As news of Silicon Valley Bank’s (SVB) collapse continues to dominate the headlines, cybercriminals are running phishing campaigns impersonating SVB and other financial institutions, including M-F-A and Bloomberg. Responding quickly to the 24-hour news cycle, cybercriminals aim to leverage their victims’ potential distress over their financial situation to make them more susceptible to this type of attack.

Graymail – technically, it’s not bad, but it’s not necessarily good, either. This type of email falls in between. At best it’s useful, usually it’s an annoyance, and at worst, it’s a potential cybersecurity threat. The accepted definition for graymail is emails that aren’t spam or phishing, but which the recipient may perceive as inbox clutter.

Phishing is the most common form of cybercrime according to the FBI. In 2021, 323,972 victims were recorded across the US, which marks a 34% increase on the previous year. As cybercriminals continue to develop their attack techniques and leverage advances like crime-as-service and chatbots to create phishing emails, this number is likely set to continue rising. Year-on-year victim loss comparison for phishing/vishing/smishing/pharming.

With the launch of ChatGPT, concerns have been growing around the use of AI in phishing. The concerns are founded: AI can write phishing emails. It’s not the only tool in a hacker’s toolkit either - cybercriminals can use many different technologies to build a phishing campaign and send phishing emails. Many, like chatbots, are widely available for consumer and business use.

Our increasing dependence on the internet and, specifically, email for business and personal communication has produced the perfect environment for cybercriminals to launch phishing attacks. As organization’s technical controls have advanced, cybercriminals have evolved their attacks, making them more difficult for traditional email security solutions that use signature-based detection (such as Microsoft and secure email gateways (SEGs) to detect.

Social engineering cyberattacks play on the mind, manipulating emotions and engaging in deception to get victims to give up passwords, financial data, and other valuable information. According to Verizon's 2022 Data Breach Investigations Report (DBIR), eight in 10 data breaches (82%) involve a human element. Alongside breaches caused by human error and malicious actions, this statistic also includes social engineering attacks.

Zero-day vulnerabilities present a very real threat to cybersecurity. Exploiting a zero-day vulnerability as an attack vector is a complex process, but it allows attackers to slip into your system undetected and leave without a trace.