Financial Spear Phishing Digest

• 86% of phishing campaigns now use AI, with attacks expanding beyond email
• Phishing via calendar invites rose 49%
• Non-email attack vectors increased 41%, highlighting diversified AI-driven tactics

Lazarus Group phishing targets crypto infrastructure with precision lures and layered malware. Key techniques include:

• Fake job offers deliver...

Microsoft Outlook disables inline SVGs to mitigate phishing risks, mapping directly to T1566.001 Spearphishing Attachment and T1203 techniques. This strengthens client-side defenses for organizations handling high-value financial data.

A single crafted email viewed in Outlook Web Access triggers CVE-2026-42897 spoofing, forging sender identity without attachments or clicks.
-...

AI Deepfake Defenses for BEC

• 🔥 FBI Spyhunter's Guide: The FBI Spyhunter's Guide details how attackers combine AI voice cloning, PII scraping,...

Specially crafted emails trigger arbitrary JavaScript execution in Outlook Web Access on unpatched on-premises Exchange servers.

• Technical...

AI deepfakes paired with fake airdrop lures remain the dominant vector, directing victims to fraudulent sites that prompt connection of non-custodial wallets to claim rewards and silently drain credentials.

FBI experts warn that generative AI turns publicly scraped PII into hyper-personalized attacks that impersonate executives and bypass human...

For better protection coverage against email attacks like spear phishing, business email compromise, or credential phishing, organizations should strengthen their defenses.

The modern underground phishing marketplace has transformed from scattered listings into organized ecosystems supplying tools, labor, infrastructure,...

Whaling phishing zeroes in on executives and finance leaders to enable direct wire fraud and BEC, while spear phishing typically starts lower in the...

Unlike generative AI tools that merely draft phishing emails, agentic AI systems can independently identify targets and craft personalized...

North Korean APT37 deploys spear-phishing emails carrying ZIP files for initial access.

• LNK technique: Exploits LNK files in phishing to deliver...

• Automated Threat Response (ATR) now in Barracuda Managed XDR accelerates real-time containment of email threats at the inbox level
• Targets common...

Core AiTM tactic for credential/session hijacking:

• Phishing email lures victim to cloned login page
• Victim enters password, approves MFA
  -...

Ransomware attacks on Indian banks in 2026 leverage AI-generated email fraud, voice cloning, and business impersonation techniques targeting enterprises worldwide.

Detection Method Advances

• 🔥 PhishSigma++ Paper: PhishSigma++ is a malicious email detector using typed entity relations to distinguish...

• Multi-channel attacks: Scammers deploy phishing links, fake texts, spoofed emails, and phone calls to impersonate Robinhood.
• Targets high-value...

Key strategic recommendations from FINRA conference for mitigating supply chain risks in high-value trading:

• Probe vendors on phishing awareness,...

• Target: C-level exec at Europe's top cybersecurity firm, using JP Morgan email lures
• Kit: Kratos Phishing-as-a-Service with 7-stage trust...