Strangest social engineering attacks of 2021 | #cybersecurity | #cyberattack


New research has highlighted the creative and occasionally unusual lengths fraudsters take to carry out social engineering attacks. Proofpoint has listed what it describes as the five strangest social engineering scams it detected last year, with campaigns including the spoofing of soccer coaches and scholars to trick victims into parting with data and money.

As organizations continue to struggle to defend information, devices, and systems against socially engineered attacks, experts say the most successful social engineering groups are usually the most imaginative. “Social engineering is inherently people-centric, and regardless of whether threat actors are targeting businesses or individuals, they’re responding in real time to the events and themes that have the attention of the wider world,” Lucia Milică, global resident CISO at Proofpoint, tells CSO.

Advanced fee/417 scam, but with a twist

Proofpoint’s report cites some curious social engineering scams, with the strangest a new take on the classic advanced fee/417 scam. In this campaign, a target received a bogus email from the Chief Justice of Canada informing them of not just a $2.5 million inheritance but also a lottery win – if the Royal Bank of Canada doesn’t get there first to confiscate it. The issue could be resolved, and the winnings made available in the form of an ATM Visa card, for just $100, the scammer claimed.

“Advance fee fraud is renowned for occasionally outlandish social engineering tactics, but for its sheer range and variety, this one takes the cake. Or the biscuit. Or the cookie,” Proofpoint wrote.

Using good and bad news to deliver malware

Deemed the second strangest social engineering attack of 2021 is a scam that saw fraudsters experiment in December with a good news/bad news effort in which recipients received a message informing them that their employment had been terminated, while others got news of promotion and a holiday bonus.

Despite the apparent difference in fortune, both messages were really delivering bad news. Downloading an attached Excel file and clicking “enable content” resulted in a Dridex banking Trojan being dropped on the victim’s computer, Proofpoint said. “As a cheerful kicker, victims were rewarded with a ‘Merry Xmas’ pop-up once the malware download began.”

Copyright © 2022 IDG Communications, Inc.



Original Source link

Leave a Reply

Your email address will not be published.

+ 73 = seventy six