Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ahead of US Tax Day on April 18, 2023, attackers are taking the opportunity to send finance-related phishing attacks. There has been a 164% increase in tax-related phishing emails since February 2023 and a 32% increase versus 2022 levels. Typically in these attacks, cybercriminals attempt to convince victims that they have a tax refund available or have underpaid their taxes, when in reality, the email contains a malicious link or attachment.

Since March 2nd, 2023, intelligence from the Egress Intelligent Email Security platform shows Emotet malware being used within Microsoft OneNote attachments, as cybercriminals evolve their attacks in attempts to avoid detection. Emotet is sophisticated malware primarily used for stealing sensitive information, such as credentials, from the machines it infects.

As news of Silicon Valley Bank’s (SVB) collapse continues to dominate the headlines, cybercriminals are running phishing campaigns impersonating SVB and other financial institutions, including M-F-A and Bloomberg. Responding quickly to the 24-hour news cycle, cybercriminals aim to leverage their victims’ potential distress over their financial situation to make them more susceptible to this type of attack.

Graymail – technically, it’s not bad, but it’s not necessarily good, either. This type of email falls in between. At best it’s useful, usually it’s an annoyance, and at worst, it’s a potential cybersecurity threat. The accepted definition for graymail is emails that aren’t spam or phishing, but which the recipient may perceive as inbox clutter.

Phishing is the most common form of cybercrime according to the FBI. In 2021, 323,972 victims were recorded across the US, which marks a 34% increase on the previous year. As cybercriminals continue to develop their attack techniques and leverage advances like crime-as-service and chatbots to create phishing emails, this number is likely set to continue rising. Year-on-year victim loss comparison for phishing/vishing/smishing/pharming.

With the launch of ChatGPT, concerns have been growing around the use of AI in phishing. The concerns are founded: AI can write phishing emails. It’s not the only tool in a hacker’s toolkit either - cybercriminals can use many different technologies to build a phishing campaign and send phishing emails. Many, like chatbots, are widely available for consumer and business use.

Our increasing dependence on the internet and, specifically, email for business and personal communication has produced the perfect environment for cybercriminals to launch phishing attacks. As organization’s technical controls have advanced, cybercriminals have evolved their attacks, making them more difficult for traditional email security solutions that use signature-based detection (such as Microsoft and secure email gateways (SEGs) to detect.