At this time of year, experts at Kaspersky identified phishing incidents around the Christmas and New Year holidays, where fraudsters disguise the theft of personal information and money as holiday gifts.
Some phishing sites aim to obtain data by infiltrating people’s social media and personal message accounts under various guises. They ask for information that, once received, is sent directly into the hands of fraudsters. One such phishing incident was recently reported in Singapore.
Fraudsters have created a sophisticated phishing site targeting individuals with the promise of New Year’s payments, apparently originating from Singapore’s Ministry of Finance. The scam page was designed to impersonate the ministry’s profile to be credible, and visitors were asked to enter their Telegram account details to receive payment. This allows fraudsters to gain full account access, which can lead to digital identity theft, access to private conversations, and the ability to impersonate other malicious activity.
Another widespread phishing technique that experts have uncovered is the bank lottery. Since New Year’s Eve is a time of bargains and gifts, fraudsters have created phishing sites that invite users to participate in lotteries to get their bank details and rob them. One New Year’s Eve scam specifically targeted citizens of the Philippines. In this scheme, people were lured to a website where they were invited to spin a wheel for a chance to win a certain amount of money.
Upon launch, users were shown their predicted winnings and asked to choose between different banks where they could deposit their predicted earnings. After making their choice, victims found themselves on phishing sites designed to simulate a legitimate online banking interface. This deceptive tactic was the final step in a scam designed to trick people into gaining access to their bank details and ultimately their money.
Another very attractive market for cyber fraudsters is the cryptocurrency market. Stealing a wallet with even a few bitcoins can be quite profitable. Criminals therefore put a lot of effort into creating credible phishing emails and pages, making it harder for users to spot something wrong. In one such case, they created a phishing page by copying the official offering of Courtyard.io, a website that allows users to convert physical collectibles into tokens. Courtyard’s original site invited users to register and purchase a New Year’s gift box containing a Pokémon card. The fraudsters then created a phishing page with the same offer, but to receive the surprise box, visitors had to connect a cryptocurrency wallet, leading to the theft of money.
“Fraudsters are creative and cunning. That’s why we need to double-check all special offers that come to us from unknown emails and use reliable and comprehensive cyber security solutions,†he said. Olga Svistunova from Kaspersky.
In addition, Kaspersky experts share some simple tips that should help us avoid scams:
- Please check the source before accepting any special offer. If it is from a well-known brand or organization, check the official website or social media channels and confirm the advertising campaigns;
- enter a URL in the address bar when you need to open a web page. Do not open the link in the email, it may be a phishing link;
- look for “red flags” in the menu. Beware of offers that seem too good to be true, such as winning a large amount of money or expensive prizes without any effort. This is particularly sensitive when it comes to cryptocurrency transactions: fraudsters will do anything to make the offer credible;
- do not share personal information. Legitimate giveaways rarely ask for sensitive personal information upfront. It is important to be careful when asking for information such as account numbers or passwords.
