• Numerous scam mailings related to Amazon Prime were registered in Q3, 2019.
  • There was also a surge in fraud related to stealing photos of documents and selfies.

The third quarter of 2019 saw quite interesting fraudulent scams and phishing attacks on users worldwide. Here’s the highlight of all major attack vectors.

Targeting Amazon Prime users

Numerous scam mailings related to Amazon Prime were registered in Q3, 2019. Most of these scams were carried out via phishing emails which included a link to a fake Amazon login page. In order to lure users, these emails claimed to offer new prices & rewards for buying things or reported problems with membership.

Payment systems and banks used to steal data

There was a surge in fraud related to stealing photos of documents and selfies. The phishing emails appeared to come from payment systems or banks and asked users to confirm their identity. For this, users were asked to upload a selfie with an ID document by clicking on a special page provided within the email. The fake page looks quite legitimate and provides a list of necessary documents with format requirements, links to the privacy policy, user agreement, etc.

Some scammers even managed to steal personal data without a fake website or fake Facebook messages. For instance, in summer, Italian users were hit by a spam attack involving emails about a smartphone giveaway. To claim the prize, the victims were asked to send a photograph of an ID document and selfie to a specific email address.

In the case of fake Facebook messages, recipients were informed that access to their accounts had been restricted due to complaints about the content of some posts. To prevent their account from being deleted, they were instructed to send a photo or scan of a driving license and other documents with a selfie, plus medical insurance details.

YouTube and Instagram channeled to capture personal data

YouTube and Instagram appeared to offer viewers with several fake ads that promised to offer a lot of quick and easy money. For this, the victims were prompted to undergo a survey and provide personal details, after which they would receive a payout or gift from a large company, etc. In some cases, the inattentive users were asked a small ‘commission fee’ or ‘payment to ‘confirm the account’.

The education sector also targeted

A series of phishing attacks were also registered against the education sector. Phishers harvested usernames and passwords from personal accounts of students and lecturers using fake pages mimicking university login pages.

Scammers also tried to steal login credentials for the mail servers of education service providers. To do so, they mailed out phishing messages disguised as support service notifications asking recipients to confirm that mail account belonged to them.

Apple iPhone giveaway

Numerous fake websites designed to trick users in ‘free iPhone giveaway scams’ were also detected as part of phishing emails. Additionally, spoofed emails were also used to scammers to steal Apple ID authentication data. Kaspersky even noted, “Scammers also harvested users’ personal data by sending spam messages offering free testing of new releases.”

Spam through website feedback forms

Large companies’ feedback forms were also used to spread spam across individuals. Scammers targeted company mailboxes linked to feedback forms to send spam to people on the outside.

Other than feedback forms, a major spam campaign in which scammers sent emails pretending to be voicemail notifications was also observed in the last quarter. The attack was aimed specifically at corporate mail users. The recipient was invited to click or tap the phishing link that pointed to a website mimicking the login page of a popular Microsoft service.

Cyware Publisher