The share of attacks on individuals using social engineering methods in the third quarter of 2021 increased to 83% compared to 67% in the same quarter of 2020, a study by Positive Technologies showed. According to experts, scammers are increasingly exploiting the topic of vaccination, in particular, they conduct fake surveys to collect data.
Fraudsters are improving deception schemes and successfully adapting to the conditions of the pandemic, experts say. They are increasingly exploiting in their attacks the increased demands of Russians for vaccinations, delivery services, online dating, subscription services, and even compensation for victims of fraud.
Analysts have identified the ten most popular and interesting topics of phishing attacks in 2021:
- Coronavirus pandemic. Vaccinations have been a major topic in this area in 2021, with attackers selling fake QR codes and certificates, and conducting fake employee vaccination surveys to collect data;
- Corporate mailings. The phishing mailings dealt with salary changes, social package updates, and banking fees;
- Series and movie premieres. During high-profile premieres, attackers create fake sites that imitate popular streaming services;
- Sports events. In 2021, the themes of the Tokyo Olympics, the European Football Championship became popular, and the theme of the World Cup 2022 began to gain momentum;
- Banking services. Under the guise of well-known brands, scammers promise users bonuses, preferential loans, or compensation to victims of fraud, and also report “problems” with mobile banking;
- postal services. Attackers offer customers of such services to “pay” for delivery, duty, or “check” the status of their package;
- Vacations and trips. Phishing emails and websites offer to book vacation spots and tickets, luring victims with low prices;
- Acquaintance. Fraudsters rob victims by giving them fake dates;
- Service subscriptions. Attackers send letters to victims about registration or renewal of subscriptions to various platforms;
- Investments. Cybercriminals create fake websites imitating the resources of well-known companies, and even entire fake investment platforms;
- Analysts predict that due to the release of a prototype digital ruble in 2022, cybercriminals may create fake websites offering to buy digital currency.
According to experts, the further development and distribution of the Phishing-as-a-Service model, which is based on the cooperation of attackers, will continue. There will be an increase in demand and supply of ready-made phishing solutions, such as fraudulent websites or malicious scripts.