Criminal threat actors are taking advantage of the fear and uncertainty surrounding the conflict in the Middle East, according to researchers at Bitdefender. The researchers observed a 130% spike in phishing emails targeting Gulf countries following the first US-Israeli strikes on Iran on February 28th.
“After Feb. 28, phishing and malware emails targeting Gulf countries surged and stayed elevated,” the researchers write. “Within days, activity doubled, and at peak reached nearly four times the baseline levels, signaling a sustained and coordinated spike rather than a one-off campaign. This clearly suggests that phishing and malware delivery campaigns are being deployed and adjusted in real time, with attackers capitalizing on heightened regional sensitivity and business disruptions.”
While state-sponsored threat actors are conducting phishing campaigns in the region, Bitdefender believes much of this surge is driven by financially motivated attackers. Criminals frequently exploit world events to launch social engineering attacks designed to make people act quickly. In this case, many of the attacks are using business-themed lures such as invoices, contracts, banking documents, and delivery notifications, which take advantage of shipping disruptions across the region.
Bitdefender outlines the following best practices to help users avoid falling for social engineering attacks:
- Careful with unexpected attachments. Even if an email looks business-related (invoice, contract, shipment), treat attachments with suspicion, especially if you weren’t expecting them. When in doubt, confirm with the sender through a separate, trusted channel.
- Don’t trust file types at face value. Not all threats come as obvious .exe files. In these campaigns, malware was hidden in formats like .eml, .jar, .rar, and .hta. If you’re not sure what a file does, don’t open it.
- Avoid opening compressed archives from unknown sources. Files delivered in .zip or .rar archives are commonly used to bypass filters and hide malicious payloads. These should always raise an extra layer of caution.
- Watch for urgency and pressure tactics. Messages that push you to act quickly (verify an account, release a payment, review a document ‘immediately’) are designed to override your judgment. Take a moment to verify before clicking anything.
- Check links before clicking. Hover over buttons or links to inspect the actual destination. If the domain looks unfamiliar, misspelled, or unrelated to the supposed sender, don’t proceed.
- Verify financial and legal requests independently. If an email involves money, contracts, or sensitive data, confirm it through official channels: call the company, use a known contact, or log in to your account directly instead of using email links.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
