Scan Carefully First, Education Under Threat, AI Phishing Surge
Last week was all about phishing attacks that targeted naive users left, right, and center. Research findings revolved around an upsurge in AI-backed phishing attacks, while experts have noticed phishing QR codes as an emerging threat in the cybersecurity landscape. Meanwhile, India has been experiencing 3,100 phishing attacks per week.
The silver lining in the dark clouds is that a group of students used phishing tactics against their teachers, but with good intentions.
Think twice before scanning that QR code next time!
QR codes have become popular since the advent of the pandemic. They have easily penetrated into our daily lives. But experts suggest using QR codes with extra caution, as phishing actors have started to abuse QR codes for their malicious intentions.
On average, out of 75,000 QR codes, 15% are associated with malicious links. This means a whopping 11,000 QR code-based phishing attempts are being made on a daily basis.
Today, threat actors use multiple strategies and tactics to evade detection and security controls. Some of the common tricks that they use involve QR code shorteners, direct app file downloads, and in-app deep links. These are not the simple QR code scanning-based threat attacks. Rather, the evolution of attack strategies hints at the sophistication, intelligence, and adaptability of the phishing actors.
Cybersecurity experts recommend regular analysis of QR codes on different websites. These can be done with the help of security crawlers and similar security solutions. Also, different QR code detection techniques, such as deep links, standard HTTPS URLs, and Non-URL content, can be used to understand the different types of data stored in QR codes.
The Indian education sector is facing 3,100 threat attacks per week
India has a mind-boggling 950 million active users on the internet. At the same time, the South Asian nation is experiencing a spike in digital crimes. Experts believe that gen AI is further fueling the situation of crisis as more and more threat actors are getting sophisticated with their threat campaigns.
Areport suggests that India is experiencing 3,100 weekly threat attacks, which is 2% higher than last year. The worst-hit sector in India currently is the educational sector. Each academic organization is being targeted as many as 7684 times every week! Apart from the educational sector, business entities and government organizations are also being targeted by threat actors.
The VP of Research at Check Point, Lotem Finkelstein, believes that artificial intelligence is tremendously improving the game for the threat actors. AI not just helps them to boost the volume of the work, but it also enables them to transition from manual processes to high-end automations.
AI-backed phishing attacks spiked in 2025!
Cybersecurity experts have noticed a significant spike in AI-powered phishing attacks that have the ability to bring a paradigm shift in the cyber fraud landscape. Conventional phishing tactics are no longer relevant. So cybercrooks use high-end, sophisticated AI-backed phishing tactics to evade security systems.
The reason for the increased success rate of AI-powered phishing attacks is the deep analysis of the target’s likes and dislikes, online behavior, and other factors. The same data is then leveraged to come up with hyper-personalized emails, voice calls, or text messages. These malicious messages and emails sound legitimate and safe.
Enterprises are required to analyze and upgrade their current cybersecurity mechanisms. From base-level employees to top-level executives, teams must be trained around basic digital hygiene and intricate cybersecurity mechanisms. Deploying apt cybersecurity setups and using AI tools cautiously can also help safeguard your data against AI-backed, sophisticated phishing campaigns.
Cybersecurity experts are urging organizations to strengthen email security by properly implementing DMARC, DKIM, and SPF protocols to combat rising phishing and spoofing attacks worldwide.
Teachers duped by students, but with good intentions!
164 employees of the Eminence Independent School received malicious emails. Each of these emails looked urgent, genuine, and coming from an official source an educational institution based in a rural Kentucky district. The emails consisted of two very short, generic paragraphs that asked the staff to click on a link and acknowledge the latest guidelines.
Out of the 164 recipients, 29 employees fell prey to the trap. When they clicked the allegedly malicious link, they were redirected to a page signed by the school’s students. The page informed employees that they had fallen victim to a malicious email.
The page also stated that these emails were sent to “inform people about the dangers of phishing and ways to avoid losing their personal information.” The page promised the recipients that more information would be shared in the upcoming days.
This was an assignment designed by Jennifer Gilbert, the school librarian, to educate school staff and students about phishing attacks.
Gilbert believes that basic cybersecurity lessons are non-negotiable in today’s time.
