The first quarter of 2023 saw a notable rise in cyber-attacks; phishing and smishing attempts were exceptionally high and saw a 40% increase in their share of overall cyber-attacks. These attacks—including malware, scams, and phishing—aim to steal consumers' sensitive personal information like login IDs, passwords, card details and bank account details. When such information falls into the hands of cybercriminals, it can result in a series of unfortunate events, from emptying bank accounts and hampering credit scores to selling personal information on the dark web. Some cybercriminals even impersonate individuals to pass background checks, like for subscriber identity module (SIM) swap for the mobile number. I will explain this in detail later.
All of us love to try our hand at new things like electronic gadgets or working with higher internet speed. The same applies to Web3, which is often described as the next generation of the internet and promises a more decentralised and secure online experience.
Web3 uses a new-age peer-to-peer (P2P) solution called interplanetary file system (IPFS), which allows efficient and secure data sharing. Unfortunately, like with other newer things, cybercriminals are increasingly found using IPFS to host and distribute malicious content. The biggest issue with the increasing use of IPFS by cybercriminals is files stored here cannot be removed by third parties, like enforcement authorities or security agencies.
40% Increase in Phishing, Smishing Attempts
According to the Avast Q1 2023 Threat Report, two out of three threats people encounter online today use social engineering techniques, taking advantage of human weaknesses. One new phishing scam on the rise is offering to refund fake invoices or bills. Fraudsters are seen sending an increasing number of fake bills or invoices for goods or services from reputed brands that the customer never ordered or received.
"If you think your data has no value, then why would scammers spend so much time trying to steal it? The truth is that anyone can be affected and it is important to stay vigilant and use proper protection," Jakub Kroustek, Avast malware research director, says. "Unfortunately, scammers have made it nearly impossible to take any message at face value–all communications, whether seemingly from a friend, boss, or household brand, have the potential to be fraudulent."
Phishing is a form of online fraud where fraudsters try to obtain sensitive information from users or victims by posing as a trusted entity, like a bank official.
The report shows that scammers know how to exploit people's trust in familiar brands. Avast has discovered this trend among two popular brands, Microsoft and Adobe. Scammers send out Microsoft OneNote files as email attachments to victims, triggering malware downloads when someone opens the attachment.
Avast detected malware like Qbot and Raccoon using this distribution technique to steal information and has also observed IcedID, a banking Trojan, using OneNote attachments to steal money.
Cybercriminals also exploit Adobe Acrobat Sign by inserting malicious links into documents sent from legitimate Adobe email addresses. These links prompt victims to download .ZIP files containing a variant of the Redline Trojan capable of stealing passwords, crypto wallets, and more.
Attacks via mobile text messages or smishing attacks are also contributing to the increase in phishing incidents. In fact, in March, the US Federal Communications Commission (FCC) announced its first rules targeting smishing, requiring mobile service-providers to block certain robotext messages likely to be illegal.
One easy sign to identify smishing is to check the 'urgency' factor. If you receive an email or SMS with an urgent request or a message that seems too good to be true, take a few extra moments to verify it before taking action.
However, one thing that has happened over the years is not many people believe in SMS or text messages for help. Their first reaction is to be very cautious. Last week, a friend needed money for a medical emergency and sent messages to our circle. However, most ignored his message. Some of them made calls (to him and me) to check the authenticity of the messages and then only extended the needed help. How I wish everyone adopts the same method of verifying the authenticity of any message!
IPFS Phishing
Over the years, technology has proven to be a double-edged sword. It provides results depending on the intention of the user. Similar things are happening with the latest tech in town, Web3, an umbrella term that includes several technologies for creating decentralised and open internet. IPFS is a P2P object storage system that allows for decentralised storage and access, eliminating the need for a central server or a location address.
While phishing will always remain a prevalent threat to end-users, how IPFS phishing is rapidly gaining traction is a serious cause of concern. IPFS offers several advantages to cybercriminals over traditional methods. Hosting costs on IPFS are low, so fraudsters do not have to buy domains and spend money. In the eyes of security agencies, the most problematic features are IPFS's ability to block third-party attempts to remove malicious content.
In recent days, cybercriminals are increasingly using IPFS to host and distribute phishing content. They do this by uploading HTML files containing a phishing form to IPFS and using gateways as proxies to allow victims to access the files without needing IPFS client software.
According to Avast Threat Lab, during the first quarter of 2023, the number of IPFS phishing sites detected was equal to the total number of sites found throughout 2022. This rapid growth continued into April 2023, which has seen a record-breaking 173% increase in detected IPFS phishing sites compared to the entire year of 2022.
This sudden and rapid increase in IPFS phishing emphasises the importance of staying vigilant and educated on the latest threats and trends in the cybersecurity landscape. However, do remember that while phishing through IPFS is a serious threat, the technology itself is not inherently malicious.
How To Protect from IPFS Phishing...
1. Use good anti-virus software/ apps that have in-built anti-phishing tools.
2. Always double-check the links and short URLs in emails, SMS or text messages received on chat apps, especially if you have received it from unknown sources. Look for telltale signs of phishing, such as misspellings, odd URLs, or requests for sensitive information.
3. Never open a short URL. Always visit the official portal of the service-provider and go to the concerned page.
4. Never respond to any message with a sense of urgency. Always call and speak with the concerned person before parting with any information or money.
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal
http://cybercrime.gov.in or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.