One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8409070 |
| Date de publication | 2023-11-10 08:04:20 (vue: 2023-11-10 12:07:23) |
| Titre | 2023 Prédictions de l'escroquerie de vacances, si ce que vous devez savoir 2023 Holiday Scam Predictions-Here\\'s What You Should Know |
| Texte | \'Tis the season for cyberscams. As the holiday season nears, adversaries will try to take advantage of people\'s generosity and holiday spirit. That\'s why it\'s critical to be alert. While it\'s still early to detect and analyze seasonal trends, we anticipate to see several new and emerging techniques in attackers\' creativity and lures, along with tried-and-true tactics from previous holiday seasons. From generative AI that helps telephone-oriented attack delivery (TOAD) to multifactor authentication (MFA) bypass that leans on shipping alerts, here\'s a look at five holiday scam predictions. These are the tricks and trends that you might see evolve in this year\'s winter threat landscape. 1: Generative AI will make threat detection trickier What\'s blown up since last holiday season? A little thing called generative AI. This emerging technology might change the game of crafting emails that include those too-good-to-be-true offers. Phony shipping emails are always favorites for attackers, and they always become more frequent during the holidays. Nobody wants a problem with merchandise they\'ve ordered or packages they\'ve shipped. Last year, many holiday season shipping phishing attempts featured standard red flags, like grammatical errors and non-native language structure. These are easily detectable at a quick glance. But this year, we expect to see many attackers using generative AI to write their emails and texts, potentially reducing easy detection. So go a level deeper when you\'re trying to determine whether a holiday season shipping email is a scam. Take a closer look these emails and ask these questions: Is the message generic or personalized? Are you being asked for unnecessary sensitive information? Does the sender display name match the email address? (This is a safety checklist item that people learn in security awareness training.) Are you being asked to pay a fee to receive a package? (Note: In this case, it\'s best to refuse the delivery until you can confirm the shipment is legitimate.) 2: TOAD scams might get an AI boost TOAD has become part of the threat toolkit, as attackers push victims to take unsafe actions over the phone. Writing with generative AI could increase the believability of TOAD attacks that use a holiday playbook. Need to stop an expensive gift purchase on your credit card or accept a heavily discounted travel offer? Then, contact this (fake) call center! If an AI-generated email successfully imitates a legitimate company, it\'s more likely that the victim will dial the phone number they\'re directed to. Generative AI could also provide opportunities to expand holiday scams globally. For instance, every Christmas and New Year, we see English-language vacation scams that target a Western audience. But there is also a huge volume of travel and celebration for Lunar New Year in China, South Korea, Vietnam and Hong Kong. If attackers previously lacked cultural knowledge or language skills to target these populations, they might now use freely available AI tools to quickly research what experiences might feel meaningful and create holiday lures that are localized and enticing. Luckily, generative AI is unlikely to improve interaction with the fraudulent call center. If you call the TOAD number, red flags should still be detectable. For instance, be wary if the “operator” is: Clearly following a script. Pressuring you to take an action. Speaking in a regional accent that your security awareness training has taught you is where call center fraud often originates. 3: MFA bypass could surface more often MFA bypass surged in popularity last year, and we continue to see an increase in the number of lures that use this technique. The attacker steals account credentials in real time by intercepting the MFA short code when the victim types it into an account login page that is fake or compromised. Since MFA bypass is an ongoing threat trend, we expect to see the techniques applied this year to holiday- |
| Envoyé | Oui |
| Condensat | 1: learn 2023 3: identify 4: wrap about accent accept account action actions actors address ads advantage adversaries after aid alert alerts all along also always analyze another anticipate appeals applied are around arriving ask asked attack attacker attackers attacks attempts audience authentication available avoid awareness bad basics bec because become begins being believability believable best beyond blend blown bonus boost browser business but bypass call called calling calls campaign campaigns can capture card cards case caution celebration center change channel channels charities charity checklist china christmas clear clearly click clicking closer code companies company complimentary compromise compromised concern confirm confirmation conflict consumer consumers contact contacted content continue convenient could covers: crafting create creativity credential credentials credit critical cultural cyberattacks cybercriminals cyberscams december deeper delivery design designed desire detect detectable detection determine dhl dial directed directly disasters discounted display disposal does don donate donation donations download drive during early easier easily easy efforts email emails emerge emerging emotional emotions employees engage engaging engineering english enticing errors established even every evolve example executive expand expect expensive experiences extend extent fake familiar favorites featured fedex fee feel feeling five flags following four fraud fraudulent freely frequent from funds game generated generative generic generosity get gift giving glance global globally goal good grammatical hand happy has have heartwarming heavily help helping helps here high holiday holidays hong how huge humanitarian idea imitates impact important impostors improve include increase increased information instance instead interaction intercept intercepting is: item keep kit kit know knowledge known kong korea lacked landscape language last leader leans learn legitimate level libs like likely links list little localized log login look lookalike luckily lunar lures make makes making many match materials meal” meaningful meanwhile media merchandise message messages mfa might mimic misleading more multifactor name native natural naughty nears need new newsworthy nice nobody non nonprofit not note: notification notifications now number numbers offer offers often often ongoing opportunities orchestrating order ordered organization organizations oriented originates others out over package packages page pages part pattern pay people perennial personal personalized phishing phone phony pins play playbook popular popularity popular populations positive potentially predictions pressuring pretend previous previously prime printed problem professional programs promise proofpoint proud provide purchase push put questions: quick quickly ramps reach real receive receptive recipient red reducing refuse regional reimbursement relationships request requests research safe safely safety scam scams scenarios script season seasonal seasons security see send sender sending sensitive set several shelter shipment shipped shipping shopping short should signs similar since situations skills social something source south speaking spin spirit standard started stay steals steer stop strong structure subsequent successful successfully such suggested support supposedly sure surface surged surprised tactics take tap target taught technique techniques technology telephone tests text texts that theft them themed themselves then these they thing those threat through time tis toad too toolkit tools topics toward traffic training travel trend trends trick trickier tricks tried true trust trusted try trying type types typing understand unexpected unlikely unlock unnecessary unsafe unsolicited until unusual upfront ups use used users using vacation validate value verify victim victims vietnam volume waiting want wants warning wary way web website websites week weeks well western what when where whether which who why will winter |
| Tags | Tool Threat Prediction |
| Stories | FedEx |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.