Spam and phishing in 2019
#1
Bug 
Quote:
[Image: sl_spamreport_2019_05.png]

Figures of the year

* The share of spam in mail traffic was 56.51%, which is 4.03 p.p. more than in 2018.
* The biggest source of spam this year was China (21.26%).
* 44% of spam e-mails were less than 2 KB in size.
* Malicious spam was detected most commonly with the Exploit.MSOffice.CVE-2017-11882 verdict.
* The Anti-Phishing system was triggered 467,188,119 times.
* 17 % of unique users encountered phishing.

Trends of the year

Beware of novelties

In 2019, attackers were more active than usual in their exploitation of major sports and movie events to gain access to users’ financial or personal data. Premieres of TV shows and films, and sports broadcasts were used as bait for those looking to save money by watching on “unofficial” resources.

A search for “Watch latest X for free” (where X = Avengers movie, Game of Thrones season, Stanley Cup game, US Open, etc.) returned links to sites offering the opportunity to do precisely that. On clicking through to these resources, the broadcast really did begin, only to stop after a couple of minutes. To continue viewing, the user was prompted to create a free account (only an e-mail address and password were required). However, when the Continue button was clicked, the site asked for additional confirmation.

And not just any old information, but bank card details, including the three-digit security code (CVV) on the reverse side. The site administrators assured that funds would not be debited from the card, but that this data was needed only to confirm the user’s location (and hence right to view the content). However, instead of continuing the broadcast, the scammers simply pocketed the details.

New gadgets were also deployed as a bait. Cybercriminals created fake pages mimicking official Apple services. The number of fake sites rose sharply after the company unveiled its new products. And while Apple was only just preparing to release the next gadget, fraudsters were offering to “sell” it to those with itchy hands. All that victim had to do was follow a link and enter their AppleID credentials — the attackers’ objective.

The price of fame: attackers exploit popular resources

In 2019, scammers found new ways to exploit popular resources and social networks to spread spam and sell non-existent goods and services. They actively used Youtube and Instagram comments to place ads and links to potentially malicious pages, and created numerous social media accounts that they promoted by commenting on the posts of popular bloggers.

For added credibility, they left many fake comments on posts about hot topics. As the account gained a following, it began to post messages about promotions. For example, a sale of branded goods at knock-down prices. Victims either received a cheap imitation or simply lost their cash.

A similar scheme was used to promote get-rich-quick-online videos, coupled with gushing reviews from “newly flush” clients.

Another scam involved fake celebrity Instagram accounts. The “stars” asked fans to take a survey and get a cash payout or the chance to participate in a prize draw. Naturally, a small upfront fee was payable for this unmissable opportunity… After the cybercriminals received the money, the account simply disappeared.

Besides distributing links through comments on social networks, scammers utilized yet another delivery method in the shape of Google services: invitations to meetings sent via Google Calendar or notifications from Google Photos that someone just shared a picture were accompanied by a comment from the attackers with links to fake promotions, surveys, and prize giveaways.

Other Google services were also used: links to files in Google Drive and Google Storage were sent inside fraudulent e-mails, which spam filters are not always able to spot. Clicking it usually opened a file with adware (for example, fake pharmaceutical products) or another link leading to a phishing site or a form for collecting personal data.

Although Google and others are constantly working to protect users from scammers, the latter are forever finding new loopholes. Therefore, the main protection against such schemes is to pay careful attention to messages from unfamiliar senders.

Malicious transactions

In Q1, users of the Automated Clearing House (ACH), an electronic funds-transfer system that facilitates payments in the US, fell victim to fraudsters: we registered mailings of fake ACH notifications about the status of a payment or debt. By clicking the link or opening the attachment, the user risked infecting the computer with malware.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07
AirVPN Christmas Sale 2024!
AirVPN CHRISTMAS SAL...jasonX — 07:52
ON1 Software
ON1 Photo RAW 2025.1...jasonX — 06:29
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>