Investment, streaming and pandemic: how scammers used spam and phishing in 2021

During 2021, cyber-fraudsters involved in the creation and distribution of spam and phishing tried to lure people with topics such as lucrative investments, online streaming of globally popular movies or TV premieres and topics related to restrictions, measures and benefits of the current pandemic. These are the main conclusions of Kaspersky Annual Spam and Phishing Report.

Although not technologically complex, spam and phishing attacks are often based on sophisticated social engineering techniques. This is why such attacks were considered very dangerous for an inexperienced user. Spam is a type of malicious activity that involves the massive or targeted distribution of emails. The purpose of fraudsters with such schemes is to promote certain products and services among Internet users and to entice them to engage in dialogue, click on a malicious link or open a malicious attachment. Phishing often takes the form of a spam email combined with a malicious copy of an existing web page. These copies collect user data or encourage them to transfer money to fraudsters. As the results of the Kaspersky Spam and Phishing 2021 report show, last year cybercriminals used very popular themes to lure users.

Investing in cryptocurrencies or stocks is one of those topics. In those scams, customers were often offered a potentially great, “100% secure” opportunity to invest their money, which of course is not true. In reality, those offers had one goal – to get victims to transfer their money to fraudsters.

The scams based on world movie premieres, which were also detected by Kaspersky experts, were similar, but in this case the criminals offered access to a popular movie that had just premiered. Normally, users could watch a movie trailer and then be asked to enter payment card information to continue watching the movie. Of course, if a victim paid, she did not gain access to the film, but lost the money. The scheme was quite popular in 2021. According to Kaspersky experts, there was such a scheme for almost every premiere of a popular movie or TV series.

Another major topic exploited by phishing scammers in 2021 was the pandemic. There were two major sub-areas – compensation from governments and health organizations and access to vaccine certifications.

In the first case, the victims were informed that they had received assistance from the government’s pandemic support program, but in order to receive the assistance, they had to pay a small transaction fee. Of course, those offers were false and the criminals used them to obtain money and bank account information.

In the second case, the victims were offered vaccination certificates, which would give them access to public spaces and allow them to travel without having to be vaccinated. While some underground forums did offer such services, criminals made false promises of money. Because the fake certificate is illegal, the victim of such fraud will certainly not report the fraud to the police. That was the view of the criminals behind those schemes.

Kaspersky experts during 2021 often spotted fraudulent schemes related to the pandemic, in order to gain access to a corporation’s network. In those cases, the contents of the spam or phishing email informed the employees of the organization that they were entitled to special assistance for the pandemic. In order to get it, they had to confirm their user profile on a specially created website. If one of the employees accepted, the criminals gained access to corporate infrastructure and competencies.

“Widely discussed topics such as money, movie premieres and world events, as well as the pandemic, are always a golden hen for cyber fraudsters. From year to year we see how this is repeated and we do not expect criminals to stop with that. Primarily because such scams are very effective, because people continue to believe everything they see in their inbox and on search engines. We believe that it is most important for people to realize that they are being offered many things that seem too good to be true. “We urge people to be very careful with their emails and not to believe everything they read, because that way they will protect their personal data and money,” said Tatiana Shcherbakova, a security expert at Kaspersky.

In order not to fall victim to spam or phishing scams, Kaspersky experts advise the following:

o Only open emails and click only on links that you are sure come from a trusted sender

o When a sender is trustworthy but the content of the email seems strange to you, ask the sender what it’s all about through another communication channel

o Check the URL of the webpage you open if you suspect that it leads you to a phishing page. If the page is phishing, its URL may contain errors that are difficult to detect at first glance – for example, 1 instead of I or 0 instead of O

o Use a proven security solution when surfing the internet. Thanks to access to international sources of threat data, these solutions can detect and block spam and phishing campaigns.

Related Articles

Back to top button