文章指出网络钓鱼仍是全球主要网络安全威胁之一,涉及财务损失、数据泄露等风险。随着AI技术的应用,钓鱼攻击更具欺骗性且目标广泛。实时反钓鱼解决方案结合AI和机器学习可有效识别未知威胁。加强员工安全意识也是防御关键。 2025-3-20 13:0:0 Author: feeds.fortinet.com(查看原文) 阅读量:26 收藏
Phishing remains one of the most prevalent cybersecurity threats worldwide, posing risks such as financial loss, data theft, reputational harm, and malware deployment. As phishing tactics grow more sophisticated, attackers are also expanding their targets across various platforms and services. The use of AI has further refined these techniques, making phishing attempts more deceptive and harder to detect. Attackers increasingly use personalized messages and convincing fake websites to evade traditional security measures, making detection more difficult for security teams.
Organizations must strengthen their defenses to keep pace with the rapidly evolving threat landscape. While traditional defenses like email filters and blacklists can block known threats, they are less effective against emerging and AI-driven phishing attacks. Real-time anti-phishing (RTAP) solutions help address this challenge by using AI and machine learning to identify and mitigate both large-scale phishing campaigns and highly targeted spear-phishing attacks as they occur.
According to the 2024 Verizon DBIR report, the median time for a user to fall prey to a phishing email is less than 60 seconds.[1]
Data-Driven Insights: A Closer Look at Recent Phishing Trends
Over the past several weeks, threat data gathered by FortiGuard Labs reveals critical insights into the nature of phishing campaigns and the primary targets. These insights provide a snapshot of how cybercriminals are evolving their tactics to reach unsuspecting users.
1. Facebook is a Consistent Target: Our recent monitoring of phishing attacks has shown Facebook to a top target for phishing emails. Its widespread use and abundant personal information associated with accounts make it appealing to cybercriminals seeking to steal login credentials or exploit user data. Many phishing websites attempt to deceive users by claiming their account has been disabled or requires verification.
2. Roblox Targeting: In mid-February, a spike in phishing attempts targeted Roblox, a popular gaming platform among younger users. Phishing emails appeared disguised as account alerts or prize notifications, prompting victims to click on malicious links or provide sensitive or personal details.
3. Broad Targeting the End of January: The final days of January saw a broad range of platforms targeted by phishing attempts. These included:
o Telegram: A widely used and encrypted messaging app.
o Ionos: A Germany-based email, hosting, and cloud services provider.
o Coinbase: A popular cryptocurrency exchange.
o PayPal: A worldwide used online payment system.
o Lazada: An e-commerce platform operating primarily in Southeast Asia.
o iTrust: A cryptocurrency platform.
o Vkontakte: A Russian social media platform.
AI-powered Real-Time Anti-Phishing from FortiGuard Labs
FortiGuard Labs provides an advanced RTAP service as part of our FortiSandbox Advanced AI Subscription Bundle. This service provides comprehensive and proactive protection against phishing emails and other cyber threats.
The RTAP solution built into FortiSandbox uses a variety of techniques to identify and block phishing emails, including:
- Machine learning. Machine learning algorithms are used to identify patterns in phishing emails that are not easily detected by traditional techniques
- URL reputation. This technique checks the reputation of a URL embedded in an email against a list of known phishing URLs.
- Content analysis. RTAP analyzes email content for keywords or phrases commonly used in phishing emails.
RTAP from FortiGuard Labs ensures that even previously unseen and unknown phishing attempts—which may not be recognized by traditional security systems—are detected and blocked.
Employee Awareness: A Strategic Tool Against Phishing
Human error remains one of the primary reasons phishing attacks succeed, making employee awareness and education essential for defense. Training staff to recognize and report phishing attempts can significantly reduce an organization’s risk. A well-informed workforce serves as the first line of defense against today’s increasingly sophisticated phishing tactics. The 2024 Verizon DBIR highlights this challenge, revealing that 68% of all breaches involved a non-malicious human factor—either through social engineering or unintentional mistakes.[1]
Fortinet’s FortiPhish and FortiSAT empower organizations to strengthen their human firewall. FortiPhish provides phishing simulation and awareness training, while FortiSAT provides critical security awareness training to create a cyber-aware workforce. Implementing these proactive training tools will enhance employee awareness, bolster technical defenses, and reduce the risk of successful phishing attacks.
Staying Ahead of Evolving Phishing Threats
As phishing attacks grow more sophisticated, real-time, adaptive cybersecurity solutions are crucial for effective defense. FortiGuard’s advanced anti-phishing capabilities, powered by AI and machine learning, provide continuous protection by detecting and neutralizing new phishing techniques as they emerge. With RTAP’s real-time threat response, FortiGuard helps businesses and individuals safeguard their digital environments to reduce risk and stay ahead of cybercriminals.
IOCs
Phishing Sites
[facebook]
case-id-10012125556[.]vercel[.]app
policy-violation-10002321704[.]github[.]io
[roblox]
robux-generator---cpa[.]firebaseapp[.]com
rbxodi[.]blogspot[.]com
[telegram]
www[.]telegramtgtg[.]com
www[.]91gsh[.]com
[ionos]
67a34b6bfc0d210a820d0cf5--brilliant-mermaid-bad0bd[.]netlify[.]app
gworldhomes[.]com/ionos-ag/ionos-es/login/login[.]php
[coinbase]
000414-coinbase[.]com
coinbsphnnumbe[.]gitbook[.]io/us
[paypal]
paypalloginonline[.]blogspot[.]com
niemalssoeder[.]de/c/index/myaccount
[vkontakte]
uncloabatles[.]ru/votes/7838610
vim[.]vimeo18[.]ru/votes/3818905
如有侵权请联系:admin#unsafe.sh