» » » Expert View: Spam and Phishing Trends

Expert View: Spam and Phishing Trends

Scammers are getting ever more creative with new spam, SMS and phishing techniques. Here’s how to avoid getting caught by these latest scamming strategies. 

By Daniel Markuson, Digital Privacy Expert at NordVPN.

422.49 billion spam emails are sent worldwide every day. This number also includes phishing, sextortion, advertising, and finance-related scams. Most people can already spot the traditional spam messages that claim they have won a new Lamborghini or inherited a million dollars, so spammers are finding new creative ways to trick people into giving them money or information.

There has been an increase in the numbers of SMS spamming attacks known as smishing Click To Tweet

With so much personal data available out there, it is much easier for criminals to customize all kinds of scamming attempts – from simple spam, to much more advanced phishing or extortion. These emails, messages, and websites often seem so real, and provide such a high level of detail, as to make even the most cautious person susceptible to falling into a trap.

A few months ago, a massive smishing attack produced tens of millions of fake SMS messages, inviting the recipients to go on fake websites Click To Tweet
A New Era of Smishing

Recently, there has been an increase in the numbers of SMS spamming attacks, known as “smishing” where scammers try o steal people’s personal information or credit card details. They do this by initially sending text messages designed to look like they come from a bank, an employer, or an official governmental institution.

422.49 billion spam emails are sent worldwide every day Click To Tweet

A few months ago, a massive smishing attack produced tens of millions of fake SMS messages, inviting the recipients to go on fake websites. The texts were generated by a spam-sending database run by a company called ApexSMS. Interestingly, the system was able to detect when people messaged back using keywords such as “report” and “FCC. These phone numbers were added to a special list of contacts that would not be used by the fraudsters again. However, you should bear in mind that responding to these kinds of texts may leave you vulnerable to identity theft because if you contact the hackers, the hacked phone transmits your sensitive data stored on it.

Responding to a text can leave your phone vulnerable to being hacked Click To Tweet

As investigators later discovered, the database contained around 80 million records. They included people’s names, phone numbers, carrier network names, IP addresses, and even locations. Out of the 38 million texts. that were sent during the attack, 2.1 million people clicked on a link in the fraudulent message. Luckily on this occasion, the scammers used an unprotected server, which experts discovered in time to stop the attack.

Scammers are abusing Notifications and Push APIs on Android devices Click To Tweet
Fake Missed Calls

Besides SMS frauds, scammers are now abusing the Notifications and Push APIs on Android devices. These two APIs are used to push notifications on mobile phones to re-engage users. An application or server can push them even if the app is not running. The problem is, the API allows scammers to make their notifications look identical to a legitimate app. For example, they can create fake alerts customized to look like a missed phone call.

Scammers aim to take advantage of well-known applications by creating false alerts using the looks of popular apps Click To Tweet

One of the ways scammers exploit the feature is using Google Chrome to push messages to mobile phones. To hide their origin, the Google Chrome icon is changed into a “Missed Call” notification. When this happens, one message informs the scammers that they can hack the phone. Another one shows a missed call from a medium called Esmeralda.

Once users press the fake push notification, their phones get hacked Click To Tweet

Scammers aim to take advantage of well-known applications. They create false alerts using the looks of popular apps. This confuses mobile phone users. Once they press the push notification, their phones get hacked. Thus, before pressing the notification, it is important to pay attention to the message that it contains and think if it is actually related to the nature of the app.

While fraudsters are becoming more creative, it is still possible to save ourselves from their attacks by becoming more aware of the latest scamming techniques Click To Tweet
Phishing with legal threats

Another new strategy that creative spammers are now using is lawsuit emails. They send fake emails, which claim that the recipient is being sued and request to open and read the attached fraudulent documents and respond within seven days.The scammers use the names of existing law firms and falsify their email addresses. Most of the time, they target the employees of big companies. Around 100,000 businesses have been attacked to date — mostly in Canada.

Around 100,000 businesses have been attacked to date with legal threat phishing scams — mostly in Canada Click To Tweet
Steps anyone can take to protect themselves

While fraudsters are becoming more creative, it is still possible to save ourselves from their attacks by becoming more aware of the latest scamming techniques. Then, it is crucial to check the messages, phone calls, and emails you receive before opening them. These are the basic but important steps in protecting ourselves handing our personal data to scammers.