Scammers are getting more creative: new spam, SMS, and phishing trends

3 years ago | 45

ABOUT 422.49 billion spam emails are sent worldwide every day. This number also includes phishing, extortion, advertising, and finance-related scams. According to Daniel Markuson, the digital privacy expert at NordVPN, most people can already spot the traditional spam messages that claim they have won a new Lamborghini or inherited a million dollars. But because of this reason, spammers are finding new creative ways to trick people into giving them money or information. "With so much personal data available, it is much easier to customize all kinds of scamming attempts - from simple spam to much more advanced phishing or extortion. These emails, messages, and websites seem so real and detailed that even the most cautious person can fall into the trap," says Daniel Markuson, the digital privacy expert at NordVPN. A New Era of Smishing Recently, there has been an increase in the numbers of SMS spamming attacks, known as “smishing.” The scammers have been trying to steal people's personal information or credit card details. They send text messages designed to look like they come from a bank, an employer, or an official governmental institution. A few months ago, a massive smishing attack produced tens of millions of fake SMS messages, inviting the recipients to go on fake websites. The texts were generated by a spam-sending database run by a company called ApexSMS. “Interestingly, the system was able to detect when people messaged back using keywords such as “report” and "FCC." These phone numbers were added to a special list of contacts that would not be used by the fraudsters again. However, you should bear in mind that responding to this kind of texts may result in identity theft. If you contact the hackers, the phone transmits your sensitive data stored on it ,” says Daniel Markuson, the digital privacy expert at NordVPN. As investigators later discovered, the database contained around 80 million records. They included people's names, phone numbers, carrier network names, IP addresses, and even locations. Out of the 38 million texts. that were sent during the attack, 2.1 million people clicked on a link in the fraudulent message. Luckily, the scammers used an unprotected server, which experts discovered and the attack was stopped. Fake Missed Calls Besides SMS frauds, scammers are now abusing the Notifications and Push APIson Android devices. These two APIs are used to push notifications on mobile phones to re-engage users. An application or server can push them even if the app is not running. The problem is, the API allows scammers to give to their notifications a look that’s identical to a legitimate app. For example, they can create fake alerts customized to look like a missed phone call. One of the ways scammers exploit the feature is using Google Chrome to push messages to mobile phones. To hide their origin, the Google Chrome icon is changed into a “Missed Call” notification. When this happens, one message informs the scammers that they can hack the phone. Another one shows a missed call from a medium called Esmeralda. “Scammers aim to take advantage of well-known applications. They create false alerts using the looks of popular apps. This confuses mobile phone users. Once they press the push notification, their phones get hacked. Thus, before pressing the notification, it is important to pay attention to the message that it contains and think if it is actually related to the nature of the app,” explains Daniel Markuson, a digital privacy expert at NordVPN. Phishing with legal threats Another new strategy that creative spammers are now using is lawsuit emails. They send fake emails, which claim that the recipient is being sued and request to open and read the attached fraudulent documents. Besides, people are told to answer the email within seven days or get sued. The scammers use the names of existing law firms and falsify their email addresses. Most of the time, they target the employees of big companies. Around 100,000 businesses have been attacked to date — mostly in Canada. “What often confuses receivers is that these messages usually appear to come from real firms, while in reality criminals hide behind these email addresses,” claimsDaniel Markuson, the digital privacy expert at NordVPN. Steps Everybody Can Take to Protect Themselves While fraudsters are becoming more creative, it is still possible to save ourselves from their attacks. “First of all, it is important to be aware of new scamming techniques. Then, it is crucial to check the received messages, phone calls, and emails before opening them. These are the basic, but important steps in protecting ourselves handing our personal data to scammers,” says Daniel Markuson, a digital privacy expert at NordVPN. – Aug. 8, 2019 @ 19:15 GMT |

Readers Comments

0 comment

No comments yet. Be the first to post comment.

Related stories

Recommended for you...

From Twitter