Spam and phishing in 2021: Investments, streaming and the pandemic
Woburn, MA – February 9, 2022 – In 2021, cybercriminals involved in the creation and distribution of spam and phishing tried to lure users using topics focused on lucrative investments, online streaming of global movie and TV premieres and themes related to restrictions, requirements and benefits of the ongoing pandemic. These are the top themes of Kaspersky’s Annual Spam and Phishing Report.
Spam and phishing attacks are not technologically complex, but often employ sophisticated social engineering techniques. That is why these attacks are considered quite dangerous for an unprepared user. Spam is a type of malicious activity that involves massive or targeted email distributions. The goal of the senders is to lure targets to either engage in a dialogue, click a malicious link or open a malicious file attachment. Phishing often takes the form of a spam email paired with a malicious copy of a legitimate website. These copies collect private user data or encourage the transfer of money to the perpetrators. The Kaspersky Spam and Phishing in 2021 report found a variety of popular topics used to scam users in 2021.
Investments in cryptocurrencies or stocks was one such topic. In these scams, users were offered potentially great, “100% safe” opportunities to invest their money, which of course wasn’t true. In reality, these offerings served one purpose – to make victims transfer their money to fraudsters.
Scams based on movie premieres were similar, but in this case criminals were offering early access to a streaming of a new blockbuster. Usually users would be shown a trailer or introduction video, after which they would be prompted to enter their payment details to continue watching. If a victim did pay, they would not get access to the desired content, but would lose their money. The scheme remained quite popular in 2021; based on Kaspersky researchers’ observations, almost every big movie or TV series premiere of the year, along with major sporting broadcasts, was accompanied by the appearance of these scams.
The pandemic was the other major topic exploited by phishers in 2021. Here, criminals created schemes around two big themes: compensation from governments and health organizations, and access to vaccination certificates.
In the first case victims were “informed” that they were entitled to compensation from their government’s pandemic-related support program, but in order to get the compensation, the victim would have to pay a small transaction fee. The fake offers would result in the criminals obtaining the user’s banking details.
The other type of pandemic-related scheme involved the sale of vaccination certificates. Victims were offered to get a vaccination certificate, which would allow them access to public spaces and travel, without getting vaccinated. While some underground forums would indeed offer an actual certificate, nothing prevented criminals from making fake promises in exchange for money. Since getting a vaccination certificate without having a vaccine is illegal, it is highly unlikely that the victim of such a scam would report it to police. And this is what the criminals behind these scams are hoping for.
Frequently during 2021 Kaspersky experts also observed fraudsters using pandemic-related scams in an attempt to gain access to corporate networks. In these cases, the content of a spam or phishing email would inform an employee of a targeted organization that they are the subject of specific pandemic compensation. In order to receive it though, a victim must confirm their corporate account on a specific web page. If successful, this process allows criminals to gain access to corporate infrastructure and credentials.
“Widely discussed topics such as money, movie premieres and worldwide happenings, like the pandemic, have always been ‘bread and butter’ for scammers,” said Tatyana Sherbakova, security expert at Kaspersky. “We keep seeing it return from year to year and it doesn’t look like criminals will stop anytime soon. This is mostly because these scams prove to be very efficient as people continue to trust too much of what they see in their inboxes and browsers. We believe it is important to be aware that there are a lot of offers out there that seem ‘too good to be true.’ We call on people to be cautious when it comes to trusting what’s in their email, as this approach may help them save their private data and money.”
In order to avoid becoming a victim of spam or phishing-based scams, Kaspersky experts advise the following:
· Only open emails and click links if you are sure you can trust the sender.
· When a sender is legitimate but the content of the message seems strange it is worth checking with the sender via an alternative communication channel.
· Check the spelling of a website’s URL if you suspect that you are faced with a phishing page. If you are, the URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of O.
· Use a proven security solution when surfing the web. Thanks to access to international threat intelligence sources, they are capable of spotting and blocking spam and phishing campaigns.
Read more about Spam and Phishing in 2021 in the full report on Securelist.com.