New Release: Email Security Awareness Training- Empower your team to proactively combat email threats with easy-to-launch phishing simulations and assessments Learn More
New Release: Email Security Awareness Training- Empower your team to proactively combat email threats with easy-to-launch phishing simulations and assessments
Learn More
Exploiting a Current Crisis with Topic-Specific Phishing Attack

Exploiting a Current Crisis with Topic-Specific Phishing Attack

Mark Liapustin Mark Liapustin
January 28, 2023

Hackers are questing for the most specific point of attack or breach with their phishing scams. One way they do this is by copying baits from news headlines and adapting these lures to the territories and locations of their targeted recipients.

Organizations realize the flood of email phishing lures is aligning more with a current crisis or newsworthy event.

This blog will discuss the importance of enabling an AI-powered email security platform from vendors like Trustifi to protect the organization from the rapid deployment of email phishing scams.

Crisis of the Moment Becomes the Next Lure

Phishers watch the news broadcasts like any other person. They see horrible shootings in California, flooding in India, and people shot over the weekend in Chicago. As news sources release the news through social media and cable news, phishers are expediting email phishing attacks and scams to coincide with these tragic events. Here is a list of recent activities that witnessed an uptick in topic-specific phishing campaigns:

  • Tech Industry Layouts: With over 150,000 people being layoffs in the technology over the last month, hackers continue to send out fraudulent employment offers, including stock grants, signing bonuses, and salary. In many of these “lures,” hackers place a URL with an urgent request for candidates to upload their resume and their personal information, including bank account information, for direct deposit of a signing bonus.
  • Flooding in Northern California: Over the last several weeks, Northern California and many parts of Southern California have been under rainfall, causing floods, sinkholes, and mudslides. Capitalizing on the crisis, the hackers and phishers continue their charity fraud strategy by sending emails impersonating relief organizations, including the American Red Cross. Phishers will also send emails posing as insurance adjusters asking anyone affected by the flooding to contact them for instant financial relief. The consequences for people range from financial fraud to identity theft to delaying their actual insurance claim from being paid.
  • FTX in Financial Turmoil: The FTX financial scandal is not only newsworthy; this event will have long-lasting implications for years. Hackers use these events to “lure” people into other investment strategies, including depositing money in “safer” overseas banks and other financial tools. Investors looking for alternatives to bitcoin and cybersecurity will look at other investment opportunities.
  • Continued War in Ukraine: While the War in Ukraine is removed from most people, hackers, phishers, and crime criminals still pose as relief organizations and impersonate the President of Ukraine, asking for funds for the war effort. Thousands of phishing attacks go out globally to lure as many victims as possible. Leveraging tools like ChatGPT AI, hackers send these phishing messages in several languages with “Will you join us? Please consider supporting the people of Ukraine as they resist Russia’s unprovoked invasion. We’ve compiled information on ways you can help on our website.”
  • Gun Control Laws Changes: As the US Congress continues to see a ban on firearms, those that believe in the 2nd amendment rights will fight for their right to bear arms. Yet, hackers know this and use brilliant spear phishing scams, preying on gun owners asking for donations to help fight their cause. Often, like other clone phishing attacks, the money never goes to help.

Protecting Against the Crisis Lures of the Moment

Organizations and email service providers see these and many other phishing email attacks daily. As a crisis in the world unfolds, hackers and phishers mobilize using phishing-as-a-service providers to launch their topic-specific luring phishing schemes. Organizations relying on outdated or legacy email security solutions often need more time to update their inbound security rules to address these rapid just-in-time phishing attacks.

The industry email security providers that invested in a holistic platform powered by artificial intelligence and machine learning become positioned well to protect their clients from topic-specific just-in-time phishing lures. Email security companies like Trustifi deliver their award-winning phishing protection platform to SMBs and the mid-enterprise market through the rapid deployment of cloud solutions.

Modernizing your Email Security Strategy with Trustifi

Trustifi provides advanced protection against cyber threats to an organization’s email system. Trustifi features the Inbound Shield, which acts as an email filter to prevent topic-specific phishing attempts while reducing the impact of fraud.

As soon as Trustifi’s Inbound Shield becomes deployed to your company’s email system, sophisticated AI software scans every email received by your server. They placed each incoming email in a sandbox where Inbound Shield’s multi-layered detection inspects everything about the email, including the sender, email subject, content, links, and attachments. An email must pass all tests at each layer to be deemed safe.

Trustifi’s advanced AI-powered layer of security platform offers several proven security controls to help prevent dns spoofing attacks and others, including:

  • Impersonation: Trustifi’s advanced email security platform detects and tags the impersonation of the recipient’s contacts to ensure safe correspondence with a genuine connection. Also, it can identify actual emails from a brand.
  • New domains: Trustifi protection: Trustifi can detect additional parts and service abuse and quarantine the email by validating DMARC, SPF, and DKIM domain authentication.

Why Trustifi?

The most valuable asset to any organization, other than its employees, is the data in its email–and Trustifi’s fundamental aim is keeping clients’ data, reputation, and brand safe from all threats related to email. With Trustifi’s Inbound Shield, Data Loss Prevention, and Email Encryption.

With Trustifi vendor consolidation and reduction of resource cost allocation, they align with the needs of small and midsize clients while not compromising on email protection, all with a single pricing model.

Trustifi’s email detection and response (EMDR) offers clients access to experts to assist with the implementation.

Culture

As a global cybersecurity provider of both inbound and outbound email protection, Trustifi currently supports customers from countries including the USA, Canada, Brazil, the Dominican Republic, the UK, the Netherlands, India, the UAE, China, Japan, Cyprus, the Philippines, and more. The company has also developed “One-Click Compliance” capabilities that cater to world security regulations, including PDPO for Hong Kong, POPI for South Africa, GDPR for Europe, and LGPD for Brazil.

Related Posts