Knowing that many security systems scan links within emails to determine if they’re hacking, hackers often embed phishing links within clean attachments. As there is no malware in the attachment, the message won’t trigger ‘sandboxing’ technologies; and because there’s no link to scan in the content of the email, it will bypass traditional filters.
Hackers have become so sophisticated, they’re even capable of creating attacks that cannot be seen, including:
– The use of multiple re-directions or dynamic re-directions with multiple paths. In other words, each time you click on a link, you’ll be taken down a different path to the ultimate destination page
– Mobile-specific attacks where the content is designed to display only when accessed from mobile devices, meaning if you open the same message on your desktop and your phone, you will see different content.
– Geo-specific attacks where the content is designed to display only when accessed from the target location and attempts to access from other locations might lead to blank pages, or perfectly valid pages. It could also display a specific content from a relevant brand depending on the country.
– Attacks that can identify whether the page is being opened by a browser or automated engine and only displays malicious content when opened by humans.
Don’t think hackers are just limited to these techniques: they are becoming even smarter as each day passes, meaning they’re increasingly capable of bypassing human intelligence. AI and humans can’t get the job done as separate entities. Rather, they need to work together to make sure businesses, and their employees, are safe and secure. The organisations that augment human intelligence with artificial intelligence will be the ones least likely to fall victim to these attacks.