The analytics from Positive Technologies recently published a report where they discussed the most common types of phishing scam as of 2021 year. They say with the rise of remote modes of work and COVID-19 epidemic the most popular themes included various scenarios. Scammers tried their hands on whatever is possible in online world nowadays and among them in particular the different online services, dating sites, and selling the fake COVID-19 certificates. For those who are investment enthusiasts they also created specific types of scam. You can say practically for everyone scammers tailored their schemes.
The year was turbulent, of course, as the world was going through the continuous epidemic meanwhile scammers did not waste any time earning some money. These specific individuals through various cunning ways tried to lure people into their schemes. According to the statistics of conducted research, the amount of the scam attacks specifically targeted at individuals using the methods of social engineering rose from 67% in the 2020 year to 83% in 2021.
The most popular phishing scams of 2021
In accordance with the research conducted by Positive Technologies the most popular themes of 2021 exploited by the scammers were the next:
The investment in oil, gas and cryptocurrency. With the increase in private investments scammers even created the investment platforms to conduct the whole scam operations. They also imitated famous and trusted companies` resources. In such a way they conducted campaigns pretending to offer legitimate proposals of investment. Fraudsters promised very lucrative perspectives of profits in return.
Subscriptions to services. Scammers used the rising popularity of different online services and proposed to people different fake subscriptions under disguise of legitimate or other dubious services for unsuspecting victims to subscribe to. Individuals could receive a subscription to the services they never ordered or it could be a disguised subscription to services they actually use.
Online dating. Scammers used the natural need of people for communication and scammed them with fake dates and similar. Sometimes they could even create whole dramatic stories to make someone believe they were in trouble and asked victims for money to help. Or the other way for example they pretended to be someone familiar to the victim and conduct the similar scheme only here people were inclined to believe the scammers more as they actually knew the person the scammers impersonated. The percentage of the successful scams here can be notably high as online communications nowadays takes the most of peoples` time and researchers assume it won`t see a near decline soon.
Travel scams. Scammers made different propositions of various discounts and at first sight very attractive proposals of buying very cheap flights somewhere. In such cases victims didn’t always know where their travel destination would be. It could have been Egypt or it could`ve been simply money loss.
Postal service. Here victims could receive fake official and unofficial correspondence via their email. Usually it were services like “check the status of your order”, different payment checks, notices of various kinds of orders and similar. For example, potential victims received faked order notifications they never actually made. But scammers looked careful to send the specific scam orders to specific victims. If they know somehow that you definitely had made a previous order with a certain company you will most likely receive a scam email under it`s disguise.
Banks` clientele. In this category, scammers disguised themselves as well known and trusted banks to “offer” to victims different services or notifying them over alleged problems in the victims banks` accounts. In addition they “offered” some sort of bonuses, soft loans, etc.
Sports events. In 2021 year scammer used the themes of Tokyo Olympics, European Football Championship and they already started exploit the theme of the upcoming World Cup 2022. The fans of such events and just those who are interested in them should beware this particular kind of scammers.
Premieres of TV series and movies. Experts say that this brought scammers one of the biggest “harvests”. During the most publicized premieres, scammers disguised themselves as popular streaming services in order to fish someone’s information.
Corporate mailings. The research showed that the most successful also were scam emails disguised as newsletters of social package updates and banking costs, salary changes. It seems people don`t think twice when it comes to discussing their salaries even with potential fraudsters.
But the main theme of the year researchers named COVID-19. Scammers offered fake QR-codes and certificates. They also conducted fraudulent questionnaires about employees` vaccinations allegedly for the legitimate data collection.
“In 2022, we again expect to see a large number of phishing attacks united by the theme of significant events, including mass mailings about the World Cup or the Winter Olympics. And in connection with the release of a prototype digital ruble, attackers can create fake sites offering to buy digital currency. We can also expect the development of fraudulent schemes using social engineering in the field of investment,” says Ekaterina Kilyusheva, head of the research group of the Information Security Analytics Department of Positive Technologies.
In addition researchers predict that in the future phishing scam may develop into more sophisticated forms and even evolve into the Phishing-as-a-Service model. In such a model scammers will be able to buy already made fraudulent sites or malicious scripts. This will also give the opportunity for them to work in cooperation with other fraudsters.
How to avoid getting phished?
At the end of the report specialists gave several recommendations on how to avoid getting scammed in the same as written above or similar schemes. And according to them users should always check the actual address of the email sender. Don`t go after any suspicious links if they are present in an email. Before typing in any information make sure the site is legitimate. Only make hotel, ticket bookings as well as subscriptions on trusted and well known sites. In order to avoid getting infected with malicious software, scan every sent file. For corporate networks this should be done in sandboxes.
Though scammers elaborate their tactics every time there are some common signs that can help you recognize potential phishing attacks. Often those emails would look like the correspondence from the senders you had previously dealt with. But apart from that such emails continue certain legends in their texts that under closer inspection may hint at phishing. Phishing emails may offer you a coupon for free stuff or say that you’re eligible to register for a government refund. They may include a fake invoice and in other cases urge you to make some payment. Be careful if it claims you have to confirm some personal information. Other types of fraudulent emails will include texts about alleged suspicious activity or log-in attempts in some of your accounts. Scammers may also write to you that there’s some problems with an account or payment information.