Fraudsters adapt phishing scams to exploit livelihood crises

Fraudsters are adapting their tactics in response to the Covid-19 pandemic and the cost-of-living crisis by exploiting those in difficult financial situations, with around 80,000 Britons falling for phishing attacks and providing personal information every month, according to a Office for National Statistics (ONS) report.

Published on September 26, the report found that only 3% of suspected phishing message recipients replied or clicked on a link, the equivalent of around 700,000 people in England and Wales.

It also found that, of those who answered or clicked on a link, 11% provided information that could be used by fraudsters – the equivalent of around 80,000 people.

The City of London Police’s National Fraud Intelligence Bureau (NFIB), which is the national policing lead on fraud, has also identified a growing trend of fraudsters promising rebates on energy bills and council tax, or otherwise encouraging people to apply for “expenses”. off-living payments”, in a way that mimics actual government support packages.

For example, in the two weeks to August 5, more than 1,500 reports were made to the Suspicious Email Reporting Service (Sers) about scam emails from UK energy regulator Ofgem pretending to be legitimate rebates.

The NFIB also noted an increase in reports involving scams where criminals target victims on WhatsApp by pretending to be someone they know, usually their child.

“Phishing scams pose a significant threat to both individuals and businesses,” said City of London Police Detective Chief Superintendent Oliver Shaw. “I would urge everyone to be wary of unexpected messages or calls that ask for your personal or financial information. Remember, your bank or any official source will never ask you to provide personal information via email or text message.”

UK-based fraud prevention service Cephas said “there is a real concern that due to the rising cost of living, criminals will target loan products and delayed credit services”.

Common campaigns Cifas has encountered include competing to win energy bill deals or energy vouchers by posing as utility providers.

“Fraudsters are using increasingly sophisticated methods to trick people into parting with their personal and financial information,” said Sandra Piston, director of research and development at Cephas. “Checking to make sure the person or organization is genuine, contacting them through their official website, and using the Check-a-Website tool to make sure the site is secure are all ways to thwart a phishing attempt.”

The ONS added that there is also evidence that fraudsters are taking advantage of wider behavioral changes prompted by the pandemic, such as an increase in online shopping and a shift to remote work.

More than half fell victim to phishing, for example, when the message they received came from senders posing as delivery companies. The ONS also noted that “advance fee fraud” (predators pay upfront for goods or services that are not realized later) and “consumer and retail fraud” increased by 57% from pre-pandemic levels.

It added that fraud generally increased by 25% over pre-pandemic levels (to about 4.5 million crimes) by March 2022, with nearly two-thirds of those identified as cyber-related.

“As the pandemic pushed more consumers toward online shopping and services, cybercriminals were hot on their heels,” said Marijus Bridis, chief technology officer at NordVPN. “A staggering 900% increase in advance fee fraud shows just how adaptable cybercriminals can be. The Covid-19 and cost-of-living crisis has become a honeypot for fraudsters, giving rise to increasingly nefarious schemes to separate victims from their money.”

Increased weakness

In August 2022, a Verizon survey It has been found that with increased working hours, locations and devices employees are using, enterprises are now more vulnerable to a range of cyber attacks.

It found that major attacks are on the rise, with 45% of companies suffering a compromise in the past 12 months – up 22% year-on-year. Just over half (52%) said they had previously sacrificed the security of mobile devices, including Internet of Things devices, to “get the job done.”

February, however, is Proofpoint’s latest annual Status of Fish Report It found that UK organizations were significantly higher than the global average in sanctioning or punishing employees involved in real or simulated phishing attacks.

Companies in the UK are also more likely to take drastic action, with 42% imposing financial penalties, versus 26% globally, and 29% dismissing people. Based on their interactions with phishing attacks18% globally vs.

Faced with increasing phishing attacks, a total of 78% of UK organizations told Proofpoint that they had to deal with at least one ransomware infection arising from direct email payloads, second-stage malware distribution or exploitation, with 82% having paid their attackers to some degree. “A staggering number of UK businesses experienced a phishing attack in 2021, and 91% of those attacks were successful,” said Adenick Cosgrove, international cyber security strategist at Proofpoint.

“Furthermore, security professionals in the UK are more likely to encounter non-email-based social engineering attacks,” he said. “This further compounds the fact that the UK is facing threats from all angles, but the key to combating these threats starts with staff.

“All of these attacks require human interaction to succeed, emphasizing the need to increase employee security awareness and training. Compared to global peers, UK workers had the highest awareness of the term ‘phishing’, which is encouraging, but at just 62%, we still have a way to go to ensure businesses are protected.”

Source link