According to a phishing incident reported in Singapore, scammers created a sophisticated site that prompted users to enter their Telegram details, mimicking Singapore’s Ministry’s branding.
New Year is the best time for brands to throw extravaganza offers and sales to drive holiday cheers amongst consumers. However, it’s a golden opportunity for scammers to steal consumers’ personal data by attracting them with exclusive discounts and giveaways. Furthermore, these malicious actors can use their sensitive information to undergo monetary theft.
For example, the experts at Kaspersky identified various cases of phishing attacks taking place during the holiday season.
Tactics that phishing scammers apply to trap victims
1. Target personal accounts
Some phishing sites gain access to data by infiltrating users’ personal social media and messenger accounts under various guises. Firstly, they request information and leak the submitted data directly to the scammers.
One of these phishing incidents was recently reported in Singapore. Scammers created a sophisticated phishing site targeting individuals with the promise of payments in the new year purportedly from Singapore’s Ministry of Finance. This deceptive site was designed to mimic the ministry’s branding, giving it an air of credibility. To receive the payout, visitors were prompted to enter their Telegram account details.
Once the user enters the Telegram account details, fraudsters can then gain full access to the account. Furthermore, they can lead to digital identity thefts, utilising the inputs from private conversations.
2. Mimic banks for giveaways
Another phishing technique designed to trap those who believe in miracles is a lottery featuring banks. By prompting consumers with lucrative offers and gifts, fraudsters create phishing sites that invite users to participate in giveaways and obtain their bank details to steal from them.
For example, scammers targeted Filipino citizens with a New Year-focused scheme, enticing them to spin a wheel for a chance to win a sum of money. Later on, users were shown their supposed winnings and asked to select between various banks where the alleged funds could be deposited.
After they made the selection, users found themselves on phishing sites specifically designed to mimic legitimate online banking interfaces. This deceptive tactic focused on swindling the victims by gaining access to their banking credentials and ultimately their funds.
3. Attract users with crypto gift-boxes
With thriving stakes in the cryptocurrency market, stealing a wallet with even a few tenths of a bitcoin already brings scammers significant profit. Thus, they put a lot of effort into creating believable phishing emails and sites, further making it harder for the user to notice something wrong.
In one of the cases, the fraudsters created a phishing page copying the official offer of Courtyard.io, a website that allows users to convert physical collectables into tokens. The original Courtyard.io site invited users to register and purchase a New Year’s Eve box containing a Pokémon card.
So, scammers created a phishing page with the same offer, asking visitors to connect a crypto wallet to receive a surprise gift. As a consequence, these malicious actors used the visitors’ data to steal their funds.
How to avoid scams?
Showing concern about the burgeoning phishing scams related to giveaway offers, Olga Svistunova, Senior Web Content analyst at Kaspersky, said, “Scammers are inventive and cunning. In response, we need to double-check all those special offers that come through from unknown emails. Luckily, we can have a reliable ally here – a comprehensive cybersecurity solution that will protect personal data and money, and prevent malicious actors from stealing our holiday.”
Furthermore, the experts at Kaspersky shared some valuable insights to get rid of these scams, such as:
- Verification of the source: Before engaging with any special offer, verify the legitimacy of the source. If it’s from a known brand or organisation, check their official website or social media channels to confirm the giveaway campaigns.
- Type the URL into the address bar: Don’t open the link from the email: it could be a phishing link. Whenever there is a need to open a website, it is always better to type its URL into the address bar avoiding any links in email.
- Look for the red flags in the offer: Be aware of offers that seem too good to be true, like winning a large sum of money or expensive prizes with little to no effort. This is especially tricky when it comes to cryptocurrency transactions: scammers will do their best to make an offer look valid.
- Do not share personal information: Legitimate giveaways rarely ask for sensitive personal information upfront. Be cautious of any request for details like your bank account numbers, passwords, or Social Security numbers.
Summing it up, phishing scams can lead to irreversible monetary loss for consumers, and negatively impact any brand’s reputation whose name the scammers use. So, it becomes essential to stay alert before getting trapped by any giveaway link or messages.