- Phishing scam emails increased by 7 percent in South Africa during the first quarter of the year according to Kaspersky.
- In an analysis of phishing scams, Kaspersky found that impersonation of HR departments was becoming more popular.
- This along with the rise in the use of AI in cybercrime underscores the need to invest in cybersecurity training.
Phishing scams are still prevalent, in fact, they are constantly on the rise with this sort of attack increasing by seven percent in South Africa over the course of the first three months of the year.
In its analysis of phishing emails over this quarter, Kaspersky noticed that scammers were impersonating human resources departments. The scammers would send out an email mentioning vacation scheduling problems, the need to confirm leave dates or some other lure meant to get an employee to click a malicious link and input their company credentials. These HR impersonation emails were particularly popular in the lead-up to holiday periods.
The good news is that, aside from the call to action, many of these attacks are poorly designed and upon even minor scrutiny could trigger suspicion. Even the website an employee is directed to has problems that should raise an eyebrow.
“The site is hosted not on the company’s server, but in Huawei Cloud (myhuaweicloud.com), where anyone can rent space. The name of the file doesn’t match the name of the PDF mentioned in the email. There’s not a single attribute on the site to connect it to the specific company,” explains Kaspersky.
However, there is growing concern within the information security sector regarding the use of artificial intelligence platforms to assist in attacks.
The likes of ChatGPT for example, can be used to help craft more convincing phishing emails that are harder for employees to detect.
Worse still, the sheen of ChatGPT and Bard are enough to get folks to download anything associated with those platforms. Meta’s Guy Rosen reported in May that the cybersecurity team at the firm had noted a number of malicious browser extensions being downloaded by droves of users simply because they claimed to include an AI chatbot.
This puts the need for cybersecurity awareness training at all levels of a business into focus. The attack vectors and technologies being used by malicious individuals and organisations are constantly evolving and becoming complacent is a sure fire way to become vulnerable to an attack.
There are a number of companies that offer cybersecurity training locally be it in-person or online. It truly is a worthwhile investment especially when you consider that by compromising just one employee’s credentials, an attacker could take down an entire business.
