It’s no secret that cybercriminals leverage current events and holidays to mask their phishing attempts, create urgency, and improve their chances of a successful attack. While many security and IT teams anticipated a flood of Amazon Prime Day-themed phishing attempts this week, the escalated war in Israel has birthed a new phishing threat.
Cybercriminals are always quick to leverage war, conflict, natural disasters, or humanitarian efforts to launch phishing attempts for a few different reasons:
- Because they are top of mind in news headlines and social media, it creates familiarity.
- As events rapidly unfold, people, eager to stay updated, may inadvertently let their guard down.
- When natural or manufactured disasters occur, most people are looking for ways to help those impacted.
These, among other factors, create the recipe for a highly successful social engineering attack. And with the rise of generative AI, crafting convincing, crisis-based social engineering attacks is becoming easier and more scalable.
Unfortunately, similar to how we saw an increase in phishing emails at the onset of the war with Russia and Ukraine, we should expect to see a flood of phishing attempts focused on the recent war in Israel.
How to Protect Yourself
In our efforts to support those affected by these malicious attacks, it is imperative that we remain vigilant and adhere to the best practices of email security. Alongside this, it is vital to consider the overall context and relevance of the email, while implementing tried and true methods such as verifying display names and email addresses, comparing the sender's domain with that of the company, and exercising caution when faced with unusual or urgent requests. If you have any doubt regarding the email's authenticity, DO NOT click on any links or call any numbers provided in the email. Instead, forward the email to your IT/Security team for analysis.
Even if an email appears to be from a known company or individual, trust your instincts. Reach out to the sender through a separate, reliable contact method to verify the message. Remember, prioritizing caution and safety is always preferable to regretting the consequences.
If you suspect a phishing attempt, report it to your IT/Security administrator. This not only protects you and your organization but safeguards your colleagues who might have received a similar email. It is better to err on the side of caution.
As the events continue to unfold, we will keep everyone updated.
October 9, 2023