 credentials. The attack, detailed by Cato Networks and reported by Cyber Security News, demonstrated how cybercriminals increasingly leverage the trust placed in AI tools to bypass traditional defenses. At least one U.S.-based investment company was affected before the campaign was shut down, highlighting the growing risks of AI-enabled attacks. The operation began with carefully crafted phishing emails impersonating executives from a global pharmaceutical distributor. To enhance credibility, attackers used real logos and verified LinkedIn profiles, making the communications appear authentic. These emails contained password-protected PDF attachments, a tactic that allowed them to evade automated security scanners. The password, conveniently included in the message body, gave the appearance of a routine corporate practice. Once opened, the documents redirected recipients to Simplified AI, a legitimate marketing platform widely recognized and trusted in corporate environments. The attackers cleverly manipulated the platform to display the pharmaceutical company’s branding alongside Microsoft 365 design elements. This combination reinforced the illusion of legitimacy and lowered suspicion among users. The final stage involved redirecting victims to a fraudulent Microsoft 365 login portal that closely replicated the official page. Any credentials entered there were harvested by attackers, granting them unauthorized access to sensitive corporate accounts. According to Cato Networks, the use of a legitimate AI service provided attackers with cover, allowing them to hide malicious activity within normal enterprise traffic. Security experts stress that this incident reflects a broader trend. Cybercriminals no longer need to rely on suspicious domains or poorly maintained servers; instead, they exploit the reputation of trusted platforms, making detection significantly more difficult. The campaign illustrates how “shadow AI” adoption—when employees use unsanctioned tools without oversight—creates additional vulnerabilities for organizations. To mitigate risks, experts recommend adopting a layered defense strategy. Key measures include enabling multifactor authentication for all critical services, training employees to treat password-protected attachments with caution, and monitoring the use of AI platforms, including unauthorized applications. Continuous inspection of AI-related traffic and deployment of advanced threat detection solutions capable of identifying unusual behavior patterns are also strongly advised. #cybersecurity #AI #powered #phishing #Microsoft365 #AIPlatforms #UnauthorizedApplications

Navigating AI-Driven Cybercrime: What Every Business Needs to Know Here’s the deal: The rise of AI isn’t just transforming industries—it’s transforming cybercrime too. Staying secure in this new landscape means understanding just how AI is reshaping threats. Here are three critical insights to keep your business one step ahead: → AI is Empowering Cybercriminals From automated phishing to deepfake scams, cybercriminals are using AI to make their attacks faster, smarter, and more convincing. Traditional defenses alone won’t cut it. Staying informed about AI-driven threats is crucial. → Strengthen Your Cybersecurity Practices Don’t wait for an attack to hit. Implement robust measures—multi-factor authentication, regular updates, and AI-powered security tools that can detect suspicious activity in real time. Empower your employees with training to recognize phishing attempts and scams. → Use AI as a Defense Tool, Not Just a Threat AI can be your ally too. Leverage machine learning to spot patterns, monitor activity continuously, and respond automatically to threats. Shifting from a reactive to a proactive approach is key in today’s threat landscape. The takeaway? The AI-driven cyber threat landscape is here, and it’s only growing. Businesses that understand, prepare, and harness AI for defense will be best positioned to stay secure. Are you ready to strengthen your defenses? Let’s talk strategy.

Would you fall for a fake email from Amazon.xyz ? Because 690,502 people just like you did. A new rigorous, empirical study shows how modern phishing attacks work. And it's not what you think. Here's the wild part: Two-thirds of these attacks use brand new web addresses that look ~almost~ real. 📊 The Data: - 39 Months  - 690,502 Phishing Sites Here's The Attacker Playbook: 1. Buy Cheap, Throw Away Fast • Use .top and .xyz domains • Cost pennies to buy • Easy to dump when caught 2. Copy Famous Names • Amazon becomes Amaz0n.xyz • PayPal becomes PayPal-secure.top • Microsoft becomes Micros0ft.xyz 3. Play Digital Hide & Seek • Switch servers every few days • Change settings constantly • Stay ahead of blockers 🔍 The Numbers Tell the Story: • 66.1% use fresh domains • 64.3% keep changing servers • Takes 11.5 days to shut them down Keep Yourself Safe: 1. Check EVERY Link • Hover before clicking • Look for weird spellings • Question unusual extensions 2. Watch Out For: • .top domains • .xyz domains • Any odd-looking web address 3. Trust Your Instincts • Looks fishy? Probably is • Verify the sender • Check independently 💡 Key Takeaway: Modern phishers aren't using obvious fake emails anymore. They're playing a sophisticated game of digital deception. Stay sharp. Stay safe. ♻️ Share this to help others spot these tricks. 👉 Follow me for more security insights that keep you protected. #Cybersecurity #PhishingAwareness #DigitalSafety #TechSecurity

🚨 New Cyber Threat Alert: “Quishing” Attacks Are Weaponizing QR Codes! 🚨 In today’s digital-first world, QR codes have become a part of our daily lives — from restaurant menus to payment gateways and quick access to online forms. But as convenience grows, so does the creativity of cybercriminals. A new wave of phishing attacks, known as “Quishing” (QR code phishing), is now on the rise — and it’s catching both individuals and organizations off guard. 🔍 What is Quishing? Quishing attacks exploit the trust users have in QR codes. Cybercriminals embed malicious links within QR codes, which when scanned, can: Redirect users to fake login pages that mimic Microsoft, Google, or company portals to steal credentials. Trigger automatic downloads of malware or spyware onto the victim’s device. Bypass traditional email security filters, since QR codes can conceal malicious URLs that scanners can’t easily detects. 🎯 Why It’s So Effective You can’t see where a QR code leads until you scan it. Email filters often miss image-based threats like QR codes. Mobile devices, commonly used for scanning, are less protected than workstations. Employees might unknowingly scan a QR code placed in an office, parking lot, or event venue — thinking it’s legitimate. 🛡️ How to Protect Yourself & Your Organization ✅ Be skeptical of unsolicited QR codes, whether online, in emails, or on printed materials. ✅ Use QR scanner apps that preview the URL before opening it. ✅ Educate employees about emerging phishing methods, including QR-based threats. ✅ Verify before you scan — if a QR code is on a poster or email, confirm its legitimacy. ✅ Enable Multi-Factor Authentication (MFA) — it’s your last line of defense even if credentials are compromised. ✅ Keep devices updated with the latest security patches and antivirus protection. 💡 Emerging Trends to Watch Attackers are embedding malicious QR codes in PDFs and business emails, disguised as invoice links or IT login requests. Some campaigns are geo-targeted, adapting fake login pages based on the user’s company or region. There’s an increasing use of AI-generated corporate phishing pages, making them nearly indistinguishable from real ones. 🔐 Takeaway As technology evolves, so do the tactics of attackers. Awareness and vigilance are the first steps in defending against modern cyber threats like Quishing. Organizations must continuously update their security training, test phishing resilience, and educate employees about this new threat vector. Let’s stay ahead — because in cybersecurity, prevention is always better than recovery. 💪 #CyberSecurity #InfoSec #Phishing #Quishing #QRcodeSecurity #CyberAwareness #ThreatIntelligence #DataProtection #MFA #SecurityTraining #ZeroTrust

How many signs of phishing can you spot in this email? I am getting more and more of this exact type of fake invoice phish. In fact, a lot of them aren't even getting caught by spam these days. So, let's spread the security awareness to help others avoid falling for it. How many signs of phishing can you spot in this image? Alternatively, what common signs do you NOT see, which is likely how it is avoiding spam filters? Here is what I see on this one (SPOILERS): 🔻 From a generic gmail.com account 🔻 No personal greeting - it is all generic 🔻 The ID number in the subject doesn't match any other numbers in the email or the Invoice number in the attached PDF (visible but hard to see here) 🔻 The text is repetitive and very difficult to read 🔻 The PDF says "Norton from Symantec" but the email doesn't contain any branding or contact details Now, here is what I DON'T see which security awareness programs always highlight: 🔹 Call to *urgent* action 🔹 A link to click 🔹 Typos or spelling errors (grammar problems not withstanding) So, what actions can you tell people to avoid falling victim? 🔸 Never trust incoming email, particularly from sources you haven't seen before 🔸 If an email says you paid a bill you don't remember paying, check your bank accounts FIRST. If you don't see the bill, the email is almost certainly spam. 🔸 Never be afraid to forward an email like this to somebody else and ask for a second opinion on it. 🔸 Don't call the phone number or respond to an email like this. Look up the company in Google and call the official support number. #security #cybersecurity #spam #phishing #securityawareness

Scammers see tax season as open hunting season Don't be their easy prey 7 things nobody tells you about staying safe from phishing during tax season: 1. Be Skeptical of Unexpected Emails → Even if it looks like it’s from your CPA, trust your gut. → Unexpected emails? Delete them immediately. 2. Generic Senders Are Risky → Addresses like donotreply@domain.com are a scammer’s favorite disguise. → Always verify directly with your provider’s online portal. 3. Never Click Unverified Links → Don’t shortcut security by clicking links in emails. → Log in directly via your browser to avoid phishing traps. 4. Upgrade Your Email Security → Free email services lack robust phishing protection. → Consider upgrading to paid plans with built-in security features. 5. Don’t Ignore Email Settings → Even premium platforms like Google Workspace need periodic reviews. → Verify your settings to ensure optimal protection. 6. Scammers Target E-Signature Platforms → The rise of e-signatures has made them prime phishing targets. → Authenticate every document before signing or opening. 7. Think Before You Open Emails → Got an unexpected tax document? Call your provider directly. → No shortcuts, no stress, no scams. PS) Scammers are clever, but they’re also lazy. Make them work harder than it’s worth.

Scam Alert: New Parking Fine Text Scam Targets Drivers A convincing new text scam is making the rounds, warning drivers about a fake unpaid parking fine. The message pressures recipients to “pay immediately” and includes a link to a website designed to mimic the official government site. Once there, users are asked to enter personal and payment details—handing over sensitive information directly to scammers. These scams rely on panic and urgency, often using real location data pulled from your IP address to add credibility. The fake site even links to real gov.uk pages to appear more authentic. But the giveaway is the URL—always check that official government pages start with “gov.uk.” To protect yourself, never click on suspicious links or enter information on sites you were redirected to via text. Use antivirus software and report phishing attempts to 7726 or Action Fraud. Scammers are getting bolder and smarter, but we can beat them with awareness and caution. Always double-check before acting on unexpected fines or charges. Have you ever received a suspicious text like this—and would you know what to do if you did? #SecurityEverywhere #pleaseshare