Financial Fraud Phishing Attacks Increase 72% In One Year; Financial Industry Takes the Brunt

With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.

When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That’s right – the financial services industry, at least according to cybersecurity vendor Armorblox’s 2023 Email Security Threat Report.

According to the report, the financial services industry as a target has increased by 72% over 2022, and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn’t get any better for the financial industry:

  • 51% of invoice fraud attacks targeted the financial services industry
  • 42% of payroll fraud attacks
  • 63% of payment fraud

To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means 1 in 5 email-based attacks made it all the way to the Inbox. The next layer in your defense should be a user that’s properly educated using Security Awareness Training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage.


The Number of Phishing Attacks Continues to Grow at a Rate of 150% Per Year

The latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) shows an unrelenting upward trend in the number of phishing attacks per quarter.

Despite the alarm that the growth in the number of phishing attacks should generate, this report sheds some light on what seems to be working for cybercriminals if you dig a little deeper. According to the report:

  • The number of unique email subjects increased by 99.2%, totaling over 250,000 in Q4
  • The number of brands impersonated decreased slightly by 4% to 1780
  • The number of unique phishing websites increased slightly by 6% to just over 1.3 million

In essence, it appears that more unique campaigns is the answer – after all, there are only so many brands that have a broad appeal. It is interesting to see that the number of phishing websites is not increasing with the unique email subjects, although the “unique” email subjects may simply be variations on a theme aimed at using the same phishing website to capture credentials, banking details, etc.

The scarier part of this report is that 150% continual growth.

4-19-23 Image

Source: APWG

This growth is a mix of new threat actors getting into the game, improvements in the “as a service” of just about every facet of cyber attacks, and the fact that successful attacks are also increasing in numbers.


Cyber Insurance Demand Grows as Cybercrime is Expected to Rise to $24 Trillion by 2027

As cyber attacks continue to grow in sophistication, frequency, cyber insurers are expecting their market to double in the next two years.

I’ve spent a lot of time here on this blog educating you on attack specifics, industry trends, and the impacts felt by attacks. I’ve also talked quite a bit about cyber insurance and the trends therein. But seldom have we been able to  combine the two and present the state of cyber attacks from an insurer’s perspective.

Cyber Insurer Munich Re recently released their Cyber insurance: Risks and Trends 2023 report which provides us with some insight into the state of attacks and the impact on cyber insurance. According to the report:

  • Cyber crime costs in 2022 are estimated at $8.4 trillion
  • They are expected to be approximately $11 trillion in 2023
  • They are expected to rise to $24 trillion by 2027

According to Munich Re, “ransomware was, by far, the leading cause of cyber insurance losses”, making it primarily responsible for the projected massive growth in cyber insurance – which is estimated to have been a market size of $11.9 billion in 2022 and projected to reach $33.3 billion by 2027.

There’s a 3x growth estimated in cyber crime costs over the next 4 years and a 3x growth in the cyber insurance market in the same timeframe. This means that organizations should expect both a rise in the frequency of attacks in the coming years, as well as an increase in the cost of cyber insurance. Rises in insurance costs should be a clear indicator that spending budget on prevention methods (that include security awareness training) is far better than putting all your eggs in the cyber insurance basket.


Number of Ransomware Victim Organizations Nearly Doubles in March

New data shows a resurgence in successful ransomware attacks with organizations in specific industries, countries and revenue bands being the target.

While every organization should always operate under the premise that they may be a ransomware target on any given day, it’s always good to see industry trends to paint a picture of where cybercriminals are currently focusing their efforts. This gives organizations the ability to either shore up security measures today (if they’re a current target) or shore up security measures today anyways (so they’re ready for when they do become the target).

In third-party risk vendor Black Kite’s 2023 Ransomware Threat Landscape Report, we see some interesting trends around successful ransomware attacks today:

  • March of this year saw 410 ransomware victim organizations – nearly double that of April of last year, with only 208
  • The U.S. dominated as the primary focus, with 1171 victim organizations representing 43% of the total victims reported, with the UK, Germany, France, Italy, and Spain combined making up around 20% of victim orgs
  • The largest group of victim organizations by revenue resided in the $50-60m range, with the next two groupings in the $40-50 million and $60-70 million ranges, respectively
  • Manufacturing topped the list of industries, with “Professional, Scientific, and Technical Services” coming in second, representing nearly 35% of all victim organizations

4-7-23 Image








Source: Black Kite

In summary, it appears like cybercriminals are focused on mid-market, U.S.-based organizations that likely have a material amount of intellectual property and/or sensitive data.

This, of course, doesn’t mean if you’re not in that specific demographic you’re off the hook; nothing could be further from the truth. The Black Kite data shows where the focus is today. But there’s always a new player looking for a niche victim demographic they can nestle themselves into, making it necessary to shore up all security – including your user’s vigilance against phishing and social engineering attacks via Security Awareness Training.


Blocking Social Engineering by Foreign Bad Actors: The Role of the New Foreign Malign Influence Center

The U.S. government created a new office to block disinformation. The new Foreign Malign Influence Center (FMIC) oversees efforts that span U.S. military, law enforcement, intelligence, and diplomatic agencies.

The FMIC was established on September 23 of last year after Congress approved funding, and is situated within the Office of the Director of National Intelligence. The FMIC has the unique authority to marshal support from all elements of the U.S. intelligence community to monitor and combat foreign influence efforts such as disinformation campaigns.

The growing threat of social engineering by foreign adversaries has become a significant concern. By leveraging digital platforms, hostile actors can manipulate public opinion, foment discord, and undermine democratic institutions. To address this pressing issue, the newly established Foreign Malign Influence Center aims to counter social engineering efforts by foreign bad actors, working to protect our society from this insidious form of cyber warfare.

One of the key aspects of the Center’s strategy is fostering partnerships with like-minded institutions. By building a strong collective defense against social engineering, the organization can ensure that a diverse range of expertise and perspectives contribute to the fight against foreign influence.

Done right, the FMIC has the potential to be a valuable ally in the fight against social engineering by foreign bad actors. However, its success will depend on its ability to work collaboratively with partners, operate within legal and ethical boundaries, and stay focused on the genuine threats to our democratic institutions.


New Survey Reveals Employees are the Attack Surface

A survey by Tanium has found that IT security professionals in the UK say that 64% of avoidable cyber attacks are due to human error, which usually involves falling for phishing attacks. More than half of the respondents said that loss of productivity would be their main concern following a cyber attack.

“The largest number of survey respondents (56 percent) speculate that ‘loss of productivity’ would have the biggest post-breach impact, followed by ‘loss of clients and/or revenue’ (52 percent),” the researchers say. “However, it’s worth noting that these two answers have a mutual association – downtime. Following two years of pandemic disruption, organisations are naturally sensitive to anything that interferes with business as usual.”

The survey also found that the majority of respondents believe that spending money on security defenses is cheaper than sustaining a cyberattack.

“Forward-thinking organisations will already be acting to pay down the technical debt of their legacy systems,” the researchers write. “85% of security pros in our survey admit that ‘it costs more to recover from a cybersecurity incident than to prevent one.’”

Tanium concludes that organizations should invest in a defense-in-depth strategy that includes employee training.

“These statistics highlight that there is ample scope for cyber teams to make improvements in many areas that are under their influence and control,” the researchers write. “As an illustration, almost half of the organisations surveyed (43 percent) said they intend to invest more in ‘employee awareness training.’ This prevention-first approach is one way to reduce vulnerabilities that are often caused by human error or lack of education on cyber matters.”

New-school security awareness training can give your organization an essential layer of defense by teaching your employees to recognize and thwart social engineering attacks.

CIO has the story.


[HEADS UP] Russian Hacker Group Launches New Spear Phishing Campaign with Targets in US and Europe

The Russian-based hacking group Seaborgium is at it again with increased spear phishing attacks targeting US and European countries in the last year.

Last month, I previously wrote about Seaborgium launching a phishing campaign with targets in the UK. Now these threat actors have taken one step further with fake personas, social media accounts, and academic papers to lure their victims into replying to their phishing emails. They have also widened their net to multiple regions across the globe with a new focus on the US and additional regions within Europe. Each successful attack means the threat actor is able to refine their fake profiles to be more convincing and lure future victims.

Journalists are also becoming a target for multiple Russian hacking groups. Since journalists hold sensitive information, it could serve as high value to execute cyber espionage for the Russian state-sponsored groups.

While spear phishing campaigns continue to increase in sophistication, the root cause stems from social engineering. Whether it was specific language in the email or a convincing fake profile, threat actors are refining commonly used social engineering tactics to ensure your users fall victim to their attack.

Thankfully, there are ways to identify if your organization is being targeted. We have several tips for preventing a spear phishing attack from targeting your users:

  • First of all, you need all your defense-in-depth layers in place. Defending against attacks like this is a multi-layer approach. The trick is to make it as hard as possible for the attacker to get through and to not rely on any single security measure to keep your organization safe.
  • Do not have a list of all email addresses of all employees on your website, use a web form instead.
  • Regularly scan the Internet for exposed email addresses and/or credentials, you would not be the first one to find one of your user’s username and password on a crime or porn site.
  • Never send out sensitive personal information via email. Be wary if you get an email asking you for this info and when in doubt, go directly to the source.
  • Enlighten your users about the dangers of oversharing their personal information on social media sites. The more cybercriminals know, the more convincing they can be when crafting spear phishing emails.
  • Users are your last line of defense! They need to be trained using new-school security awareness training and receive frequent simulated phishing emails to keep them on their toes with security top of mind. We provide the world’s largest content library of security awareness training combined with best in class pre- and post simulated phishing testing. Since 91% of successful attacks use spear phishing to get in, this will get you by far the highest ROI for your security budget, with visible proof the training works!

Hackers Work Around ChatGPT Malicious Content Restrictions to Create Phishing Email Content

Active discussions in hacker forums on the dark web showcase how using a mixture of the Open AI API and automated bot from the Telegram messenger platform can create malicious emails.

It’s good that from the start, creators of ChatGPT put in content restrictions to keep the popular AI tool from being used for evil purposes. Any request to blatantly write and email or create code that will be misused to victimize another person is met with an “I’m sorry, I can’t generate <content requested>” response.

I wrote previously about ways ChatGPT could be misused – as long as the intent for the generated content isn’t divulged to the AI engine. New research from Checkpoint shows a number of examples of dark web discussions about how to bypass restrictions intent on keeping threat actors from using ChatGPT.

In essence, a hacker has created a bot that works within the messenger service Telegram to automate the writing of maliciously-intended emails and malware code.



Source: Checkpoint

Apparently the API for the Telegram bot does not have the same restrictions as direct interaction with ChatGPT. The hacker has gone as far as to establish a business model charging $5.50 for every 100 queries, making it inexpensive and easy for anyone wanting a well-written phishing email or base piece of malware.

This only means more players can get into the game without the barrier of needing to know how to write well or to code. It also means employees need to be far more vigilant than ever before – something taught with continual Security Awareness Training – scrutinizing every email to be absolutely certain that the content, sender, and intent is legitimate before ever interacting with them.


Spear Phishing Attacks Increase 127% as Use of Impersonation Skyrockets

Impersonation of users, domains, and brands is on the rise, as is the use of malicious links, in response to security vendors improving their ability to detect malicious attachments.

I talk often about the back-and-forth that exists between cybercriminal groups and security vendors. Security solutions improve their detection capabilities, and threat actors work tirelessly to find new ways to evade detection. New data found in GreatHorn’s 2023 State of Email Security report shows that this is exactly what’s been happening in the last 12 months. Let me paint the picture for you – according to the report, in 2022:

  • Microsoft and Google have improved their attachment scanning capabilities
  • Spear phishing increases 127% to focus specific scam themes on specific targets
  • Executive Impersonation jumps 344% making the attack seemingly come from a trusted source
  • 43% of all potentially dangerous emails are now impersonation emails
  • All of the top 20 malicious links used were from compromised domains with positive reputation scores to bypass native scanning controls, such as those used by various Google services

In essence, the cybercriminals now realize they can’t really use malicious attachments, so they’re realizing they need to find a balance between great social engineering against targeted victims, use of impersonation, and the use of legitimate sites to host the malicious payload to achieve this next evolution of attacks.

According to GreatHorn, most attacks take between 1 and 4 steps to get the victim user to interact with the malicious payload.

graph showing the steps it takes users to get to malicious payload

Source: GreatHorn

This means you have a bunch of users that unwittingly follow a set of unusual and unnecessary clicks that they should know better than to follow – something they learn very quickly if they are enrolled in new school Security Awareness Training. Attackers will continue to evolve their craft, so your users need to stay up-to-date on the latest attacks.


Be Wary of Survey Scams

Online surveys are too often scams designed to steal personal or financial information, warns Phil Muncaster at ESET. Muncaster explains that these surveys are usually distributed via phishing or by ads on websites, impersonating trusted brands and offering phony rewards:

  • “The scam often begins with an unsolicited email or text/message likely spammed out to countless other victims. This is basically a phishing message designed to lure the recipient into participating by clicking through.
  • “It often features a well-known brand to add a sense of legitimacy and encourage the victim to participate. In December 2022, a popular survey scam abused the brand of chocolate-maker Cadbury to do this – promising recipients the chance to win ‘an exclusive Christmas Chocolate Magic Basket’ if they took a short quiz.
  • “The scam may feature a thematic lure – such as the Christmas Cadbury one, or the supposed ‘40th anniversary’ of wholesaler Costco which was used in a June 2022 campaign in South America.”

These scams can cause varying degrees of damage. Many are focused on collecting information, and others attempt to trick the user into installing malware or transferring money. Muncaster offers the following recommendations to help users avoid falling for these scams.

  • “Look out for any offers that seem too good to be true. It could be a large cash prize for just a few minutes work, or an expensive gift.
  • “Watch out for typos or poor grammar – it could be a sign that things aren’t quite right.
  • “Shortened URLs might also indicate fraud.
  • “Time-limited offers are another way for scammers to turn up the pressure on their victims.
  • “Some senders may be vague about who’s running the survey – with no ‘contact us’ link to follow.
  • “If the sender uses a free webmail account, then the survey is likely to be a scam.”

It’s worth noting that such scam surveys represent a business as well as a personal risk. Many of them are cast as business-to-business surveys to take the temperature of a market, or to gauge the climate of opinion among customers. New-school security awareness training can enable your employees to thwart social engineering attacks.