Technology, and all it has done to improve our lives, is definitely a boon but it is a double-edged sword unless you are careful. In a digital era, where information is primarily exchanged through the internet, it has also provided cybercriminals anonymity and expansive reach. These cybercriminals are employing a wide array of sophisticated tactics or schemes to lure and then defraud gullible people. Their mechanisms or schemes may vary, but their end goal remains the same—to deceive unsuspecting individuals into revealing sensitive information or parting with their hard-earned money.
According to the Avast second quarter (Q2) FY22-23 Threat Report, traditional, consumer-focused cyber threats experienced a slight decline during Q2FY22-23, while social engineering and web-related threats, such as scams, phishing and malvertising, surged dramatically. The adoption of smishing—phishing through SMS—has capitalised on the high open rates and innate trust individuals place in text messages. The report warns about four cyber scams that are spreading across the world.
Beware of Gift Cards, Fake Ransomware, Sextortion and Crowdfunding
Cybercriminals are adapting and innovating alongside the rapid evolution of technology. They have leveraged artificial intelligence (AI) tools to craft nearly perfect imitations of legitimate communication, making it increasingly difficult for individuals to differentiate between what is real and what isn't.
According to Avast, threat actors are opting for the psychological manipulation afforded by scams and phishing rather than the technical exploits found in traditional malware attacks.
The Avast Q2FY22-23 Threat Report warns about four new trends in cybercrime, including a rise in social engineering attacks and a shift towards targeting individuals.
1. Fake Gifts
This new scam on Instagram uses fake SHEIN gift cards to lure victims. During Q2FY22-23, Avast found that the scammers are widening their operations and covering more countries, such as Israel. They have also evolved and moved on from fake SHEIN gift cards to a maybe more appealing iPhone 14 scam targeting users in Mexico and Spain.
Instead of getting the deal (gift card or iPhone 14), they were looking for, victims found themselves subscribed to a service they knew nothing about.
2. Fake Ransomware
Ransomware is software or malware that accesses content on your PC, laptop or mobile device and then scrambles the data. You are then required to pay the ransom so that the criminal can hand over to you the key to the locked data. Most criminals demand money to be paid using virtual currencies like Bitcoin. But there is no guarantee that you will be able to access all your locked data, even after paying.
Avast says a new data extortion scam is targeting companies via email. The emails, addressed to employees by their full names, claim a security breach has occurred, with a significant amount of company information stolen, including employee records and personal data. Senders purport to be from ransomware groups like 'Silent Ransom' or 'Lockffit'.
Threatening to sell the stolen data if ignored, these emails ask employees to notify their seniors about the situation while reminding them about the regulatory penalties of data breaches.
"However, these communications appear to be more scare tactics than actual extortion campaigns following a data breach. There is no offered proof of the breach other than possession of the recipient's email and name," Avast says.
In this scam, scammers claim to have taken control of your mobile device, often saying they have recorded your activities through your device's cameras and demand payment to keep your privacy intact.
In India, cases of sextortion have become rampant, and anyone who responds to messages or video calls from unknown numbers on WhatsApp can easily become a victim.
Sextortion scammers trap their victims either by luring them through links or video calling, and a few seconds are enough to lay the trap for blackmail—the scammer shows the victim an obscene image or video clip and then frames them for consuming pornography.
In all sextortion cases, criminals use the fear factor to extort money from the victim. However, without any fear, the victim must file a first information report (FIR) at the nearest police station to ensure proper action against the criminals.
4. Cancer Kid or Fake Crowdfunding
Avast calls it one of the nastiest scams where a crowdfunding scheme is used to exploit public generosity. The scam involves a series of emotionally-charged video ads narrating the story of a cancer-stricken child named 'Semion', soliciting urgent financial aid for his treatment. These videos, primarily in Russian with multilingual subtitles, have been shared on platforms like YouTube and Instagram, eliciting significant monetary donations from empathetic viewers directed towards a donation page offering multiple payment methods.
However, as Moneylife
pointed out, fake crowdfunding is not limited to one instance. Many people, perhaps in league with hospitals, are found raising funds that were far more than the cost of treatment or surgery.
Dr Prashant Mishra, a cardiac surgeon, pointed out that, in many cases, the surgeries for which funds were raised were either simple or being conducted free in large hospitals. But, even in the case of private hospitals, the funds being raised were as much as three to four times what would be the total cost of surgery.
So, how can you identify whether the fund-raising is for a genuine cause or not? There are always innumerable people in need of funds. If you want to donate money, make sure you do your own check, confirm the genuineness of the cause, or only donate when the person taking responsibility for fund-raising is someone you know and every step of the process is transparently shared.
According to Avast, in the face of these rising threats, it is essential to remember the fundamental rule of the internet: trust but verify.
"The surge in scams and phishing incidents during Q2 of 2023 underscores an evolving threat landscape that requires adaptable, informed, and proactive cybersecurity measures. The cornerstone of those measures must be comprehensive education and awareness initiatives aimed at enabling users to recognise and respond appropriately to these deceptive and damaging attacks," the report says.
Stay Alert, Stay Safe!
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in
or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.