The possibility of an online scam can be an ever-changing problem for individuals and businesses. If someone clicks on a virus-laden email while employed in a data-heavy business, their stolen data could lead to a compromise to the business overall. Because of this, knowing what your employees might encounter in their day to day is also part of internal cybersecurity. Here are five online scam methods that stood out for their innovation and uniqueness in the last year.

Online Scam Methods Amid a Pandemic

The digital threat landscape witnessed a surge of activity in the first half of 2020. In the middle of April, for instance, VMware Carbon Black revealed that global organizations had experienced a 148% spike in ransomware attacks up until that point for the year. Those attacks had affected organizations in every sector, though the financial sector had witnessed the largest increase. Around that same time, Barracuda disclosed that spearphishing campaigns leveraging COVID-19 as a lure had grown 667% between the end of February and March of 2020.

It’s not surprising that many of those attack campaigns preyed upon targets’ fears surrounding COVID-19. What is surprising is the number of online scam attacks with unique subjects, lures and approaches — regardless of whether they mentioned the pandemic.

Anti-Virus that Defends Against Actual Viruses?

Malwarebytes posted an online scam report about a website offering “Corona Antivirus” in March last year. This digital solution claimed that people could protect themselves against COVID-19 as long as their desktop app was running.

Unsurprisingly, this piece of software didn’t yield any cross-medium virus cure. Instead, it infected the victim with BlackNET, a botnet that is capable of stealing its victims’ data and running distributed denial-of-service (DDoS) attacks.

Fake Charges for Activating Roku Devices

A couple of months later, the Better Business Bureau learned of an online scam targeting people who had purchased a Roku device. In one instance reported by NBC12 in May that a strange message popped up when a Cincinnati woman attempted to finish setting up her device. This message instructed her to contact a Texas-based company in order to pay an installation fee for her product.

Roku doesn’t charge installation fees for its devices.

The woman was ultimately reimbursed for the ‘fee’ she paid. The Better Business Bureau also gave the company in Texas the opportunity to clarify its role with Roku. When the company didn’t respond, the non-profit organization responded by handing out an ‘F’ rating to the Texas business.

A New Wave of Brushing Scams

In the late spring and summer of 2020, all 50 states issued a warning after residents began receiving mysterious seeds in packages sent from China. The U.S. Department of Agriculture identified that those packages contained seeds for common vegetables such as cabbage and herbs such as sage, reported USA Today. Even so, it urged people not to plant the seeds and to contact their state’s plant regulatory authority.

Not long after, USA Today learned of a similar online scam in which individuals were receiving packages from Amazon containing items that they had not purchased. The Better Business Bureau said this “brushing” scam came from fraudsters in the possession of victims’ personal information who were likely abusing that data to post fraudulent customer reviews for the purpose of boosting sales.

Beware of Missing Person Ploys

Near the end of summer last year, Malwarebytes sounded the alarm of fraudsters using fake missing person notices for different kinds of malicious purposes. The security firm found that domestic abusers could use these ruses to find someone with whom they had a history of abuse, for instance. It also observed that nefarious individuals could conduct those scams in order to compromise victims’ web accounts.

In one example cited by Malwarebytes, digital fraudsters created a ruse that claimed a child had gone missing. The scam used generic terms such as “police captains” and “downtown” in an attempt to phish victims’ data for their Facebook accounts.

Scammers Impersonate the U.S. Department of Justice

A week or so later the U.S. Department of Justice (DOJ) drew attention to a new online scam discovered by the Office of Justice Programs’ Office for Victims of Crime.

At the time of reporting, the National Elder Fraud Hotline had received multiple reports of fraudsters contacting elderly people while pretending to be employees or investigators connected with the DOJ. Upon linking with their target, those threat actors attempted to use scare tactics as a means of tricking victims into handing over their personal data.

How to Defend Against Innovative Online Scams and Attacks

The instances described above highlight the need for enterprise and users alike to defend against new online scams and digital attacks. One of the ways they can do this is by enhancing their defenses against phishing attacks. Organizations can do this by using email security filters to flag messages that originate from external sources and by training their employees about some of the latest phishing attacks circulating in the wild. Employees can then apply that knowledge at home in order to keep their home networks and devices safe from malicious actors.

It’s also important that enterprise leaders and users take steps to protect themselves on social media. To do this, they should take their privacy into consideration and generally refrain from disclosing their name, location or sensitive information. They should also watch out for offers that sound too good to be true from contacts and/or unfamiliar individuals.

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today