01/09/2025

MONDAY | SEP 1, 2025

LYFE 23 Phishing adopts AI, targets biometrics P HISHING is going through a shift driven by sophisticated artificial intelligence (AI)-powered deception techniques and innovative evasion methods. o Criminals exploit trusted platforms

Kaspersky has detected and blocked over 142 million phishing link clicks in the second quarter of 2025, a 17.1% increase from the first quarter. Cybercriminals are exploiting deepfakes, voice cloning and trusted platforms such as Telegram and Google Translate to steal sensitive data, including biometrics, electronic signatures and handwritten signatures, posing unprecedented risks to individuals and businesses. AI-powered tactics transforming phishing attacks AI has elevated phishing into a highly personalised threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams. AI-driven bots on social media and messaging apps impersonate real users, engaging victims in prolonged conversations to build trust. These bots often fuel romantic or investment scams, luring victims into fake opportunities with AI-generated audio messages or deepfake videos. Attackers also create realistic audio and video deepfake impersonations of trusted figures – colleagues, celebrities or even bank officials – to promote fake giveaways or extract sensitive information. For instance, automated calls mimicking bank security teams use AI-generated voices to trick users into sharing two-factor authentication (2FA) codes, enabling account access or fraudulent transactions. Additionally, AI-powered tools analyse public data from social media or corporate websites to launch targeted attacks, such as HR-themed emails or fake calls referencing personal details. Employing new tactics to bypass detection Phishers are deploying sophisticated methods to gain trust, exploiting legitimate services to prolong their campaigns. For instance, Telegram’s Telegraph

An example of a phishing email created with DeepSeek (left) and a sample of a phishing website created with AI.

to businesses. “The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users. Attackers are no longer satisfied with stealing passwords – they are targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences. By exploiting trusted platforms such as Telegram and Google Translate, and co-opting tools like Captcha, attackers are outpacing traditional defenses. Users must stay increasingly skeptical and proactive to avoid falling victim,” said Kaspersky security expert Olga Altukhova. Earlier this year, Kaspersky detected a sophisticated targeted phishing campaign which was dubbed Operation ForumTroll, as attackers sent personalised phishing emails inviting recipients to the “Primakov Readings” forum. These lures targeted media outlets, educational institutions and government organisations in Russia. After clicking on the link in the email, no additional action was needed to compromise their systems: the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome. The malicious links were extremely short-lived to evade detection and in most cases ultimately redirected to the legitimate website for

platform, a tool to publish long texts, is used to host phishing content. Google Translate’s page translation feature generates links that look like https://site-to translate-com.translate.goog/... and are used by attackers to bypass security solutions’ filters. Attackers now also integrate Captcha, a common anti-bot mechanism, into phishing sites before directing users to the malicious page itself. By using Captcha, these fraudulent pages deflect anti-phishing algorithms, as the presence of Captcha is often associated with trusted platforms, lowering the likelihood of detection. biometrics, signatures The focus has shifted from passwords to immutable data. Attackers target biometric data through fraudulent sites that request smartphone camera access under pretexts such as account verification, capturing facial or other biometric identifiers that cannot be changed. These are used for unauthorised access to sensitive accounts or sold on the dark web. Similarly, electronic and handwritten signatures, critical for legal and financial transactions, are stolen via phishing campaigns impersonating platforms such as DocuSign or prompting users to upload signatures to fraudulent sites, posing significant reputational and financial risks From logins, passwords to

Phishing is aimed at obtaining sensitive information. – 123RFPIC

“Primakov Readings” once the exploit was taken down.

To

protect

yourself

from

phishing 0 Verify unsolicited messages, calls or links, even if they appear legitimate. Never share 2FA codes. 0 Scrutinise videos for unnatural movements or overly generous offers, which may indicate deepfakes. 0 Deny camera access requests from unverified sites and avoid uploading signatures to unknown platforms. 0 Limit sharing sensitive details online, such as document photos or sensitive work information. 0 Use cybersecurity products to block phishing attempts.

A phishing page mimicking an Office document hosted on Telegraph (left) and an example of a phishing page hidden behind a URL provided by Google Translate.