Cybercriminals keep inventing new techniques and tactics to enhance the effectiveness of phishing attacks and avoid detection. Three novel phishing tactics include attacks that use Google Translate links, image attachments, and special characters. It’s important to examine these tactics closely, learn how cybercriminals use them to evade detection, and take necessary steps to protect against them.
Attacks leveraging Google Translate links
Attackers use the Google Website Translate feature to send Google-hosted URLs embedded in emails that ultimately lead to phishing websites. This type of attack is commonly referred to as “Google Translate phishing” or simply “Translation-Based Phishing” or “Translation Deception Attack.” These attacks are difficult to detect because they contain URLs pointing to a legitimate site, allowing them to bypass many email filtering technologies. Users who click on the URLs are taken to a fake, but authentic-looking website.
Attackers are using translation services to send malicious content by changing benign URLs after delivery, bypassing gateway-based defenses. HTML pages with unsupported languages or poorly formed pages are used to evade translation. Google provides a link back to the original URL when it is unable to translate the underlying website. Users who click on the page are forwarded to the attacker’s website.
Image attachment attacks
Phishing attacks are increasingly using images, without any accompanying text, to deceive victims. These images may contain links or callback phone numbers that lead to phishing sites. On average, an organization receives about two of these emails per month.
Traditional email gateway security is ineffective in detecting image-based phishing attacks, as these attacks don’t contain any text. This lack of text allows attackers to bypass security measures and reach their targets.
“Image phishing” or “phishing by image” attacks have become popular because users are more likely to trust images that appear to come from a legitimate source. These attacks will continue to be a popular tactic for cybercriminals in the future.
Use of special characters in attacks
Special characters, including spaces, punctuation, and non-Latin scripts, are used by hackers to avoid detection. On average, a company receives around four emails each month. It can be challenging to detect such attacks because special characters are also used in legitimate contexts such as email signatures. Machine learning-based email security solutions are the most effective at identifying phishing attempts that use special characters. Attackers use zero-width characters in HTML code to hide their malicious intent.
“Homograph attacks”, or simply “zero-width space attacks”, were initially used in typo-squatting to register look-alike domains with special characters to defraud recipients. However, they have become increasingly popular in email bodies to deceive recipients into believing that they are receiving emails from a legitimate source.
How to protect against these new phishing attacks
- Ensure your email protection scans and blocks malicious links and attachments. Use email protection with machine learning analysis to accurately scan and block malicious links and attachments, based on image context, email subject, and sender stats, to avoid false positives.
- Train your users to identify and report potential attacks. Educate users on emerging phishing attacks through simulated campaigns and teach them to double check before sharing their login credentials.
- Use post-delivery tools to quickly remove malicious emails from all inboxes. Automated incident response and account takeover protection can help prevent attacks from spreading and detect any suspicious activity in case of compromised credentials.
Contact us at Access Tech to review your security posture and how you can further protect your business from phishing attacks.