The possibility of an online scam can be an ever-changing problem for individuals and businesses. If someone clicks on a virus-laden email while employed in a data-heavy business, their stolen data could lead to a compromise to the business overall. Because of this, knowing what your employees might encounter in their day to day is also part of internal cybersecurity. Here are five online scam methods that stood out for their innovation and uniqueness in the last year.

Online Scam Methods Amid a Pandemic

The digital threat landscape witnessed a surge of activity in the first half of 2020. In the middle of April, for instance, VMware Carbon Black revealed that global organizations had experienced a 148% spike in ransomware attacks up until that point for the year. Those attacks had affected organizations in every sector, though the financial sector had witnessed the largest increase. Around that same time, Barracuda disclosed that spearphishing campaigns leveraging COVID-19 as a lure had grown 667% between the end of February and March of 2020.

It’s not surprising that many of those attack campaigns preyed upon targets’ fears surrounding COVID-19. What is surprising is the number of online scam attacks with unique subjects, lures and approaches — regardless of whether they mentioned the pandemic.

Anti-Virus that Defends Against Actual Viruses?

Malwarebytes posted an online scam report about a website offering “Corona Antivirus” in March last year. This digital solution claimed that people could protect themselves against COVID-19 as long as their desktop app was running.

Unsurprisingly, this piece of software didn’t yield any cross-medium virus cure. Instead, it infected the victim with BlackNET, a botnet that is capable of stealing its victims’ data and running distributed denial-of-service (DDoS) attacks.

Fake Charges for Activating Roku Devices

A couple of months later, the Better Business Bureau learned of an online scam targeting people who had purchased a Roku device. In one instance reported by NBC12 in May that a strange message popped up when a Cincinnati woman attempted to finish setting up her device. This message instructed her to contact a Texas-based company in order to pay an installation fee for her product.

Roku doesn’t charge installation fees for its devices.

The woman was ultimately reimbursed for the ‘fee’ she paid. The Better Business Bureau also gave the company in Texas the opportunity to clarify its role with Roku. When the company didn’t respond, the non-profit organization responded by handing out an ‘F’ rating to the Texas business.

A New Wave of Brushing Scams

In the late spring and summer of 2020, all 50 states issued a warning after residents began receiving mysterious seeds in packages sent from China. The U.S. Department of Agriculture identified that those packages contained seeds for common vegetables such as cabbage and herbs such as sage, reported USA Today. Even so, it urged people not to plant the seeds and to contact their state’s plant regulatory authority.

Not long after, USA Today learned of a similar online scam in which individuals were receiving packages from Amazon containing items that they had not purchased. The Better Business Bureau said this “brushing” scam came from fraudsters in the possession of victims’ personal information who were likely abusing that data to post fraudulent customer reviews for the purpose of boosting sales.

Beware of Missing Person Ploys

Near the end of summer last year, Malwarebytes sounded the alarm of fraudsters using fake missing person notices for different kinds of malicious purposes. The security firm found that domestic abusers could use these ruses to find someone with whom they had a history of abuse, for instance. It also observed that nefarious individuals could conduct those scams in order to compromise victims’ web accounts.

In one example cited by Malwarebytes, digital fraudsters created a ruse that claimed a child had gone missing. The scam used generic terms such as “police captains” and “downtown” in an attempt to phish victims’ data for their Facebook accounts.

Scammers Impersonate the U.S. Department of Justice

A week or so later the U.S. Department of Justice (DOJ) drew attention to a new online scam discovered by the Office of Justice Programs’ Office for Victims of Crime.

At the time of reporting, the National Elder Fraud Hotline had received multiple reports of fraudsters contacting elderly people while pretending to be employees or investigators connected with the DOJ. Upon linking with their target, those threat actors attempted to use scare tactics as a means of tricking victims into handing over their personal data.

How to Defend Against Innovative Online Scams and Attacks

The instances described above highlight the need for enterprise and users alike to defend against new online scams and digital attacks. One of the ways they can do this is by enhancing their defenses against phishing attacks. Organizations can do this by using email security filters to flag messages that originate from external sources and by training their employees about some of the latest phishing attacks circulating in the wild. Employees can then apply that knowledge at home in order to keep their home networks and devices safe from malicious actors.

It’s also important that enterprise leaders and users take steps to protect themselves on social media. To do this, they should take their privacy into consideration and generally refrain from disclosing their name, location or sensitive information. They should also watch out for offers that sound too good to be true from contacts and/or unfamiliar individuals.

More from Fraud Protection

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today