Criminals have mastered a new fraudulent scheme

Positive Technologies have analyzed the cybersecurity threatscape of Q3 2023. According to the analysis, attackers continue to fine-tune their social engineering tactics and are employing new fraudulent schemes. In one such scheme, fraudsters have found a way to redirect phishing victims to a fake call center if they want to verify the legitimacy of a "call from the bank." The experts also pointed out new trends in the behavior of ransomware operators.

Based on the analysis, social engineering is the biggest threat (92%) to private individuals and a major vector (37%) of attacks on organizations. In Q3 2023, cybercriminals used various social engineering channels in successful attacks on individuals: phishing websites (54%), email (27%), social media scams (19%), and instant messaging hoaxes (16%). 

Worldwide statistics show that cybercriminals are increasingly using .pdf attachments to bypass email security systems. Attackers embedded malicious links into .pdf files, while additionally disguising these with QR codes in some of their attacks.

"In Q3 2023, phishing scams continued to exploit the themes of employment, deliveries, political turmoil, and making a quick buck by investing in cryptocurrencies," comments Roman Reznikov, Information Security Research Analyst at Positive Technologies. "Cybercriminals used phishing-as-a-service platforms to facilitate their attacks. Last year, we mentioned the emergence of the EvilProxy platform, which was used to conduct a massive campaign in Q3: fraudsters sent over 120,000 phishing emails. Now we are seeing cybercriminals use this platform to target the management of more than 100 companies worldwide, with 65% of the victims being senior managers and the remaining 35% having access to corporate financial assets or confidential data."

The study reports a new fraudulent scheme uncovered at a bank in South Korea. It includes several deception methods: for example, the malicious Letscall toolkit that combines phishing websites and voice fraud, known as vishing. Using a fraudulent website mimicking Google Play, cybercriminals distributed spyware. Besides collecting data on the infected devices, the spyware redirected calls to a fake call center if the victims noticed the suspicious activity and tried to call their bank. The call center operator used the previously collected details to lull the victims into a false sense of security, manipulating them into revealing further data or making a money transfer. If cybercriminals adopt this method on a large scale, a verification call to a bank will become virtually meaningless, Positive Technologies said. 

The experts recommend remaining vigilant online and refraining from opening suspicious links or downloading attachments from unverified sources. Attackers are skilled at spoofing start pages of well-known apps, so users need to remain vigilant to stay secure. Users must treat with suspicion any urgent requests and offers that are too good to be true, a common trope around the holiday season. Sophisticated social engineering techniques leave victims defenseless against the new tricks of attackers. Positive Technologies predicts that AI-powered attacks will grow in number as more cybercriminals add the tool to their arsenals.

In addition to the new social engineering scams, the study reveals new techniques used by ransomware operators: "double posting" and "ransomhack".