According to the Bitdefender 2024 Consumer Cybersecurity Assessment Report, most consumers don’t think they are an actual target for cybercriminals. Yet a quarter of them admit having experienced a security incident in the past year – a number that likely only represents the people who actually know it happened.
Understandably, consumers find it hard to realize exactly how, when, why, or if, they are being targeted. The vast majority (75.7%) either don’t believe they are a target or aren’t sure. And while a quarter (24.3%) do consider themselves worthy of hackers’ attention, more than a third (37.1%) are convinced hackers are not out to get them.
Credit: Bitdefender
People aren’t entirely wrong to not consider themselves a hot target for cybercrooks. Only a fraction of hacker attacks are actually targeted at a specific person – such as spyware attacks directed at high-profile figures like politicians, free-speech advocates, dissidents, journalists, celebrities, etc.
Targeting also occurs in socially engineered attacks, but mostly in the final stages, when the person has already been baited and identified as a potential victim. For the most part, regular Joes and Janes are not targeted individually by cybercriminals. However, that doesn’t mean they won’t become a target at some point.
As we note in our report, one doesn’t necessarily have to be in the crosshairs to fall victim to a cyberattack. Most cybercriminal campaigns are indiscriminate. Attackers typically:
· capitalize on data leaked from breaches and phish their victims using spray-and-pray tactics
· use doxxing to gather data about the victim and reach out to them on social media
· use phone numbers from spam databases and reach out to the target by phone, SMS, or instant message
So while most attacks begin indiscriminately, agnostically if you will, actual targeting can (and often does) still eventually occur – especially in the final stages of the attack, when the crook actually knows your name, phone number and email address and contacts you by name. Here are some examples:
The FBI has issued a public service announcement informing players in the crypto market to keep their eyes peeled as fraudsters are doubling down on recovery scams. In an initial warning last year, the agency drew attention to an increase in cryptocurrency recovery schemes targeting victims who have already lost cryptocurrency to fraud, scams or theft. Now, the bureau says it has noticed an emerging criminal tactic used to further defraud cryptocurrency scam victims: fictitious law firms baiting victims who already had their crypto wallets drained by scammers, claiming to be on the case to recover their precious coin – for a fee.
Phone scammers impersonate federal agents requesting cash, cryptocurrency, or gift cards.
Impersonation scams are on the rise and often use the names and titles of government employees, according to a notice issued in June by the US Cybersecurity and Infrastructure Security Agency (CISA).
“The Cybersecurity and Infrastructure Security Agency (CISA) is aware of recent impersonation scammers claiming to represent the agency. As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret,” according to the memo.
Americans lost over a billion dollars to scammers impersonating businesses or government agencies last year, the Federal Trade Commission said in April.
Read: Scammers Are Impersonating Federal Employees to Request Money Transfers, CISA Warns
Read: Gift cards – the gift that keeps on taking. Impersonation scams cost Americans $1.1 billion in 2023
Targeting doesn’t necessarily occur individually. A great deal of scams target entire demographics known as particularly ripe for the picking.
Prosecutors in the US have found two scammers guilty of mass-mailing fraud by selling consumer data to fraudsters who then targeted vulnerable citizens with fake prizes. The pair – who were sitting on troves of consumer information, including ways to target individuals – sold targeted lists of consumers and their addresses to perpetrators of fraud schemes who contacted the victims with scam letters falsely promising cash prizes. Both face up to 20 years in prison.
Tech-support scams also prey on this vulnerable demographic. Japanese authorities are taking the matter into their own hands in a novel tactic to combat the threat by placing dummy payment cards across convenience stores.
Read: Marketing Bosses Face 20 Years in Prison for Helping Fraudsters Scam the Elderly
Read: Japanese Police Place Fake Gift Cards at Local Convenience Stores to Fight Support Scams
Scammers often target citizens with fake job offers designed to steal their money. The FBI has noticed a recent surge in scams like these, with fraudsters “offering victims fake work-from-home jobs, typically involving a relatively simple task, such as rating restaurants or ‘optimizing’ a service by repeatedly clicking a button,” according to the memo. Posing as a staffing or recruiting agency, the scammers typically contact victims by text or phone.
According to the results of our survey, text-borne scams are the most common cyber threat consumers face today.
Credit: Bitdefender
Scammers devise a confusing compensation structure that requires victims to make cryptocurrency payments in order to earn more money or “unlock” work, and the payments go directly to the scammer. Victims are directed to a fake interface that displays fake earnings, none of which is available to cash out.
While scams run rampant worldwide, consumers still engage in complacent cybersecurity practices, making it imperative to employ dedicated security on our personal devices.
If you're suspicious about a certain phone call, email or SMS, Bitdefender offers Scamio as a fast and efficient way to find out if you’re being scammed. Simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check: a screenshot, PDF, QR code or link. Scamio lets you know in seconds if it’s a scam. Use it anywhere via web browser, Facebook Messenger, or WhatsApp. Scamio is localized for use in the USA, France, Germany, Spain, Italy, Romania, Australia and the UK.
Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.
And don’t forget the powerful Scam Alert features in Bitdefender Mobile Security. Scam Alert for iOS includes two layers of protection that monitor scams delivered through SMS/MMS messages and calendar invites. On Android, we warn users when we detect link-based mobile attacks delivered through SMS and popular messaging apps (Discord, Telegram, Facebook Messenger, WhatsApp), or notifications.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024