The Growing Weakness of SMS Based Security
Financial institutions have long depended on one time passcodes (OTPs) sent via SMS as a primary authentication control for account holders. However, this method is becoming increasingly unreliable as fraudsters exploit SMS verification weaknesses to carry out account takeover and payment fraud schemes. The reliance on OTPs creates a gateway for attacks that compromise user credentials and session data.
Rise of AI Powered Phishing and Human Centric Attacks
Cybercriminals are now using artificial intelligence to craft highly targeted email attacks that bypass traditional defenses. AI does not create entirely new threat types but makes existing attacks more precise and accessible to less skilled actors through tools like FraudGPT and WormGPT. Experts emphasize that attackers target human psychology at scale, blending social, cyber, and psychological tactics to exploit emotion, trust, and urgency within enterprises.
Advanced Phishing Kits and Evolving Countermeasures
A new phishing kit called Astaroth bypasses two factor authentication through session hijacking and real time credential interception from services like Gmail, Yahoo, AOL, and Microsoft 365. Acting as a man in the middle, it captures login credentials, tokens, and session cookies in real time. In response, organizations are adopting broader platform integrations and automation to detect threats across email, browsers, and collaboration tools, as seen with Kaseya’s acquisition of Inky. The healthcare sector remains particularly vulnerable due to supply chain vulnerabilities, legacy systems, and limited budgets, making socially engineered phishing attacks a persistent threat.
Source: Healthcareinfosecurity
