Lust, greed, impatience, fear and frustration—these are some of scammers’ favorite baits for their phishing, spam and fraud campaigns.
In these days of delayed door-to-door deliveries of online goods, one sure way for cybercriminals to irk potential victims into opening phishing links is to use the theme of delivery disruption.
This past quarter, the trend continued, but cybercriminals have become more adept at localizing their spam mailings.
According to researchers from Kaspersky, internet users have been receiving a surge of invoices in different languages asking for money related to anything from customs duties to shipment costs. With these mailings, victims are often taken to a fake website where they risk not only losing money but also their bank card details.
New scams up their sleeves
In addition to the aforementioned themes, here are three novel scams observed by researchers:
- Fake auctions for undelivered parcels: Scammers create websites offering people the chance to buy parcels that did not reach the intended recipients. Users get to bid for items based on the weight of the package, just like in an auction, except they do not know what they will be getting. In this case, even after paying for a winning bid, the only thing the victims can be sure of is NOT receiving the item!
- Different WhatsApp pay-a-fee scams: This past quarter,fraudsters sent spam to potential victims requesting small amounts of money. These scams involve several different schemes. One asks users take a survey about WhatsApp and send messages to several contacts to receive a prize. Another states that the victims have already won a large prize—all they need to do to collect it is pay a small fee …
According to one of the firm’s researchers, Tatyana Shcherbakova: “Attackers are taking advantage of new trends and disruptions to steal money and credentials. Spam and phishing schemes are still some of the most effective ways to launch successful attacks because they play on human emotions. The best thing users can do is be wary of any unexpected emails and be very careful about clicking on any email attachments or links—go to the website directly.”