Graymail – technically, it’s not bad, but it’s not necessarily good, either. This type of email falls in between. At best it’s useful, usually it’s an annoyance, and at worst, it’s a potential cybersecurity threat. The accepted definition for graymail is emails that aren’t spam or phishing, but which the recipient may perceive as inbox clutter.
Phishing is the most common form of cybercrime according to the FBI. In 2021, 323,972 victims were recorded across the US, which marks a 34% increase on the previous year. As cybercriminals continue to develop their attack techniques and leverage advances like crime-as-service and chatbots to create phishing emails, this number is likely set to continue rising. Year-on-year victim loss comparison for phishing/vishing/smishing/pharming.
With the launch of ChatGPT, concerns have been growing around the use of AI in phishing. The concerns are founded: AI can write phishing emails. It’s not the only tool in a hacker’s toolkit either - cybercriminals can use many different technologies to build a phishing campaign and send phishing emails. Many, like chatbots, are widely available for consumer and business use.
Our increasing dependence on the internet and, specifically, email for business and personal communication has produced the perfect environment for cybercriminals to launch phishing attacks. As organization’s technical controls have advanced, cybercriminals have evolved their attacks, making them more difficult for traditional email security solutions that use signature-based detection (such as Microsoft and secure email gateways (SEGs) to detect.
Social engineering cyberattacks play on the mind, manipulating emotions and engaging in deception to get victims to give up passwords, financial data, and other valuable information. According to Verizon's 2022 Data Breach Investigations Report (DBIR), eight in 10 data breaches (82%) involve a human element. Alongside breaches caused by human error and malicious actions, this statistic also includes social engineering attacks.
Zero-day vulnerabilities present a very real threat to cybersecurity. Exploiting a zero-day vulnerability as an attack vector is a complex process, but it allows attackers to slip into your system undetected and leave without a trace.
Over the past several years, crypto has become increasingly mainstream. Research has predicted that by the end of 2022, the number of US adults who own at least one cryptocurrency will increase by 19% to 33.7 million. This equates to 12.8% of the population. Naturally, cybercriminals have quickly learned how to cash in on this popularity.
There’s a glimmer of good news amid the ever-evolving IT threat landscape – although it’s come about as a result of worrying illegal activity. Even though recent changes to data privacy laws have placed consumers in control of their personal information, the Federal Trade Commission (FTC) has found that some apps are, in fact, collecting data they don’t need.
Distributing malware through a. ZIP file isn’t anything new, so threat actors are using a new tactic in response to tightening cybersecurity measures across the globe. While most people know not to open an unexpected attachment, these malicious files are starting to pop up in email threads with trusted friends and colleagues — this makes them very easy to fall for.
