Phishing attacks increase by more than 100 percent

Phishing attack volumes increased by 102 percent in the first quarter of 2023 according to a new report from email security and threat detection company Vade.

In the first quarter of this year Vade detected 562.4 million phishing emails, passing the previous quarter's total by 284.8 million. January accounted for the highest volume of phishing emails in Q1 with 488.5 million.

Malware volumes declined though, falling seven percent over the previous quarter and accounting for 52.3 million emails, a 13 percent decrease from the same period last year.

Phishing attacks are targeting productivity suites with new techniques. These include a campaign spoofing Microsoft 365 and using legitimate YouTube attribution links and a Cloudflare CAPTCHA to evade detection.

In March, Vade also detected a new phishing campaign that combines several sophisticated techniques to compromise victims’ cryptocurrency wallets. This includes exploiting Google Translate to bypass detection from email security tools, using JavaScript and CSS to obfuscate phishing pages, and leveraging Interplanetary File System (IPFS) Decentralized Network to host a phishing kit. The attack starts with an email impersonating Wallet Connect, an application for connecting mobile cryptocurrency wallets to decentralized applications.

The attack is made harder to detect because the second node, which displays the phishing page, hides the Google Translate top bar content using CSS properties. This technique makes the phishing page more convincing for victims who are suspicious of seeing the Google Translate top bar.

You can find out more details on the latest attacks on the Vade blog.

Image credit: weerapat/depositphotos.com