Phishing 2.0 - Robin Just Became Batman
Updated: Oct 14, 2022
Phishing? War? Tom Cruise? How are these all connected?
Hey, everyone! It’s Roby from CYBR. Since I was a kid, I’ve always been interested in technology and innovation: keeping up with the times and the needs of individuals by adapting something from its initial design into something new and useful. Cars, computers, cameras – even sliced bread – are all examples of people innovating something.
Ok, great… but what about things that aren’t meant for people to profit from or enjoy – phishing, for example? Do they also need innovation? The answer is almost always YES. Phishing has been around for many years now, and with the development of Web 2.0, phishing attempts have spiked.
Vishing and SoMe Cyber Attacks
The most prevalent form of phishing today is still by email: an attacker impersonates a person or institution and attempts to get you to share either your money or your information. However, attempts at vishing (phishing by calling the victim), smishing (SMS phishing), and social media phishing have also increased significantly in the last few years.
What are deepfakes, and why are they so dangerous? Deepfakes are a way of digitally impersonating someone by copying certain aspects of that person: either their facial features, voice, or both.
Have you ever heard the saying “I’ll believe it when I see it”? Humans have five basic ways they perceive something with a high degree of certainty: seeing, touching, hearing, tasting, and smelling. Many times, two or more of these senses work together to amplify an experience.
"I'll believe it when i see it"
The Dangers of Deep Fakes
1. Taking advantage
The first reason deepfakes are so dangerous is that they take advantage of one or more of these usually very trustworthy senses. For example, when someone sends a deepfake video, the victim’s sight and hearing are both deceived. Or when a vishing attack occurs, the victim is absolutely convinced that the person on the other end of the line is whoever the attacker is impersonating, and the victim is caught off-guard.
2. Easy to create
The second reason deepfakes are so dangerous is that they are extremely easy to create, to the point where you only need a smartphone to create a simple deepfake video or voice audio.
What’s more, you don’t need to be an experienced hacker to take advantage of this technology, even “script kiddies” can now launch successful phishing attacks using deepfake technology.
The reason I mentioned Tom Cruise at the beginning of this article is that in early 2021, a number of videos featuring what seemed to be Tom Cruise started popping up on the internet. In case you haven’t seen any of them, take a look here:
The future of Phishing
Let’s wrap this up by making two things clear:
1. Improve your ability to ability to spot phishing
First, at the moment, deepfakes (especially ones that have been created using free software) are pretty easy to spot, especially videos. Improving your ability to spot and report phishing is a great way to stay ahead of the hackers. CYBR recommends a combination of Teach AI for security awareness training and Breach AI attack simulations to put your training to the test!
2. Hackers stay innovating - through tech advancements
Second – if you watched the Tom Cruise video and thought to yourself, “this is kinda scary,” well, buckle up because it’s only going to get worse: this technology is going to get better and more accessible. That means that the versions you can access for free are also going to get much better than they are today.
The sooner we understand that deepfakes are the future of phishing, the better we can prepare for it.
Read more about transforming human error into human cyber defence or learn more about why you should never reuse the same password.