Phishing and social engineering attacks remain the most common initial attack vector for cyberattacks, according to the ENISA, the European Union’s cybersecurity agency. ENISA says the power behind phishing attacks has been bolstered by the wider availability of AI systems.

ENISA warns of technological advancements exacerbating phishing attacks (Photo by rafapress/Shutterstock)

The organisation is highlighting the threat posed by phishing – where attackers attempt to trick a victim into downloading malware or giving up valuable personal information – as part of European cybersecurity month, a campaign which runs throughout October.

An increasing availability of detailed behavioural data online is a major driving force behind this issue, ENISA says, with social media phishing attacks posing a growing threat to businesses. Security company Trend Micro explains that information gleaned by hackers from social media can include login credentials, credit card information, and personal information that can then be used to launch scams and attacks.

Emerging technologies are adding to the problem. ENISA says that “the use of AI and automation by machine learning allows attackers to analyse user behaviour and launch targeted attacks.”

According to a report by IT support company AAG, an estimated 3.4 billion phishing spam emails are sent per day, and 83% of UK businesses that suffered cyberattacks last year reported that phishing was the mode of entry for the perpetrators

“Scammers are getting more creative in their ways of attacking individuals and organisations,” says Thierry Breton, commissioner for internal market. “It is therefore essential to stay alert with new technology and to take our online safety very seriously. Cyber threats are evolving at a rapid pace and citizens’ behaviour can play a fundamental role in how we stay cyber secure – it is our shared responsibility.”

Juhan Lepassaar, ENISA’s executive director, said that people need greater of how phishing attacks work to stay safe online. “Explaining how social engineering works in practice, creates awareness of potential traps,” he said.

The campaign this month will draw the attention of users of all ages to the different social engineering techniques used by attackers against them and enable them to exercise caution. Activities and information will be provided to help them get familiar with the various ways in which they can be tricked by cyber criminals. They will also learn how to identify and spot potential scams. 

Margaritis Schinas, EU vice-president for promoting our European way of life, said: “The European Cybersecurity Month aims to raise our cybersecurity awareness and get us up to speed with cyber threats.” She added: “It reminds us that we can easily step up our own cybersecurity by getting into some good digital habits.”

Read more: AI will extend the scale and sophistication of cybercrime