Increase in AI-Powered Phishing and Quishing Attacks Highlighted in Netcraft Report

ByAdmin

Netcraft has published research indicating a concerning rise in advanced phishing, quishing, and impersonation attacks driven by artificial intelligence, highlighting various cyber threat trends anticipated for 2025. The findings reveal a notable increase in impersonation attacks targeting both consumers and brands, facilitated by AI tools and emerging cybercrime-as-a-service models. According to the research, large language models (LLMs) are inadvertently aiding cyber criminals by generating and recommending phishing sites in response to natural language queries. Netcraft discovered that 34% of 131 hostnames suggested by AI models for 50 major brands were not under brand control, significantly raising the risk that users might unknowingly trust fraudulent websites identified as legitimate by conversational AI systems. The implications of these AI-generated errors are profound, as users who believe they are receiving verified site recommendations may be more inclined to visit and interact with malicious sites.

Additionally, Netcraft found that threat actors are employing search engine optimisation (SEO) tactics to “poison” search results. By creating convincing lookalike sites and exploiting compromised websites, cyber criminals manipulate search algorithms to promote malicious links while evading traditional brand protection solutions. Researchers highlighted Hacklink, a platform that sells access to thousands of compromised sites for injecting malicious code. This strategy enables cybercriminals to enhance the ranking of fake sites in search results, complicating the ability of potential victims to distinguish between genuine and fraudulent online destinations. The report also notes a rise in “quishing” attacks, which utilise QR codes to direct victims to phishing sites, taking advantage of users’ tendency to trust QR codes. Furthermore, Netcraft recorded a surge in toll text and Department of Motor Vehicles (DMV) scams, particularly in the United States, with URLs targeting users in certain states increasing by over 200% in a two-week period. These scams employ “smishing”—fraudulent SMS messages—encouraging recipients to click on links claiming issues with toll payments or DMV balances. The proliferation of these scams is attributed to their affordability and the relative ease of targeting large numbers of individuals via text messages. Lastly, the report identifies the emergence of impersonation-as-a-service tools that expedite brand spoofing, allowing attackers to rapidly clone company websites. 

Categories: AI-Powered Phishing, Search Engine Manipulation, Quishing Attacks 

Tags: Phishing, Quishing, Impersonation, Artificial Intelligence, Cybercrime-as-a-Service, Search Engine Optimisation, Brand Spoofing, QR Codes, Smishing, Toll Text Scams 

Leave a Reply

Your email address will not be published. Required fields are marked *