Phishing attacks are becoming more sophisticated as cybercriminals introduce new tactics to trick victims and bypass security. In January 2023, Barracuda researchers found three novel phishing techniques: Google Translate links, image attachment attacks, and special characters. While each attack makes up less than 1% of detected phishing attempts, they impact 11-15% of organisations and are dynamic in their nature. Gateway-based systems offer little protection, and tuning is required to defend against them. Learn how cybercriminals are using these tactics and what measures can be taken to safeguard against them.
Google Translate Used in Phishing Attacks to Deceive Victims
Attackers are increasingly using Google Translate to hide malicious URLs in phishing emails. These attacks, also known as Translation-Based Phishing or Translation Deception Attacks, rely on translation services to deceive victims and make it difficult for email filtering technologies to detect. Google Translate is the most widely used service, but similar attacks have been seen using other search engines. Once victims click on the URL, they are taken to a fake but authentic-looking website.
These attacks are difficult to defend against because they use legitimate URLs and may contain poorly formed HTML pages or non-supported languages to evade translation. Threat actors like Midnight Hedgehog and Mandarin Capybara are launching BEC campaigns in multiple languages using the same text translated into the native language. They target finance and HR personnel with payment fraud and payroll diversion schemes by spoofing the CEO or other executives.
Image Phishing to Deceive Users
Image phishing is a type of phishing attack that uses images to deceive users into clicking on malicious links. This technique has become increasingly popular among cybercriminals because it’s more challenging to detect than text-based phishing attacks. Attackers send emails with links that appear to be legitimate but redirect users to sites that steal personal information, install malware, take over accounts, or scam victims out of money. This new technique embeds malicious code in the pixels of an image and once clicked on, it infects the computer.
There are several signs that an email may contain an image phishing attack. Look out for suspicious links or attachments, spelling errors, bad grammar and punctuation, improper graphics, extreme urgency, offers that are too good to be true, unsolicited responses to actions you didn’t initiate, threats, generic greetings, and messages that somehow end up in your inbox instead of your spam folder.
Special Characters Used in Phishing Attacks
Cyber attackers are using special characters, such as zero-width Unicode code points, punctuation, non-Latin script, or spaces, to evade detection and carry out their malicious activities. This technique is also used in “typo-squatting” web address attacks, which mimic the genuine site but with a slight misspelling.
In phishing emails, the special characters are not visible to the recipient, and attackers insert a zero-width (no) space within the malicious URL, breaking the URL pattern so that security technologies do not detect it as malicious. This makes it difficult to detect and protect against these attacks, as traditional email security struggles to identify them.
Unfortunately, this tactic is becoming increasingly common, and around one-in-10 (11%) organizations were targeted in January 2023. To avoid falling victim to such attacks, it is important to stay vigilant and follow best practices for email security.
Tips to protect against these new phishing attacks
- Always verify outgoing payments and payroll updates to ensure they are legitimate.
- Invest and enrol the entire company in a cybersecurity awareness training program designed to recognise and report suspicious emails.
- Consider implementing behavioural analytics to detect anomalies and flag potential threats.
- Be cautious when opening emails from unfamiliar sources or clicking on links or attachments, even if they appear legitimate.
- Encourage your workforce to double-check the sender’s email address and verify the authenticity of any requests for sensitive information or financial transactions.
- Keep all software and operating systems up-to-date.
- Turn off the automatic image display option in your email platform.
- Delete suspicious-looking emails without opening them.
- Be wary of emails with poor grammar, punctuation, or spelling errors.
- Block the sender of spam and phishing emails.
- Implement advanced email security solutions that can accurately detect and block malicious links and attachments.
- Implement post-delivery remediation tools to quickly identify and remove any instances of the attack.
Protecting against new phishing attacks requires a multi-layered approach. By implementing these measures, organizations can significantly reduce the risk of falling victim to these new and evolving phishing attacks.