According to Kaspersky’s expert, these scams prove to be very efficient, as people continue to rely too much on what they see in their inboxes and browsers.
Throughout 2021, cyber fraudsters involved in creating and distributing spam and phishing attempted to lure users using themes that focused on lucrative investments, online streaming of world premieres of movies or TV series, and pandemic-related issues, such as restrictions, requirements and benefits. These are the main results of the Annual Spam and Phishing Report published by Kaspersky.
Although not overly complex in terms of technology, spam and phishing attacks often rely on sophisticated social engineering techniques. That is why such attacks are considered very dangerous for an unprepared user. Spam is a type of malicious activity that involves mass or targeted email distributions. The goal of the scammers behind these schemes is to promote some products and services to Internet users and entice their targets to engage in a dialogue, click on a malicious link, or open a malicious attachment. Phishing often takes the form of a spam email that is accompanied by a malicious copy of a legitimate website. These copies collect users’ private data or induce fraudsters to transfer money. As the results of the 2021 Annual Spam and Phishing Report published by Kaspersky show, cybercriminals used many popular themes to scam users last year.
Investments in cryptocurrencies or stocks were one of those topics: in these scams, users were offered potentially excellent and “100% safe” opportunities to invest their money, which of course was not true. In reality, these offers had only one purpose: to get the victims to transfer their money to the scammers.
Scams based on world premieres of movies, also detected by Kaspersky experts, were somewhat similar, but in this case, the criminals offered early access to the streaming of a recently released blockbuster. Users are typically shown a trailer or introductory video, after which they are prompted to enter their payment details to continue viewing. Of course, if the victim pays, she will not have access to the desired content, but will lose her money. The ruse remained quite popular in 2021; According to the observations of Kaspersky experts, almost every major movie or TV series release of the year, along with major sports broadcasts, was accompanied by the appearance of thematic scams like this one. The other big topic exploited by phishing scammers in 2021 was the pandemic. Here, criminals created scams around two big themes: compensation from governments and health organizations, as well as access to vaccination certificates.
In the first case, victims were “informed” that they had been awarded compensation from their government’s pandemic-related support program, but to get the compensation, the victim would have to pay a small transaction fee. Of course, these offers were not true and criminals used them to obtain money and bank details.
The other type of phishing and spam scam related to the pandemic is related to the sale of vaccination certificates. Victims were offered a vaccination certificate, which would allow them to access public spaces and travel without having to go through the vaccination procedure. While some underground forums did indeed offer these services, nothing prevented criminals from making false promises in exchange for money. As obtaining a vaccination certificate without having been vaccinated is illegal, it is very unlikely that the victim of such a scam will report it to the police. And this is what the criminals who employ these scams expect.
Frequently throughout 2021, Kaspersky experts have seen how scammers have used pandemic-related scams in an attempt to gain access to a network of corporations. In these cases, the content of a spam or phishing email would inform employees of the targeted organization that they are subject to specific pandemic compensation. However, to receive it, the victim must confirm her corporate account on a specific web page. If successful, this process allows criminals to gain access to corporate infrastructure and credentials.
“Widely popular topics like money, movie releases, and world events like the pandemic, have always been ‘daily bread’ for scammers. We keep seeing it come back year after year and it doesn’t look like the criminals are going to stop anytime soon. This is mainly because these scams prove to be very efficient as people continue to rely too much on what they see in their mailboxes and browsers. We think it’s important to note that there are many offers that seem ‘too good to be true’. We call on people to be cautious when it comes to trusting what’s in their email, as this approach can help keep their data and money private,” said Tatyana Shcherbakova, security expert at Kaspersky.
To avoid falling victim to spam or phishing-based scams, Kaspersky experts recommend the following:
- Only open emails and click on links if you are sure you can trust the sender.
- When a sender is legitimate but the content of the message seems strange, it is worth checking with the sender through an alternative communication channel.
- Check the spelling of a website URL if you suspect you are facing a phishing page. If so, the URL may contain errors that are hard to spot at first glance, such as a “1” instead of an “I” or a “0” instead of an “O.”
- Use a proven security solution when browsing the web. Thanks to access to international sources of threat intelligence, they are able to detect and block spam and phishing campaigns.