Each week over the last year we have been able to bring you a new and breaking scam every week. The fact we have been able to do this is in itself concerning. This year, scams have taken every form you can imagine, from the ubiquitous phishing email to the sextortion scam to the SMS text pretending to be from Uber to the Office 365 malicious document. All of them have certain things in common, they are prolific, never-ending, and out to get your data and hopefully lots of ill-gotten money.
In our goodbye to 2019 Breaking Scams post, we will bring you some of the lowlights of the fraudster world. Without further ado, let us enter the world of the scammer in 2019.
Sextortion – All Year Round
Sex was never far from the Minds of The Defence Works team in 2019. This was mainly due to the large number of sextortion scams we came across (rather than anything personal).
In 2019, we saw sextortion at every turn. A scam like this one from May 2019 “Oh No Not Again! The Sextortion Scam Keeps on Coming”. The fraudster gave me 72 hours to pay up or else a ‘video’, apparently showing me in a compromising position, would be circulated. Obviously, I panicked, but then remembered this was a scam.
Sextortion was a crime that rose hard and strong in 2019 (pun intended). This is because people do genuinely panic. The FBI, who keeps tabs on various cybercrimes, had over 13,000 complaints about sextortion in August alone, this year.
HMRC Tax Scam – Watch out in 2020 too
The HMRC tax scam is a regular to our Breaking Scams section. It is particularly prevalent during tax season, which, of course, is coming up in January. As many of us panic to pay our tax bills before the 31st January, the cybercriminals swoop in with a phishing email disguised as an HMRC tax bill or tax rebate.
In January 2019, we reported in our post “ It’s That Time of Year Again: The HMRC Scam!” about a phishing email, this time offering a tax rebate. The email looked like it was from HMRC as it carried its brand. The email contained a phishing link, which when clicked, took me to a website that looked exactly like HMRC but was actually a spoof. The site asked for personal data to be entered. If data was submitted, it would be sent to the fraudster behind the scam.
Watch out for the next batch of the HMRC tax scam in the first few weeks of 2020.
Social Media Scams – Coming to a social platform near you
2019 was the year that social media bedded down as a place to be socially engineered as well as sociable. One of the social scams we reported on was the money mule scam “Kicked by a Mule: The Social Media Scam back in February 2019”. The scam was being run on Instagram and Snapchat and posts running hashtags such as #instantcash, were being used to lure unsuspecting victims. Once hooked, the victim (usually a younger person) would be tricked into allowing the fraudster to use their bank account to transfer money illegally. Europol made 168 arrests globally.
Big Brand Phishing – Amazon, FedEx, Apple, etc.
A repeat offender throughout 2019 was the email phishing scam that used big name brands to trick recipients. We saw brands such as Apple, FedEx, Qatar Airways, Microsoft Office 365, and American Express, as well as others, being used to try and make the phishing email seem more real.
All of the emails contained phishing links. If you clicked on the link you were usually taken to a spoof website that looked like the brand the email pretended to be from. There, either you were asked to input data, which would then be stolen and/or if the website itself was infected with malware your PC or laptop could also become infected with malware, such as ransomware.
Vishing and SMShing – it’s not all about the email
2019 not only saw phishing via email, but it was also awash with other types of phishing too. The Defence Works was able to bring news of other forms of phishing too. This included:
- Vishing: phone calls used to extract personal data or money or both. One example from 2019 was “I Just Called to Say I’m Vishing You: The Fraudster on the Line” in which a victim receives a call letting them know they have won a raffle for a free holiday. The caller then attempts to gain access to the victim’s personal data.
- SMShing: malicious text messages received on a mobile phone. A recurring example during 2019 was the Uber mobile text message scam “You Got a Phish to Ride: The Uber SMiShing Scam” was our report of one such SMShing text. This scam saw several variants over the year; our Uber scam reported receiving a text message with a four-digit “Uber code” with the advice to reply STOP to the phone number offered in the text message. If you do as the fraudster asks, you end up paying out a large sum of money as the scam is a known Premium SMS Scheme.
The Defence Works spent a lot of 2019 Breaking Scams so that you don’t have to. But we know that cybercriminals don’t take the Christmas holidays off. So be wary, and Christmas will come and go but fraudsters persist. We fully expect that 2020 will bring more of the same types of scams and perhaps even sneakier ones. Here at The Defence Works, we are waiting to see when the first deepfake sextortion video will be used…watch this space as we go Breaking Scams.
Want access to the world’s most interactive security awareness training? Sign up for a free demo and find out how we’re already helping organisations just like yours.
Subscribe to the Proofpoint Blog