Novel phishing attacks.

Barracuda has published a report looking at three novel phishing tactics being leveraged by cybercriminals. Attackers are using Google Translate links, image attachments, and special characters to evade detection.

Cybercriminals use new measures to avoid detection.

The researchers found that during January 2023 13% of organizations received phishing attacks that abused Google Translate:

“Attackers use the Google Website Translate feature to send Google-hosted URLs embedded in emails that ultimately lead to phishing websites....In this type of attack, the attacker relies on a translation service to deceive the victim and hide the actual malicious URL. Google Translate is the most widely used service, but our security analysts have also seen similar attacks hosted behind other popular search engines as well.”

Additionally, 11% of organizations received phishing emails that simply contained an image attachment, with no text in the actual email. Most of these images displayed an invoice with a URL or phone number for the user to contact manually.

And finally, 15% of organizations in January received phishing emails that utilized special characters to evade detection, including “zero-width Unicode code points, punctuation, non-Latin script, or spaces.”