Phishing attacks seem to get more sophisticated and harder to spot every day. There are two new things that are allowing threat actors to create phishing methods that are extremely difficult to detect. These are the increased usage of QR codes (quick response codes) and the use of artificial intelligence applications. Along with these new things, hackers are also still relying on the old methods of inserting malicious links in emails and even scamming people that are looking to donate to charities.
It should also be noted that phishing can also take place over the phone and by SMS message. Research has shown that 81% of organizations have experienced an increase in email related phishing attacks since March 2020. One in five businesses has failed to provide their employees with proper cybersecurity awareness training and this is one of the things that has led to this increase. Tekscape recently launched our new cybersecurity awareness training module that will help employees spot phishing attempts before they become a problem.
Here are some questions to ask yourself before making the decision on investing in cybersecurity awareness training.
• Are your employees trained to avoid or see through a cyber-attack attempt?
• If a cyber-attack is successful through an employee, is your business ready for retaliation?
• Do I have reports and KPIs that show my team’s proneness to phishing scams?
• Do I have educational content for my employees?
Are you still not convinced? Take a look at these new phishing scams of 2023.
The QR Code Scam
QR codes have exploded in popularity since the start of the pandemic. Restaurants and other businesses have started to use them as a touch free option to view menus and other documents. The recent uptick in QR code related scams has even caught the attention of the FBI. Cyber criminals are altering the digital and physical code of QR codes and replacing itwith malicious code.
These modifications allow hackers to access your mobile device so they can steal personal and financial data. Another QR code related trick is that a scammer may call and say that they’re sending a QR code to the victim that is linked to a $100 gift card. The link actually points to a site infected with malware. To avoid falling victim to a QR code related phishing scam, we recommend the following things:
• Never download an app from a QR code, use your phone’s app store instead.
• Don’t download a QR code scanner app. Most phones already have a scanner built into their cameras.
• If you receive a QR code from an unknown sender, verify that the code is real by calling the person or company who sent it.
ChatGPT Phishing Scams
OpenAI’s chatbot, ChatGPT, has gained a lot of popularity since its launch in November of 2022. It has become the most rapidly growing application in modern history with more than 100 million users signed up by January of 2023. This popularity has forced OpenAI to slow the use of the tool and launch a $20 per month subscription for customers who want to use the chatbot without restrictions.
Unfortunately, this led to threat actors exploiting users by promising uninterrupted, free access to the premium subscription of ChatGPT. The end goal of the threat actor is to install malware or get the user to provide account credentials.
One of the first people to notice the guise was security researcher Dominic Alvieri. Threat actors were using the domain chat-gpt-pc.online to infect visitors with information stealing malware which is hidden under the guise of a download for a ChatGPT Windows desktop client.
Alvieri also noticed that there were fake ChatGPT ads being promoted in the Google Play store as well as other Android app stores. These downloads are being used to install malware onto people’s devices.
Charitable Donations Scam
Scammers will stoop to many lows and one of these is exploiting your willingness to give to charity. Charity phishing scams can be run by one person or by registered nonprofits. Whatever the case is, the money never goes to help a cause; it goes right to the fraudster. Charity phishing scams are usually conducted by a threat actor that sends an email or directs you to a website that looks like it is run by a legitimate organization. Before donating to any nonprofit organization, look for their employer identification number on their website so that you can ensure the money is going to a legitimate cause. This is especially important for businesses that want to make charitable donations.
Transaction Complete Email Scams
This email phishing attempt usually takes the form of a threat actor that is pretending to be another business such as Norton Antivirus or as seen in the screenshot to the right, Best Buy’s Geek Squad. As you can see phishing is conducted by a phone number that will allow the user to contact their “customer support team”.
When the user contacts the supposed support team, it is likely that the phisher will need access to the user’s computer. After gaining access to the computer, it is likely that the phisher will make the user inadvertently install malware.
There was a new tactic we also noticed with this email and that was if we moused over the unsubscribe link, there was a malicious link attached to it. Those who are not properly trained in cybersecurity awareness may have clicked that link and then been redirected to a malicious site.
Tekscape is a nationally based information technology managed service provider that is based in New York City. We work with clients in the nonprofit, manufacturing, education, finance, and legal sectors. Our cybersecurity awareness training consists of assignments, simulated phishing tests, employee risk visibility, cyber awareness content. The benefits of cybersecurity awareness training are improved cyber hygiene, reduced liability costs, and ongoing training for the changing threat landscape of phishing. Contact us today at Sales@teskcape.com or 855-835-7227 to set up a demo for cybersecurity awareness training.