As cybercriminals work to make phishing attacks more effective, they are continually introducing new techniques and tactics to try to trick victims, bypass security, and avoid detection.
After analyzing data on phishing emails blocked by Barracuda systems during the month of January 2023, Barracuda researchers identified three novel phishing tactics being used by cybercriminals: attacks leveraging Google Translate links, image attachment attacks, and use of special characters in attacks.
While the volume of these attacks is very low — each attack making up less than 1% of phishing attacks detected by Barracuda’s machine learning classifiers — they are widespread, each impacting 11% to 15% of organizations. So, the chances are good that many organizations will run into one of these malicious messages before the end of the year.
What’s important to note is that gateway-based systems provide little to no protection against these types of attacks and would require a lot of tuning and control-based rules to protect customers. These attacks are more dynamic in their nature, where the payload can change upon delivery, as we see prominently in attacks utilizing the Google Translate service.
Let’s take a closer look at these three new tactics, how cybercriminals are using them to evade detection, and what you can do to protect against these types of attacks.
Attacks leveraging Google Translate links
Our researchers are seeing an increasing number of email attacks that use Google Translate services to hide malicious URLs. While only 0.7% of phishing attacks detected by Barracuda’s machine learning classifiers leveraged Google Translate links, 13% of organizations received this type of phishing email. On average, an organization receives roughly 8 of these emails per month.
