Cyber Attacks on Gmail Accounts Are Increasing in Sophistication

What Happened?

The Hoxhunt Phishing Trends report, updated this week, reported a 49% increase in phishing attacks capable of evading security filters since 2022. 

While businesses and governments remained the top targets, over one third of the newer more sophisticated phishing attacks were targeted to individuals. 

Pyry Åvist, Hoxhunt’s chief technology officer, said, “AI is being weaponized by threat actors to fuel a new era of social engineering tactics.” The attacks have grown so numerous and sophisticated a recent FBI analysis advised users not to click on anything that is unsolicited.

Why it Matters

Attacks on Gmail accounts can provide hackers with access to Google accounts, which in turn can provide them with a treasure trove of personal identifying information. 

Malicious actors can then use that data to carry out a number of different illicit activities from fraud to theft. According to Dave Winder of Forbes, who is a veteran cyber security analyst, the new phishing attacks are so sophisticated they should really be called hacking attempts. 

Phishing is the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging. What’s changed is that AI programs can give malicious actors the ability to create phishing emails that aren’t only vastly better in quality but also higher in number. 

Cyber criminals can use cheap AI programs to spit out a deluge of highly convincing phishing attacks for little cost. In the past such efforts required sophisticated computer skills and training, but now thanks to AI cyber criminals can let the algorithm do most of that work for them. 

That means the barrier to becoming a cyber criminal has been lowered, and as a result the number of malicious actors has increased.

Gone are the days when phishing emails were easy to spot because of misspellings, incoherent content, or other obvious indicators. The new phishing emails look real and can even appear to come from people you personally know. 

Not only that, new AI programs can clone the voices of friends and family, adding another layer of authenticity to the malicious messages they generate. Cyber attackers use more sophisticated phishing emails along with social engineering to try to manipulate users into opening malicious emails.

Social engineering refers to a practice where the cyber criminal will try to force users to feel like they need to click on a link or open a message, often because that message appears to be from a loved one or friend.

How it Affects You

Millions of people still rely on email to communicate with friends and family, yet the dangers to using email have never been greater.

Cyber security experts recommend that you don’t open any messages that are unsolicited, and that if a message appears to be from a loved one or friend, check with them through other communication means first before clicking on the email.