Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Fake deliveries and WhatsApp spam: scammers get up to some new tricks in Q2 2021

August 2021 by Kaspersky

Q2 2021 saw scammers use a new host of tricks amidst continued disruption to supply chains and mail services, leveraging the situation to steal money and credit card details, Kaspersky analysts found.

Since last year, scammers have been taking advantage of the disruption in deliveries to convince users to open phishing links. This past quarter, not only has this trend continued, but the cybercriminals have become more adept at localising their spam mailings. Users experienced a surge in invoices in different languages asking for money related to anything from customs duties to shipment costs. With these mailings, victims are often taken to a fake website, where they risk not only losing money but also sharing bank card details.

Cybercriminals also launched websites that appeared to offer people the chance to buy parcels that could not reach the intended recipients. Such websites were set up like a lottery. Users were not aware of the contents of the package. They bid based on the weight of the package that—if they “won”—never arrived, even after paying the winning bid.

Another new trick from fraudsters this past quarter involved spam sent to WhatsApp requesting small amounts of money. These scams involved several different schemes. One asked that users take a survey about WhatsApp and send messages to several contacts to receive a prize. Another stated that the users already won a large prize—all they needed to do to collect it is pay a small fee.

An additional scam took advantage of the debate surrounding WhatsApp’s new privacy policy that allowed it to exchange information with Facebook. Cybercriminals set up fake websites inviting users to a WhatsApp chat with “beautiful strangers”. However, upon clicking the link to the chat room, the potential victim landed on a fake Facebook login page—and risks giving up their personal information. Users also received links for fake WhatsApp messenger apps, putting them at risk of downloading malware.

“As in the past, we’re seeing attackers take advantage of new trends and disruptions to steal money and credentials, whether that’s a growing user of messengers or continued problem with mail delivery amidst a pandemic. Spam and phishing schemes are still some of the most effective ways to launch successful attacks because they play on human emotion. The best thing users can do is be wary of any unexpected emails and be very careful about clicking on any email attachments or links—go to the website directly,” comments Tatyana Shcherbakova.

To avoid falling victim to the aforementioned scams, Kaspersky experts recommend:

Check any links before clicking. Hover over it to preview the URL, and look for misspellings or other irregularities.
Even if a message or a letter came from one of your best friends, remember that their accounts could also have been hacked. Remain cautious in any situation. Even if a message seems friendly, treat links and attachments with attention.
It’s better not to follow links from e-mails at all. Instead, you can open a new tab or window and enter the URL of your bank or other destination manually.
Install a trusted security solution and follow its recommendations. Then secure solutions will solve the majority of problems automatically and alert you if necessary.
It’s safe practice to check the sender’s address. Most spam comes from email addresses that don’t make sense or appear as gibberish – for example, amazondeals@tX94002222aitx2.com or similar. By hovering over the sender’s name, which itself may be spelled oddly, you can see the full email address. If you’re not sure if an email address is legitimate or not, you can put it into a search engine to check.
Consider what kind of information is being requested. Legitimate companies don’t contact you out of the blue via unsolicited emails to ask you for personal information, such as banking or credit card details, your Social Security number and so on.
Be wary if the message is creating a sense of urgency. Spammers often try to apply pressure by creating a sense of urgency. For example, the subject line may contain words like “urgent” or “immediate action required” – to pressure you into acting.
Grammar and spelling check is the effective way to identify a scammer. Typos and bad grammar are red flags. So too are odd phrasings or unusual syntax, which might result from the email being translated back and forth through translators several times.




See previous articles

    

See next articles