The emergence of generative AI offers cybercriminals a new prowess as the technology allows them to create convincing phishing messages and gain access to corporate networks. According to a report, nearly 75,000 financial phishing attempts targeting Indian financial companies were detected last year, with 25% of them happening due to human error.
According to the global cybersecurity firm Kaspersky. The figures reflect that phishing attacks struck across email, websites, messaging apps and social media are now sophisticated enough to convince users into clicking malicious links.
What is phishing
‘Financial phishing’ is a type of phishing which refers to fraudulent resources related to banking, payment systems and digital shops. In this type of scam, hackers send convincing messages to people, prompting them to click malicious links and gain control of their systems.“Financial phishing messages usually take the form of fake notifications from banks, providers, e-pay systems and other organisations. The notification will try to encourage a recipient, for one reason or another, to urgently enter/update their personal data,” said Jaydeep Singh, General Manager for South Asia at Kaspersky.
Scammers also pretend to be a person or organisation the users trust, which makes it easy for them to fool people, infect the victim with malware and steal their information.
“The scammers usually use the fear technique to convince the users to share their confidential financial and personal data by providing a seemingly important reason. Such messages usually contain threats to block an account if a recipient does not fulfil the requirements therein,” Singh added.
Human error responsible for a fourth of phishing attacks
The cybersecurity company said that its study suggests that one in four (24%) cyber incidents against businesses in India were due to employees intentionally violating security protocol.
While tools can address human error, they are not a complete solution. Effective defence requires a multi-faceted approach: employee education, skills development, and improved systems for detecting and responding to cyberattacks.