The possibility of an online scam can be an ever-changing problem for individuals and businesses. If someone clicks on a virus-laden email while employed in a data-heavy business, their stolen data could lead to a compromise to the business overall. Because of this, knowing what your employees might encounter in their day to day is also part of internal cybersecurity. Here are five online scam methods that stood out for their innovation and uniqueness in the last year.

Online Scam Methods Amid a Pandemic

The digital threat landscape witnessed a surge of activity in the first half of 2020. In the middle of April, for instance, VMware Carbon Black revealed that global organizations had experienced a 148% spike in ransomware attacks up until that point for the year. Those attacks had affected organizations in every sector, though the financial sector had witnessed the largest increase. Around that same time, Barracuda disclosed that spearphishing campaigns leveraging COVID-19 as a lure had grown 667% between the end of February and March of 2020.

It’s not surprising that many of those attack campaigns preyed upon targets’ fears surrounding COVID-19. What is surprising is the number of online scam attacks with unique subjects, lures and approaches — regardless of whether they mentioned the pandemic.

Anti-Virus that Defends Against Actual Viruses?

Malwarebytes posted an online scam report about a website offering “Corona Antivirus” in March last year. This digital solution claimed that people could protect themselves against COVID-19 as long as their desktop app was running.

Unsurprisingly, this piece of software didn’t yield any cross-medium virus cure. Instead, it infected the victim with BlackNET, a botnet that is capable of stealing its victims’ data and running distributed denial-of-service (DDoS) attacks.

Fake Charges for Activating Roku Devices

A couple of months later, the Better Business Bureau learned of an online scam targeting people who had purchased a Roku device. In one instance reported by NBC12 in May that a strange message popped up when a Cincinnati woman attempted to finish setting up her device. This message instructed her to contact a Texas-based company in order to pay an installation fee for her product.

Roku doesn’t charge installation fees for its devices.

The woman was ultimately reimbursed for the ‘fee’ she paid. The Better Business Bureau also gave the company in Texas the opportunity to clarify its role with Roku. When the company didn’t respond, the non-profit organization responded by handing out an ‘F’ rating to the Texas business.

A New Wave of Brushing Scams

In the late spring and summer of 2020, all 50 states issued a warning after residents began receiving mysterious seeds in packages sent from China. The U.S. Department of Agriculture identified that those packages contained seeds for common vegetables such as cabbage and herbs such as sage, reported USA Today. Even so, it urged people not to plant the seeds and to contact their state’s plant regulatory authority.

Not long after, USA Today learned of a similar online scam in which individuals were receiving packages from Amazon containing items that they had not purchased. The Better Business Bureau said this “brushing” scam came from fraudsters in the possession of victims’ personal information who were likely abusing that data to post fraudulent customer reviews for the purpose of boosting sales.

Beware of Missing Person Ploys

Near the end of summer last year, Malwarebytes sounded the alarm of fraudsters using fake missing person notices for different kinds of malicious purposes. The security firm found that domestic abusers could use these ruses to find someone with whom they had a history of abuse, for instance. It also observed that nefarious individuals could conduct those scams in order to compromise victims’ web accounts.

In one example cited by Malwarebytes, digital fraudsters created a ruse that claimed a child had gone missing. The scam used generic terms such as “police captains” and “downtown” in an attempt to phish victims’ data for their Facebook accounts.

Scammers Impersonate the U.S. Department of Justice

A week or so later the U.S. Department of Justice (DOJ) drew attention to a new online scam discovered by the Office of Justice Programs’ Office for Victims of Crime.

At the time of reporting, the National Elder Fraud Hotline had received multiple reports of fraudsters contacting elderly people while pretending to be employees or investigators connected with the DOJ. Upon linking with their target, those threat actors attempted to use scare tactics as a means of tricking victims into handing over their personal data.

How to Defend Against Innovative Online Scams and Attacks

The instances described above highlight the need for enterprise and users alike to defend against new online scams and digital attacks. One of the ways they can do this is by enhancing their defenses against phishing attacks. Organizations can do this by using email security filters to flag messages that originate from external sources and by training their employees about some of the latest phishing attacks circulating in the wild. Employees can then apply that knowledge at home in order to keep their home networks and devices safe from malicious actors.

It’s also important that enterprise leaders and users take steps to protect themselves on social media. To do this, they should take their privacy into consideration and generally refrain from disclosing their name, location or sensitive information. They should also watch out for offers that sound too good to be true from contacts and/or unfamiliar individuals.

More from Fraud Protection

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read

How Security Teams Combat Disinformation and Misinformation

4 min read - “A lie can travel halfway around the world while the truth is still putting on its shoes.” That popular quote is often attributed to Mark Twain. But since we're talking about misinformation and disinformation, you’ll be unsurprised to learn Twain never said that at all. In fact, no one knows who first strung those words together, but the idea that truth spreads slowly while lies spread quickly is at least several hundred years old. The “Twain” quote also serves to…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

New DOJ Team Focuses on Ransomware and Cryptocurrency Crime

4 min read - While no security officer would rely on this alone, it’s good to know the U.S. Department of Justice is increasing efforts to fight cyber crime. According to a recent address in Munich by Deputy Attorney General Lisa Monaco, new efforts will focus on ransomware and cryptocurrency incidents. This makes sense since the X-Force Threat Intelligence Index 2022 named ransomware as the top attack type in 2021. What exactly is the DOJ doing to improve policing of cryptocurrency and other cyber…

4 min read