Scammers used both older, tested-and-true phishing tactics in 2018 – but also newer tricks, such as fresh distribution methods, according to a new report.
Phishing attempts more than doubled in 2018, as bad actors sought to trick victims into handing over their credentials. They used both old tricks – such as scams tied to current events – as well as other stealthy, fresher tactics.
Researchers with Kaspersky Lab said in a Tuesday report that during the course of 2018, they detected phishing redirection attempts 482.5 million times – up from the 246.2 million attempts detected in 2017. In total, 18.32 percent of users were attacked, researchers said.
“We have seen a steady increase in phishing attacks on cryptocurrency-related resources, and expect new scams to appear in 2019,” according to the report, by Maria Vergelis, Tatyana Shcherbakova and Tatyana Sidorina with Kaspersky Lab. “Despite the fall in value and the lean times for the cryptocurrency market as a whole, phishers and spammers will try to squeeze everything they can out of this.”
Current Events: A Go-To Phishing Hook
Bad actors continued to rely on an age-old trick in 2018 for phishing attacks: Using newsworthy events, such as new smartphone launches, sales seasons, tax deadlines, and the EU General Data Protection Regulation (GDPR) to hook the victim.
Phishing emails purporting to be about GDPR, for instance, boomed in the first few months of 2018, because during those months there was an upturn in legitimate GDPR mailings warning users of the transition to the new policies, which require stringent processes to store and process personal data of European citizens.
Attackers unsurprisingly took advantage of this with their own GDPR-related emails: “It was generally B2B spam — mostly invitations to paid seminars, webinars, and workshops promising to explain the ins and outs of the new regulation and its ramifications for business,” said researchers.
Other top events, such as the 2018 FIFA World Cup and the launch of the new iPhone sparked phishing attempts, including emails leading to fake FIFA partner websites for the former, and spam messages purporting to sell accessories and replica gadgets for the latter.
Despite the cryptocurrency market’s struggle in 2018, bad actors’ interest in cryptocurrencies appears far from waning. In fact, scammers utilized a number of methods to capitalize on victims’ interests in the cryptocurrency market, such as posing as a cryptocurrency exchange or fake Initial Coin Offering (ICO) bent on convincing victims into transferring money to cryptocurrency wallets.
“In 2018, our Anti-Phishing system prevented 410,786 attempts to redirect users to phishing sites imitating popular cryptocurrency wallets, exchanges and platforms,” researchers said. “Fraudsters are actively creating fake login pages for cryptocurrency services in the hope of getting user credentials.”
When it came to ICOs, scammers extended invitations to victims for investing in various ICOs via email and social-media posts.
One such scam targeted a cryptocurrency called buzcoin; the scammers got ahold of the project mailing list and sent fake presale invitations to subscribers before the ICO began – eventually making away with $15,000, according to Kaspersky Lab.
There were also sextortion scams that coerced victims to send cryptocurrency in exchange for keeping quiet about their private online activities, with one campaign in July noted for using victims’ legitimate password in the email as a scare tactic; and another one in December hit victims with ransomware.
Researchers said they don’t expect attackers’ interests in cryptocurrency to die down any time soon: “In 2019, spammers will continue to exploit the cryptocurrency topic,” they said. “We expect to see more fraudulent mailings aimed at both extracting cryptocurrency and gaining access to personal accounts with various cryptocurrency services.”
In 2018, the number of malicious messages in spam was 1.2 times less than in 2017, according to researchers. Of those malicious messages, the most widely distributed malicious objects in email (Exploit.Win32, CVE-2017-11882), exploited a patched Microsoft vulnerability that allowed the attacker to perform arbitrary code-execution.
Despite this downturn in malicious emails, scammers appear to be looking to other sneaky tactics to avoid detection and still make off with victims’ credentials — in particular using non-typical formats for spam like ISO, IQY, PIF and PUB attachments.
“2018 saw a continuation of the trend for attention to detail in email presentation,” researchers said. “Cybercriminals imitated actual business correspondence using the companies’ real details, including signatures and logos.”
In addition, bad actors appeared to transition to new channels of content distribution beyond email – including social media sites, services like Spotify, or even Google Translate.
“Cybercriminals in 2018 used new methods of communication with their ‘audience,’ including instant messengers and social networks, releasing wave after wave of self-propagating malicious messages,” said researchers. “Hand-in-hand with this, as illustrated by [an] attack on universities, fraudsters are seeking not only new channels, but new targets as well.”