Going through the figures of 2021, one will notice that 56% of e-mails were spam and 77% of spam was sent from Russia with another 14.12% from Germany. More and more often, scam websites posing as large companies that promise huge cash prizes in return for completing a survey have begun setting out stricter criteria for those who want a chance to win.
These are some of the findings from experts in Kaspersky.
Another trick criminals took up was to pose as a major bank and invite victims to participate in investment projects. In some instances, scammers emphasized stability and the lack of risk involved for the investor, as well as the status of the company they were posing as.
Most of the phishing websites blocked in 2021 used a .com domain name like in 2020, whose share rose 7.19 p.p., reaching 31.55%. The second most popular domain name used by attackers was .xyz (13.71%), as those domains are cheap or even free to register.
The most common malware family found in attachments were Agensla Trojans. Kaspersky Anti-Phishing system blocked 253 365 212 phishing links. Safe Messaging blocked 341 954 attempts to follow phishing links in messengers.
Going by the trends of 2021 and Kaspersky report on ‘Spam and Phishing in 2021’ says the main goal of the fraudsters behind these schemes is to lure targets, engage in a dialogue coax them to click a malicious link or open a malicious file attachment. This is either via spam involving massive or targeted email distributions or phishing that takes the form of a spam email paired with a malicious copy of a legitimate website.
Let’s have a look at the other major scams cybercriminals undertook during the pandemic
Fraudsters exploited the pandemic to its full by creating schemes around two big themes: Compensation from governments and health organizations, and access to Vaccination certificates.
Kaspersky detected notifications about compensation allocated by the government to employees of certain companies. All they needed to do in order to avail of this promised support was to “confirm” their e-mail address by logging in to their account on the scam website.
The other type of pandemic-related phishing and spam scheme is connected with sales of vaccination certificates. Victims were offered to get a vaccination certificate, which would allow them access to public spaces and travel, without having to go through the vaccination procedure. While some underground forums would indeed offer such services, nothing prevented criminals from making fake promises in exchange for money.
Investments in crypto currencies or stocks was one such topic – in these scams users were offered potentially great, “100% safe” opportunities to invest their money, which of course wasn’t true. In reality these offerings served one purpose – to make victims transfer their money to fraudsters.
Scams based on world movie premieres, also spotted by Kaspersky experts, were similar, but in this case criminals were offering early access to a streaming of a recently premiered blockbuster. Usually users would be shown a trailer or introduction video, after which they would be requested to enter their payment details to continue watching.
The scheme remained quite popular in 2021 where almost every big movie or TV series premiere of the year, along with big sporting broadcasts were accompanied by the appearance of themed scams like this.
Fraudsters also used pandemic-related scams to gain access to a Network of corporations in 2021. In these cases the content of a spam or phishing email would inform employees of a targeted organization they are subject of specific pandemic compensation. In order to receive it though, a victim must confirm their corporate account on a specific web page. If successful, this process allows criminals to gain access to corporate infrastructure and credentials.
“We believe it is important to be aware that there are a lot of offers out there that seem “too good to be true”. We call on people to be cautious when it comes to trusting what’s in their email, as this approach may help them save their private data and money,” – said Tatyana Shcherbakova, security expert at Kaspersky.
In order to avoid becoming a victim of spam or phishing-based scams, Kaspersky experts advise the following:
- Only open emails and click links if you are sure you can trust the sender
- When a sender is legitimate but the content of the message seems strange it is worth checking with the sender via an alternative communication channel
- Check the spelling of a website’s URL if you suspect that you are faced with a phishing page.
- Use a proven security solution when surfing the web.
The spammers have evolved over the time & capable of using different tricks to manipulate the users and exploit them. In these conditions the best policy is to refrain from downloading the files or clicking through the links in email, unless one trusts the legitimate source.
The motive of fraudsters is to trick via Phishing Scams designed to steal identity and sensitive information. If one find’s a particular mail spammy, do not unsubscribe the mailing list, clicking on unsubscribe list is in a way confirming that your email address is active and you received this mail.
Refrain from entering personal or financial information into pop-up windows a common phishing technique.