Blogroll

Monday, August 25, 2025

Home » , , , , , » Copy of Phishing 2.0 Hackers Are Now Targeting AI Defenses

Copy of Phishing 2.0 Hackers Are Now Targeting AI Defenses

No comments

 



Phishing has always preyed on people — but now it’s evolving to exploit machines too.

A new campaign doesn’t just trick users into handing over Gmail credentials. It also hides prompt injections inside emails, designed to confuse AI-based security tools.

This is a shift in cybercrime strategy that every security leader should pay attention to.

The Human Trap

The phishing email subject line read: “Login Expiry Notice 8/20/2025 4:56:21 p.m.”

It warned the user their Gmail password was about to expire and urged them to confirm credentials.

Classic social engineering: urgency, official branding, and fear of account lockout.

The Machine Trap

Hidden in the email’s source code was something unusual — AI-style prompts.

These instructions weren’t meant for the victim, but for the AI-powered defenses many Security Operations Centers (SOCs) use.

The goal? Distract detection models into reasoning loops or irrelevant analysis so the phishing email slips past automated triage.

This is prompt injection weaponized for phishing.

Delivery Chain Sophistication

The attackers layered multiple evasion techniques:

  • SendGrid origin → Passed SPF and DKIM, failed DMARC but still landed in inboxes.

  • Microsoft Dynamics redirect → Gave the first hop credibility.

  • Captcha wall → Blocked crawlers and sandboxes.

  • Obfuscated Gmail login page → Harvested credentials.

  • GeoIP request & beacon → Profiled real victims vs. bots.

Each step was designed to evade both human suspicion and automated analysis.

Possible Attribution

Clues suggest a South Asian nexus:

  • WHOIS data from attacker domain pointed to Pakistan.

  • Beacon URLs contained Hindi/Urdu words.

Not definitive, but important context.

Why This Matters

This campaign signals a turning point. Phishing is no longer just a social engineering battle against humans. It’s now also an adversarial battle against AI.

Defenders must:

  • Harden AI tools against prompt injection.

  • Combine automation with human-in-the-loop oversight.

  • Assume attackers are AI-aware and building for bypass.

Closing Line

Phishing is evolving. If your defenses aren’t adapting too, you’re already behind.


Share:

0 comments:

Post a Comment

Search This Blog
Powered by Blogger.

Cisco Issues Critical Warning for Nexus Switches: IS-IS Flaw Could Trigger Network Outages

Cisco has published a high-severity security advisory warning customers about a newly discovered flaw in its Nexus 3000 and 9000 Series swi...

BTemplates.com

Blog Archive

BTemplates.com