Low-tech phishing attacks are gaining ground
Cybercriminals are increasingly favoring low-tech, human-centric attacks to bypass email scanning technologies, according to VIPRE Security.
The report is based on an analysis of global real-world data and highlights the most significant email security trends from the first quarter of 2025. Callback phishing
Cybercriminals are taking the sentiment 'work smarter, not harder' to a whole other level with callback phishing scams, a vector that wasn't even part of the equation last year In Q1 2025, it accounts for 16% of phishing attempts.
This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware.
With email scanning technology now adept at spotting compromised links, cybercriminals are resorting to callback scams via emails that leave no trace at all.
SVG files are fast becoming cybercriminals' favoured types of attachments (34%) for phishing attacks, coming a close second to PDF attachments (36%). By embedding the script tag of an SVG file with a malicious URL, attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website. In doing so, they bypass anti-phishing defenses. The US is the most targeted region for such attacks, followed by Europe.
The backdoor-type malware, XRed, was responsible for the most malware attacks in Q1 2025, surpassing the second-most prominent malware family (Lumma) by a factor of three. StealC, AgentTesla, and Redline followed. Cybercriminals shift from HTML to PDF
In Q1 2025, not only were 92% of all emails classified as spam, but 67% of those were categorised as malicious. The US is the leading source of spam emails, generating 57% of all spam sent, and receiving 75% of malicious emails. The UK and Ireland stand at 8% each for sending and receiving bad emails.
HTML attachments took up no more than 12% share of cybercriminals' overall malspam strategy. With heightened awareness about the use of malicious HTML attachments, attackers are looking for less obvious methods, preferring PDFs and SVG files instead.
In Q1, Business Email Compromise (BEC) accounted for 37% of all email scam attacks. 73% of all BEC impersonation cases were instances of the CEO or other C-suite players being imitated. Because of the employee-employer power dynamic, making urgent, unexplained requests may be more plausible coming from higher up the hierarchy, as opposed to from a direct supervisor (9%) or even HR (4%).
The manufacturing sector remains the most targeted sector in the email threat landscape, holding its lead at 36% vis-à-vis the retail and financial sectors, which tie at second place, with each receiving 15% of attackers' attention.
'There's a clear shift in cybercriminals' preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security,' said Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time Business News
2 days ago
- Time Business News
Magento 2 Custom Form Builder: A Developer's Guide to Extendability
Running an eCommerce business means constantly juggling customer data collection with seamless user experiences. Building custom HTML forms for Magento stores has always been a headache—hours of coding, testing, and debugging just to get a simple contact form working properly. Many store owners find themselves torn between hiring expensive developers and settling for basic, generic forms that fail to meet their specific needs. Most eCommerce platforms struggle with form creation because the process is unnecessarily complicated. Store owners need specialized forms for quote requests, manufacturer support inquiries, detailed product questions, and custom registration processes. The old way meant writing complex HTML, adding JavaScript validation, and wrestling with backend integrations. What should take a few hours often stretches into weeks of development time. The Custom Form Builder for Magento 2 completely changes this approach. Instead of treating form creation as a technical nightmare, it transforms the entire process into something anyone can handle—no coding experience required. This isn't some lightweight plugin that breaks when you actually need it. The extension handles everything from Magento Open Source 2.3.x all the way up to 2.4.x, plus Adobe Commerce and Adobe Commerce Cloud versions. Recent testing confirms that it works perfectly with Magento 2.4.7-p1 and PHP 8.3, so there are no concerns about future compatibility issues. The technical foundation is solid—it includes JavaScript-enabled browsers, proper PHP configurations, and sufficient server resources (a minimum of 2GB, although 4GB is recommended for optimal performance). Linux servers run it smoothly, while other operating systems may require minor adjustments. Nothing too complicated, but worth checking before installation. Forget about wrestling with HTML code or trying to figure out form styling. The visual builder enables anyone to create professional forms by simply dragging elements into their desired positions. There are 14 different input types available – text fields, dropdowns, checkboxes, radio buttons, file uploads, date selectors, and more. Each element can be customized, repositioned, and configured without touching a single line of code. The interface generates clean, standards-compliant HTML automatically. This means forms look professional and work consistently across different browsers and devices. No more worrying about broken layouts or compatibility issues. Bot attacks and spam submissions can quickly overwhelm any form system. The Custom Form Builder includes Google reCAPTCHA integration, which blocks automated submissions while maintaining a smooth experience for genuine customers. The security runs in the background—customers barely notice it, but spam bots get stopped cold. Form administrators can toggle security features on or off depending on their specific situation. Some forms may require maximum protection, while others can operate with lighter security settings. The flexibility is there when needed. Customer communication shouldn't require manual intervention for every form submission. The extension automatically handles auto-response emails, sending immediate confirmations to customers while notifying administrators about new submissions. Administrators have extensive control over email settings, including blind copy options, customizable sender configurations, and detailed tracking. The automation reduces manual work while maintaining professional communication standards. Customers receive instant confirmation, and administrators stay informed without the need for constant monitoring. Mobile traffic dominates eCommerce today, so forms that don't work properly on smartphones and tablets are essentially useless. The Custom Form Builder creates responsive forms that automatically adapt to any screen size. Whether customers are using phones, tablets, or desktop computers, the forms maintain their functionality and visual appeal. Cross-browser compatibility extends across all major browsers, eliminating the guesswork about whether forms will work for different user bases. The comprehensive approach means fewer support tickets and happier customers. Experienced developers appreciate clean, extendable code that doesn't fight against customization efforts. The extension's architecture supports additional functionality development while maintaining system stability. The codebase follows Magento standards, making it easy to understand and modify as needed. Third-party theme and extension compatibility rarely requires major adjustments. When minor conflicts do arise, the support team handles issues requiring up to two hours of resolution time. For more complex integrations, paid development support is available for extensive customizations. Creating forms is only half the battle—understanding the data they collect is equally important. The extension captures comprehensive submission information, including referral URLs when enabled. This data provides valuable insights into customer behavior patterns and form performance metrics. Administrative controls cover data retention policies, notification preferences, and confirmation pop-up behaviors. The granular settings ensure forms align with specific business requirements without unnecessary complexity. Setting up forms shouldn't require a computer science degree. The extension generates embedding codes automatically, making it simple to place forms anywhere on the store. Whether forms need to appear on product pages, contact sections, or custom landing pages, the deployment process stays straightforward. Strategic form placement becomes easier when technical barriers disappear. Marketing teams can test different locations and approaches without waiting for developer availability. Hiring developers for custom form creation often costs thousands of dollars and takes weeks to complete. The Custom Form Builder eliminates these expenses while delivering professional results immediately. The pricing includes lifetime source code access, one-year technical support, and compatibility updates—significantly more value than traditional development contracts. Time savings extend beyond initial development. Form modifications that previously required developer involvement can now be handled in-house, reducing ongoing maintenance costs and speeding up response times for business changes. Magento and PHP continue evolving rapidly, making future compatibility a constant concern. The Custom Form Builder maintains regular update schedules that keep pace with platform changes. Recent releases demonstrate a consistent commitment to supporting new versions and security enhancements. The stable release history and comprehensive version support provide confidence for long-term planning. Businesses can invest in form infrastructure, knowing their tools will adapt to future platform requirements without major disruptions. Extensions that work perfectly in testing environments sometimes fail under real-world conditions. The Custom Form Builder has been extensively tested with standard Magento installations across various hosting environments. The development team maintains testing environments that mirror typical store configurations, ensuring compatibility with common setups. Performance optimization focuses on form loading speed and submission processing. Forms remain responsive even during high-traffic periods, maintaining customer experience quality when it matters most. Choosing the right form builder means balancing functionality, ease of use, and technical requirements. The Custom Form Builder addresses common pain points that plague other solutions—limited customization options, poor mobile support, security vulnerabilities, and complex setup processes. The combination of drag-and-drop simplicity with developer-grade features creates a solution that grows with business needs. Small stores can start with basic forms and expand functionality as requirements evolve, while larger operations can implement complex data collection strategies immediately. E-commerce form requirements continue to become more sophisticated as businesses seek deeper customer insights and more personalized experiences. The Custom Form Builder's flexible architecture and regular updates position it well for handling emerging requirements without forcing complete system replacements. For Magento store owners tired of choosing between expensive custom development and inadequate generic solutions, this extension offers a practical middle ground that delivers professional results without the traditional complexity and costs associated with custom development. TIME BUSINESS NEWS
Tom's Guide
4 days ago
- Tom's Guide
It's time to update Chrome — zero-day bug is being exploited in the wild by hackers
Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March and May. As reported by Bleeping Computer, the latest flaw, tracked as CVE-2025-5419, is a high-severity vulnerability caused by an out-of-bounds read and write weakness in the V8 JavaScript and WebAssembly engines in Chrome. It was initially reported on a week ago by members of Google's Threat Analysis group; Google has confirmed that it is being exploited in the wild though the company is not sharing much additional information at the time as they are waiting until more users have had an opportunity to patch their browsers. In the security advisory published on Monday, the company is quoted as stating: 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' This is typical when it comes to active exploits, as it keeps other threat actors from hopping on the band wagon to take advantage of the vulnerability before users are able to update the fix. However, reporting from The HackerNews, says that the flaw involved allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google reports that the issue was mitigated a day after it was reported via a configuration change that was pushed through the Stable Desktop channel across all the Chrome platforms. The zero-day flaw was likewise corrected the same day with updates to Chrome that are rolling out to users in the coming weeks. Chrome does automatically update when new security patches become available, however users can make sure the installation is completed by going to the Chrome menu > Help > About Google Chrome. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Let the update finish then click Relaunch in order to make sure the patch has installed. The update versions are 137.0.7151.68/ .69 for Windows and macOS and version 137.0.7151.68 for Linux. Users of other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply the updates as they become available.
Associated Press
4 days ago
- Associated Press
MESCIUS USA, Inc. Recognized in 2025 ComponentSource Awards
PITTSBURGH, June 3, 2025 /PRNewswire/ -- MESCIUS USA, Inc. (formerly GrapeCity), a global provider of award-winning enterprise software development tools, is pleased to announce that it has been recognized as the 2025 number two publisher and top five publisher by ComponentSource, the world's largest marketplace for software components and development tools. ComponentSource also recognized MESCIUS for its many top-selling products on its annual listing. As the component and tools market expands with increased JavaScript component usage, MESCIUS is pleased to offer high-performing and robust components that allow developers to 'write once, deploy anywhere' across mobile, web, desktop, server, and multiple OS platforms. ActiveReports. NET Professional received a #5 Product Award and a Top 5 Product Award. Spread. NET and ComponentOne Studio Enterprise were each honored with Top 10 Product Awards. ActiveReports .NET Standard and ComponentOne Studio WinForms received a Top 25 Product Award, while SpreadJS and Wijmo earned Top 50 Product Awards. ActiveReportsJS, ComponentOne Studio WPF, and Document Solutions for PDF secured a Top 100 Product Award. Publisher and product rankings are calculated based on ComponentSource's actual sales orders placed by customers globally during 2024. 'As ComponentSource approaches our 30-year anniversary in October 2025, the component and tools market continues its expansion with JavaScript component usage rising dramatically and starting to rival sales of components based on traditional frameworks like .NET, and Blazor/WebAssembly,' said ComponentSource CEO, Sam Patteron. 'We are thrilled to announce the winners of our 2025 Awards, and based on our customer feedback, we are confident that these Awards, along with our online Product Comparison Charts, continue to assist our customers in comparing and choosing the right products for the solutions they are developing. 'The entire MESCIUS team is delighted to continue our longstanding partnership with ComponentSource, which has been instrumental in distributing our .NET and JavaScript grids, UI components, reporting tools, spreadsheet and document APIs, and mobile controls. This collaboration ensures that our global developer community remains well-equipped with superior products and services they have come to expect from us,' stated Joseph R. Lininger, Director of Marketing at MESCIUS (formerly GrapeCity). About ComponentSource ComponentSource is the world's largest marketplace for reusable software components for all platforms. The respected barometer for the component industry, ComponentSource pioneered the open market for reusable software components in 1995 and continues to drive the market through its award-winning e-business model and groundbreaking work to establish the first widely accepted reusable component standard. A global e-business with customers in over 180 countries, ComponentSource is headquartered in Atlanta, GA United States and has offices in Reading, England, Dublin, Ireland and Tokyo, Japan. For more information, please visit About MESCIUS USA, Inc. MESCIUS USA, Inc. is one of the world's largest providers of developer components. The company retains 400 employees and hundreds of thousands of customers worldwide. MESCIUS is committed to providing enterprises around the world with state-of-the-art developer tools and components, software services, and solutions. For more information, visit All product and company names herein may be trademarks of their respective owners. View original content: SOURCE MESCIUS USA, Inc.
