Cybersecurity companies have decided to share with us some disturbing new trends in cyber crimes. Social engineering attacks are on the rise and this time, individuals are being targeted.
In the first half of 2023, researchers at a North York-based DDoS protection service provider observed a shift in trends of cybercrimes and cyber threats. Traditional consumer-focused cyber crimes have seen a slight decline. On the other end, social engineering and web-related threats like malvertising, phishing, and scams are surging upward in a dramatic manner.
How bad are these threats?
These threats are bad. They accounted for more than 70% of all detections across various devices between June of Last year and May of this year. Scams alone contributed to 51% of all detections.
Cybercriminals are unfortunately adapting and innovating in line with current times. Every cybersecurity firm tailing them has reported that many times over the course of the past 24 months. Today, cybercrooks are utilizing AI to create perfect mocks of legitimate communications. This makes it difficult for people to differentiate between what’s real and what is not real.
Furthermore, they have adopted phishing and smishing via SMS. It has capitalized on high open rates and ingrained trust that people have in text messages.
The new trends in cyber threats
Here are the new threats in cyber threats which each company and individual needs to be aware of:
Unreal SHEIN gift cards
It was in March this year that cyber security firms in San Jose uncovered a new scam on Instagram. It used fake SHEIN gift cards as bait to lure unsuspecting people. In the second quarter of 2023, it was discovered that scammers broadened their operations and began expanding their reach beyond the United States.
They reached Israel too.
Their operations have now evolved as well. They are moving on from fake SHEIN gift cards to something more appealing. The recent one was an iPhone 14 scam targeting users in Spain and across Latin America, particularly Costa Rica and Mexico.
The outcome ironically is always the same. The victims never got the deal they were looking for. Instead, they subscribed to a service they hardly knew anything about.
Fake ransomware threats
Cyber security teams and experts in Iowa, Kansas, and Texas identified a new data extortion scam. This one targeted companies through email and gangs using data extortion and ransomware were involved.
These emails addressed employees by their complete names. They claimed that a security breach occurred in the company and a lot of company data was stolen (among them being employee records and personal data).
Senders on purpose pose themselves as members of either Lockfit or Silent Ransom. The emails pressure employees to notify their managers about the situation at hand, threatening to sell the data they stole, if the email is ignored. It even reminded the recipients about regulatory penalties on data breaches placed by authorities.
But these communications look like scaring tactics instead of actual extortion campaigns and tactics, especially after a data breach takes place. They are basically efforts to scare decision-making executives into paying them ransom to prevent further consequences, especially having their data sold or facing the wrath of potential regulatory penalties.
There also has been no proof offered regarding the breach. The only thing proven is hackers know the name and email of recipients, which can be obtained from various places and via SEO plugins too.
Numerous cyber security companies have captured scam messages that are identical and have targeted a variety of organizations. The recipient’s name, contact email, the assumed or alleged amount of stolen data, as well as the alleged cybercriminal mastermind are the details that are changed.
Such a modus operandi points to semi-automated attacks which utilize a list of targets. This resembles sextortion strategies.
Sextortion is even worse
A lot of security companies discovered a new sextortion campaign during the second quarter of 2022. These scams are email-based cyberattacks where scammers claim to have taken control of a user’s system. They often say they have recorded users’ activities via their cameras and often demand payments to keep privacy intact.
Scammers capitalize on the victim’s fear and embarrassment. Victims often hope to make a quick payment to avoid potential embarrassment and exposure.