Kaspersky experts have identified a new phishing attack trend where elements of spear phishing are being used in bulk campaigns. Traditional bulk phishing emails target large audiences with generic messages, often rife with typos and simplistic formatting. In contrast, spear phishing involves highly personalised messages including specific details about the target, making them appear more credible.

Spear phishing targets specific individuals or small groups with emails that mimic the style and content of legitimate communications from trusted entities, that are meticulously crafted to avoid detection by security filters, and often contain no technical errors. Mass phishing campaigns meanwhile cast a wide net, sending generalised messages to large lists of email addresses lacking personalisation and often contain mistakes and poor design.

In late 2023, Kaspersky researchers observed a statistical anomaly indicating a blend of spear and mass phishing tactics, with emails detected that were too aggressive for spear phishing, but too sophisticated for mass phishing. In one instance, an HR phishing email addressed the recipient by name and referenced their company, yet the linked phishing form was a generic fake Outlook sign-in, a typical sign of mass phishing.

An HR phishing email message using ghost spoofing: the sender’s name contains the HR team’s email address, lending an air of authenticity to the email

Another campaign employed “ghost spoofing”, where a real corporate email address appeared in the sender’s name without modifying the actual domain. This technique, usually reserved for targeted attacks, was used in mass phishing, adding an air of authenticity, but leading to a generic phishing form upon clicking the link.

The number of mixed phishing emails, March-May, 2024

Between March and May 2024, Kaspersky detected a significant increase in these hybrid phishing emails. This rise indicates that attackers are leveraging advanced technologies to reduce the cost and effort of personalising mass attacks. AI-powered tools can now create convincing email content, fix typos, and enhance design, making these mixed attacks more effective and harder to detect.

“Attackers are increasingly adopting spear phishing methods and technologies in their bulk campaigns, leading to more personalised emails and an expanding range of spoofing technologies and tactics. Despite being mass email campaigns, these attacks present a significant threat. To combat this evolving threat, it is crucial to implement safeguards that keep pace with technological advances and employ a combination of methods and services,” comments Roman Dedenok at Kaspersky.

Read more on Securelist.

To keep your data protected from phishing attacks and leaks, Kaspersky experts recommend:

  • Provide your staff with basic cybersecurity hygiene training. Conduct a simulated phishing attack to ensure that your employees know how to distinguish phishing emails.
  • Use protection solutions for mail servers with anti-phishing capabilities, to decrease the chance of infection through a phishing email. Kaspersky Security for Mail Server prevents your employees and business from being defrauded by socially engineered scams.
  • Use a protection solution for endpoints and mail servers with anti-phishing capabilities, such as Kaspersky Endpoint Security for Business, to decrease the chance of infection through a phishing email. 
  • If using Microsoft 365 cloud service, don’t forget to protect it too. Kaspersky Security for Microsoft Office 365 has dedicated anti-spam and anti-phishing technology as well as protection for SharePoint, Teams and OneDrive apps for secure business communications.
  • Use lightweight, easy-to-manage effective solutions such as Kaspersky Small Office Security to help prevent being locked out of your own computer due to phishing emails or malicious attachments.
  • Finding a dedicated solution for small and medium businesses with simple management and proven protection features; such as Kaspersky Endpoint Security CloudFile Threat Protection, Mail Threat Protection, Network Threat Protection, and Web Threat Protection within the product include technologies that shield users from malware, phishing, and other types of threats.