From 2020, attackers will take advantage of the interruption of deliveries to persuade users to open phishing links. In the last quarter, not only has this trend continued, but cybercriminals have become more adept. Many users began to receive invoices in various languages, asking for money under various pretexts, from customs duties to shipping costs. Through these emails, victims were often taken to a fake site. where they risked revealing their bank card details and losing their money.
How to be deceived by e-mail
Cybercriminals also launched websites that appeared to give people a chance to buy packages that could not reach the intended recipients. Such websites were created as a kind of lottery. Users did not know the contents of the package, but bid according to its weight. Even if they won it and paid the price - the package never arrived.
Another new trick of the attackers, used in the last quarter, was the spam sent through the WhatsApp application, through which small amounts of money were requested. These scams involved several different schemes. One of the methods of fraud was to involve users in a WhatsApp survey, in which they had to send messages to several contacts in order to receive a prize. Another method was to win prizes - users were told that they had already won a big prize, all they had to do to receive it was pay a small fee.
Another scam was related to the debate over WhatsApp's new privacy policy, which allowed information to be shared with Facebook. Cybercriminals have created fake websites that invite users to WhatsApp chat with "beautiful strangers." But when they clicked on the link to the chat room, the potential victim was directed to a fake login page on Facebook, and risked revealing his personal information. Users have also received links to fake WhatsApp messaging applications, which have been compromised by downloading malware.
WhatsApp chat scam
"As in the past, we see that attackers are taking advantage of new trends and disruptions to steal money and personal data, whether it's the ever-increasing use of messaging platforms or an ongoing issue with the operation of mailings and courier in the middle of a pandemic.
Spam and phishing scams remain some of the most effective ways to launch successful attacks because they focus on the emotional side. The best thing users can do is pay attention to any unexpected emails and be very vigilant when it comes to accessing documents or links received via email. The safest way is to go directly to the official pages, "says Tatyana Shcherbakova.
Expert advice
In order not to fall victim to these scams mentioned above, Kaspersky experts recommend that you check the links before clicking on them. Hover over the link to preview the URL and look for spelling or other irregularities. Even if a message or letter came from one of your best friends, keep in mind that their accounts may have been broken as well. Be careful in any situation. Even if a message seems friendly, treat your links and documents carefully. It's best not to access email links at all. Instead, you can open a new file or window and manually enter the URL of the bank or other site that interests you.
Install a trusted security solution, such as Kaspersky Internet Security, and follow its recommendations. Then, secure solutions will automatically resolve most issues and alert you if necessary.
Check the sender's address. Most spam comes from meaningless email addresses - for example, [email protected] or something similar. Hovering the cursor over the sender's name, which may be oddly written, you can see the full email address. If you're not sure if an email address is legitimate, you can enter it in a search engine to verify.
Consider what kind of information is required. Legitimate companies do not immediately contact you with unsolicited e-mails to ask for your personal information, such as bank or credit card details, and so on. Attackers often try to exert pressure by creating a "sense of urgency." For example, the message may contain words such as "urgent" or "immediate action required" - to force you to act.
Kaspersky is a global cybersecurity company founded in 1997. More than 400 million individual users and 250,000 companies are protected by Kaspersky Technologies.