Cyber-fraudsters involved in the creation and distribution of spam and phishing leveraged a host of topics including lucrative investments, online streaming of global movie or TV premieres and themes related to the ongoing pandemic to lure users in 2021, according to Kaspersky’s annual spam and phishing report.
“While not being too complex technology-wise, spam and phishing attacks are often based on sophisticated social engineering techniques. That is why such attacks are considered quite dangerous for an unprepared user,” it said.
Cryptocurrency investment
Spam is a type of malicious activity that involves massive or targeted email distributions. The aim behind such schemes is for fraudsters to promote various products and services among internet users and to lure targets to either engage in a dialogue, click a malicious link or open a malicious file attachment.
“Phishing often takes the form of a spam email paired with a malicious copy of a legitimate website. These copies collect private user data or encourage the transfer of money to fraudsters. As the results of the Kaspersky Spam and Phishing in 2021 report shows, last year cybercriminals used many popular topics to scam users,” it explained.
One of these topics was related to investments in cryptocurrencies or stocks. As part of such scams, users were offered potentially great, “100 per cent safe” opportunities to invest their money, which wasn’t true. In reality these offerings were solely meant to make victims transfer their money to fraudsters.
Scams based on movie premieres
Kaspersky experts also spotted scams based on world movie premieres. In this case criminals were offering early access to a streaming of a recently premiered blockbuster.
“Usually users would be shown a trailer or introduction video, after which they would be requested to enter their payment details to continue watching,” it explained.
If a victim did pay, they would not get access to the desired content, but lose their money. The scheme remained quite popular in 2021 with almost every major movie or TV series premiere of the year, along with big sporting broadcasts were accompanied by the appearance of themed scams similar to this.
Pandemic related scams
The other big topic exploited by phishing fraudsters in 2021 was the Covid-19 pandemic. Cyber criminals created schemes around two big themes: compensation from governments and health organisations, and access to vaccination certificates.
“In the first case victims were “informed” that they were granted with compensation from their government’s pandemic-related support program, but in order to get the compensation a victim would have to pay a small transaction fee. Of course, these offers were not true and criminals used them to obtain money and bank details,” as per the report.
Another related phishing and spam scheme revolved around sales of vaccination certificates.
“Victims were offered to get a vaccination certificate, which would allow them access to public spaces and travel, without having to go through the vaccination procedure. While some underground forums would indeed offer such services, nothing prevented criminals from making fake promises in exchange for money,” the report said.
“As getting a vaccination certificate without having a vaccine is illegal, it is highly unlikely that the victim of such a scam would report it to police. And this is what the criminals behind these scams are hoping for,” it added.
Frequently during 2021 Kaspersky experts have observed how fraudsters have used pandemic-related scams in an attempt to get access to a network of corporations.
In such cases, the content of a spam or phishing email would inform an employee of a targeted organisation that they were the subject of a specific pandemic compensation. The targeted victim must confirm their corporate account on a specific web page in order to receive the compensation. If successful, this process allows criminals to gain access to corporate infrastructure and credentials.
“Widely discussed topics such as money, movie premieres and worldwide happenings, like the pandemic, have always been “bread and butter” for scammers. We keep seeing it return, from year to year and it doesn’t look like criminals will stop anytime soon. This is mostly because these scams prove to be very efficient as people continue to trust too much of what they see in their inboxes and browsers. We believe it is important to be aware that there are a lot of offers out there that seem “too good to be true”. We call on people to be cautious when it comes to trusting what’s in their email, as this approach may help them save their private data and money,” said Tatyana Sherbakova, security expert at Kaspersky.
Published on
February 20, 2022