Light Dark
May 21, 2021 By David Bisson 4 min read
Fraud Protection
Identity & Access

The possibility of an online scam can be an ever-changing problem for individuals and businesses. If someone clicks on a virus-laden email while employed in a data-heavy business, their stolen data could lead to a compromise to the business overall. Because of this, knowing what your employees might encounter in their day to day is also part of internal cybersecurity. Here are five online scam methods that stood out for their innovation and uniqueness in the last year.

Online Scam Methods Amid a Pandemic

The digital threat landscape witnessed a surge of activity in the first half of 2020. In the middle of April, for instance, VMware Carbon Black revealed that global organizations had experienced a 148% spike in ransomware attacks up until that point for the year. Those attacks had affected organizations in every sector, though the financial sector had witnessed the largest increase. Around that same time, Barracuda disclosed that spearphishing campaigns leveraging COVID-19 as a lure had grown 667% between the end of February and March of 2020.

It’s not surprising that many of those attack campaigns preyed upon targets’ fears surrounding COVID-19. What is surprising is the number of online scam attacks with unique subjects, lures and approaches — regardless of whether they mentioned the pandemic.

Anti-Virus that Defends Against Actual Viruses?

Malwarebytes posted an online scam report about a website offering “Corona Antivirus” in March last year. This digital solution claimed that people could protect themselves against COVID-19 as long as their desktop app was running.

Unsurprisingly, this piece of software didn’t yield any cross-medium virus cure. Instead, it infected the victim with BlackNET, a botnet that is capable of stealing its victims’ data and running distributed denial-of-service (DDoS) attacks.

Fake Charges for Activating Roku Devices

A couple of months later, the Better Business Bureau learned of an online scam targeting people who had purchased a Roku device. In one instance reported by NBC12 in May that a strange message popped up when a Cincinnati woman attempted to finish setting up her device. This message instructed her to contact a Texas-based company in order to pay an installation fee for her product.

Roku doesn’t charge installation fees for its devices.

The woman was ultimately reimbursed for the ‘fee’ she paid. The Better Business Bureau also gave the company in Texas the opportunity to clarify its role with Roku. When the company didn’t respond, the non-profit organization responded by handing out an ‘F’ rating to the Texas business.

A New Wave of Brushing Scams

In the late spring and summer of 2020, all 50 states issued a warning after residents began receiving mysterious seeds in packages sent from China. The U.S. Department of Agriculture identified that those packages contained seeds for common vegetables such as cabbage and herbs such as sage, reported USA Today. Even so, it urged people not to plant the seeds and to contact their state’s plant regulatory authority.

Not long after, USA Today learned of a similar online scam in which individuals were receiving packages from Amazon containing items that they had not purchased. The Better Business Bureau said this “brushing” scam came from fraudsters in the possession of victims’ personal information who were likely abusing that data to post fraudulent customer reviews for the purpose of boosting sales.

Beware of Missing Person Ploys

Near the end of summer last year, Malwarebytes sounded the alarm of fraudsters using fake missing person notices for different kinds of malicious purposes. The security firm found that domestic abusers could use these ruses to find someone with whom they had a history of abuse, for instance. It also observed that nefarious individuals could conduct those scams in order to compromise victims’ web accounts.

In one example cited by Malwarebytes, digital fraudsters created a ruse that claimed a child had gone missing. The scam used generic terms such as “police captains” and “downtown” in an attempt to phish victims’ data for their Facebook accounts.

Scammers Impersonate the U.S. Department of Justice

A week or so later the U.S. Department of Justice (DOJ) drew attention to a new online scam discovered by the Office of Justice Programs’ Office for Victims of Crime.

At the time of reporting, the National Elder Fraud Hotline had received multiple reports of fraudsters contacting elderly people while pretending to be employees or investigators connected with the DOJ. Upon linking with their target, those threat actors attempted to use scare tactics as a means of tricking victims into handing over their personal data.

How to Defend Against Innovative Online Scams and Attacks

The instances described above highlight the need for enterprise and users alike to defend against new online scams and digital attacks. One of the ways they can do this is by enhancing their defenses against phishing attacks. Organizations can do this by using email security filters to flag messages that originate from external sources and by training their employees about some of the latest phishing attacks circulating in the wild. Employees can then apply that knowledge at home in order to keep their home networks and devices safe from malicious actors.

It’s also important that enterprise leaders and users take steps to protect themselves on social media. To do this, they should take their privacy into consideration and generally refrain from disclosing their name, location or sensitive information. They should also watch out for offers that sound too good to be true from contacts and/or unfamiliar individuals.

 |  |  | 
David Bisson
Contributing Editor

More from Fraud Protection
October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

August 23, 2023

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature