As the summer travel season approaches and travelers hit the road, cybercriminals are turning to new technologies to run scams and steal data, from artificial intelligence email attacks to fake smartphone chargers that prey on power-hungry travelers. there is.
A recent report from cybersecurity firm SlashNext found that the number of phishing email attacks had increased 856% over the past year, and that the surge was driven in part by generative AI. This technology allows scammers to craft phishing emails in multiple languages at the same time, leading to a 4151% increase in malicious emails since the launch of ChatGPT in 2022.
“Threat actors can trick AI into writing emails very quickly, in any language, for almost free,” SlashNext CEO Patrick Harr told Decrypt in an interview. “You’ll see that these (phishing emails) aren’t just in English. I can write in many different languages and target a lot of people around the world and I can do it literally in seconds.”
The latest report is international business times It highlighted a sharp rise in phishing attacks targeting both business and leisure travelers, offering lists of fake websites and huge discounts. For example, the Swiss Alps offers $200 per night, while another site offers $1,000 per night.
“If you have any doubts, call the property, host or customer support,” said Marnie Wilking, Chief Information Security Officer at Booking.com. IBT.
Booking.com did not immediately respond to a request for comment. decryption.
A phishing attack involves sending a message to an unsuspecting victim who clicks on a link that leads to a malicious website or application, tricking the user into submitting personal or security information, such as a password.
Last January, cybercriminals stole more than $700,000 from phishing victims by using the Mailerlite service to target encrypted email lists.
A new form of phishing, “smishing,” or text message phishing, is becoming increasingly popular and a dangerous way to attack cell phones, Harr said.
“We obviously transitioned to a mobile world a long time ago and people have become so accustomed to texting,” Harr said. These bad actors always try to intervene where users are comfortable,” Harr said. “What we’ve seen as a change within ‘smishing’ is that it’s no longer just ‘click here’ because the gift package is on your doorstep.”
Harr said the ubiquitous symbols are now being distributed by scammers since businesses adopted QR codes during the COVID-19 pandemic.
“Eighty percent of all phones are actually not protected against phishing at all,” Harr said, citing a recent report from Verizon. “So the reason they use QR codes is to get you to pay for something, reveal sensitive information about yourself, or steal your password.”
juice jacking
Phishing attacks are the most popular attack vector used by cybercriminals, but the Federal Communications Commission (FCC) recently issued a warning about “juice jacking,” which targets travelers trying to charge their devices at airports and hotels.
Attackers are taking advantage of technology built into the universal USB standard, which provides power transfer as well as data. Connecting a maliciously configured USB port or cable to a victim’s device can steal information or install unwanted software.
Avoid using free charging stations at airports, hotels, and shopping centers. Malicious actors have found ways to use public USB ports to introduce malware and monitoring software to devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIdenver) April 6, 2023
To prevent this new type of attack, the FCC suggests using personal chargers plugged into a primary power outlet, using portable batteries, or using data blockers that limit USB connections to power transfer only.
Year-round surveillance
decryption We contacted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) for further advice.
A CISA spokesperson pointed to resources available to help consumers better protect themselves from phishing scams, including recognizing common signs of phishing, such as urgent or emotional language, requests for personal information, and invalid email addresses.
Misspelled words used to be a sure sign of a phishing attack, but CISA said this is no longer the case due to the widespread use of AI.
“This isn’t just for the summer; it’s something people can do to stay more secure all year round,” a CISA spokesperson said. decryption.
Edited by Ryan Ozawa.
generally intelligent newsletter
A weekly AI journey explained by Gen, a generative AI model.