Kaspersky Finds New Phishing Scheme That Combines Spear Phishing Tactics

Illustration of APT attacks (photo: Kaspersky)

JAKARTA - Cybersecurity expert Kaspersky has identified a new phishing attack trend in which phishing spear elements are used in mass campaigns.

If traditional mass phishing emails typically target a wide audience with a common message, and there are many typos, on the other hand, spear phishing involves highly personalized messages including specific details about the target, making it appear more credible.

Kaspersky has admitted to having observed this phishing anomaly since late 2023. Later at the end of March and May 2024, Kaspersky detected a significant increase in this hybrid phishing email.

"There are more and more attackers who adopt phishing scamming methods and technologies in their mass campaigns, resulting in more personalized emails and increasingly diverse technology and spoiling tactics," said Roman Dedenok of Kaspersky.

In one example, HR's phishing email addresses the recipient by name and references their company, but the phishing form linked is a common fake Outlook login, which is a signature of mass phishing.

This improvement shows that attackers use advanced technology to reduce costs and efforts to personalize mass attacks.

Kaspersky also mentioned that AI-backed tools can now create convincing email content, correct typos, and perfect designs, making these mixed attacks more effective and harder to detect.

Despite being a mass email campaign, this attack presents a significant threat. To counter this growing threat, it is very important to implement protection that is in line with technological advances that combine methods and services," he added.