Security expert Kaspersky, based on research conducted in the second quarter of 2021, warns of some new tricks that attackers use to extort money or steal payment information.

Since last year, scammers have taken advantage of order delivery delays to trick users into opening phishing links. Not only has this trend continued in the past quarter, but cybercriminals are getting smarter at locating spam messages. Organizations have faced a wave of invoices in different languages ​​asking for payment, from customs duties to shipping costs. Through these mails, victims are often lured to a fake website, where they risk losing money by having to enter their bank information.

Cybercriminals also launched websites that lured people to with the promise of buying undeliverable packages. Such sites are created like lotteries. Users do not know the contents of the package. They give an amount based on the weight of the package, which, however, never arrives after payment.

WhatsApp scam

Other new tricks of scammers were used in the last quarter via WhatsApp. For example, users were asked to participate in a survey and others were asked to do so. There will be a reward for this. In another case, the recipient won a prize and only had to pay a small amount to get the prize. Another scam took advantage of the discussion about WhatsApp’s new privacy policy, which made it possible to share information with Facebook. The cybercriminals created fake websites that invite users to WhatsApp chat with “singles nearby,” after which they land a potential victim on a fake Facebook login page, risking filling in his personal information. Users also received links to fake WhatsApp apps, which puts them at risk of downloading malware.

Victims are called scammers – phishing

Kaspersky has also seen an increase in so-called voice phishing (voice phishing). Victims are asked in an email to call a certain number if the request in the email is not made by them. The senders are supposed to be well-known companies that tell the recipient about expensive purchases, such as gaming laptops or Apple smartwatches. The goal is to collect personal or other valuable data. “The fraud is based on the fact that the recipients were so shocked by the unexpected large purchase that they acted in a hurry, hoping to get their money back. Of course, their money hasn’t gone anywhere — at least, not yet. It doesn’t have links, but there is a number A phone that the victim has to call if he wants to change or cancel the order, and if the victim calls, the scammers are likely trying to get personal data or even bank details.Another possibility is that they are trying to trick the victim into transferring money or even installing a virus on the computer This is something that has happened in the past, so users should be on the alert if they receive unexpected emails in their inboxes.”Roman Dedinok, Content Filtering Team, Kaspersky


Cybercriminals are getting smarter and more persuasive. This is why it’s a good idea to always be on the lookout. In response to these trends, Kaspersky has included the following practical tips for users:

  • Don’t call a phone number in an email message too soon. Instead, log into your account with the service in question – type the address into your browser and check your recent requests or activity.

  • Always check links before clicking on them. Hover over a link to preview the URL, then look for misspellings or other irregularities.

  • Even if a message comes from someone you know, remember that their accounts can also be hacked. Be careful in any situation. Even if the message seems friendly, always treat links and attachments with great care.

  • It is best not to follow links from emails at all. Alternatively, you can open a new tab or window and manually enter the URL of the bank or other destination.

  • Install a reliable security solution and follow all recommendations, such as Kaspersky Total Security.

  • It is a good idea to check the return address carefully. Most of the spam comes from email addresses that don’t make sense or look like nonsense, for example [email protected] or something similar. By placing your cursor on the sender’s name, you can see the full email address. If you are not sure that the email address is correct, you can put it in a search engine for verification.

  • Think about the type of information that is being requested. Legitimate companies will simply not contact you via unsolicited emails asking for personal information, such as your bank, credit card, or social security number.

  • Be careful if the message creates a sense of urgency. Spammers try to apply pressure like this. For example, the title may contain words such as “urgent” or “immediate action required.”

  • Checking grammar and spelling is an effective way to identify a fraudster. Typos and bad grammar are real red flags. This also applies to the strange phrasing that can result from translators translating email back and forth multiple times.

“As in the past, we see attackers taking advantage of new trends and disruptions to steal funds and credentials. The best thing users can do is beware of unexpected emails and be extra careful when clicking on email attachments or links. It’s always better,” says Kaspersky’s Tatiana Shcherbakova. Go directly to websites.

Read more about spam and phishing in Q2 2021 at the link

Photo courtesy of Editors WINMAG Pro