According to the Bitdefender 2024 Consumer Cybersecurity Assessment Report, netizens' biggest cybercrime worry is having their money stolen. Yet people generally avoid even the easy steps that could keep fraudsters at bay.
A quarter of netizens suffered at least one security event in the past year. We surveyed participants who experienced a security incident to identify exactly what type of threat they dealt with, and choose all that applied to them.
Text scams are the most abundant threat consumers faced (45.4%), followed closely by fraud attempts (44.4%) and phishing emails (42.1%). Data exposure accounted for 27.5% of the reported incidents, followed by malware infection at 16.4% and doxxing at 9.2%.
Credit: Bitdefender
Most cyberattacks today are socially engineered to access your finances. Here are some examples:
Read: Bitdefender Releases 2024 Consumer Cybersecurity Assessment Report
Crypto scams have grown bigger and more sophisticated in recent years. Victims reported losing more than $2.5 billion in cryptocurrency investment frauds in 2022 alone, according to the FBI Internet Crime Complaint Center (IC3).
The FBI recently issued a public service announcement informing players in the crypto market to keep their eyes peeled, as fraudsters are doubling down on recovery scams. An initial warning last year drew attention to an increase in cryptocurrency recovery schemes designed to exploit victims who have already lost cryptocurrency to fraud, scams or theft.
Now, the agency says it has noticed an emerging criminal tactic used to further defraud cryptocurrency scam victims: fictitious law firms baiting people who already had their crypto wallets drained by scammers, claiming to be on their case to recover their precious coin – for a fee.
The fake lawyers contact scam victims and offer their services, claiming to have the authorization to investigate fund recovery cases.
“To validate the contact, the ‘lawyers’ claim they are working with, or have received information on the scam victim's case from the FBI, Consumer Financial Protection Bureau (CFPB), or other government agency.”
In some cases, scam victims end up baiting themselves by contacting what they believed to be legitimate recovery services.
The tactic has already inflicted losses of over $9.9 million. In most cases, the fraudster cuts off contact with the victim immediately after getting the the upfront payment or recovery fee.
In some instances, negligent cryptocurrency enthusiasts have lost their life savings due to poor cybersecurity practices. The US Department of Justice recently announced a 20-year sentence for an Indian national who spoofed the Coinbase website to steal over $37 million from players in the crypto market.
Impersonation scams, which often use the names and titles of real government employees, are on the rise, according to a notice from the US Cybersecurity and Infrastructure Security Agency (CISA) issued earlier this month. Phone scammers impersonate the agency requesting cash, cryptocurrency or gift cards.
Americans lost over a billion dollars to scammers impersonating businesses or government agencies last year, the Federal Trade Commission said in April. Most reports involved copycat account security alerts, phony subscription renewals, fake giveaways, discounts, or money to claim, bogus problems with the law, or made-up package delivery problems.
Scammers are also targeting netizens with fake job offers designed to steal their money. Fraudsters contact unsuspecting victims offering fake work-from-home jobs, typically involving a relatively simple task, such as rating restaurants or ‘optimizing’ a service by repeatedly clicking a button, according to a memo from the FBI.
The scammers design the offer with a delibertately confusing compensation structure that requires victims to make cryptocurrency payments up front in order to earn more money or ‘unlock’ work. The payments go directly to the scammer. Victims are directed to a fake interface that displays fake earnings, none of which is available to cash out.
Due to advancements in AI, all a scammer needs is a sample of a person’s image or voice to generate a convincing likeness. Phone the person’s family, add in a sense of urgency, and they can easily trick them into sending money to save their loved one from a dangerous, albeit fake, scenario.
The Trapp family in the San Francisco Bay Area suffered this trickery first hand when they got a frantic call from their “son” saying he’d been in a car accident, injured a pregnant woman, and needed urgent help.
According to the San Francisco Chronicle, the scammers posed not only as the Trapps’ son but also as law enforcement instructing the distressed mother to quickly withdraw $15,000 in cash and hand it over to a courier already on his way to the family’s house.
The parents ultimately became suspicious and contacted police in the jurisdiction where the accident had allegedly taken place. Then they contacted their son on his mobile and quickly realized it was all a scam.
The full story is worth a read as this can happen to anyone, anywhere. The feds have been warning Americans of the swindle for years.
Scams targeting the elderly have always been lucrative for cybercrooks. Luckily, some scammers end up paying dearly for their deed. For example, two US nationals were recently found guilty of mass-mailing fraud for selling consumer data to fraudsters who then targeted vulnerable citizens with fake prizes.
The pair – who worked for a big marketing firm and were sitting on troves of consumer information, including ways to target individuals – sold targeted lists of consumers and their addresses to perpetrators of fraud schemes involving the sending of deceptive mail to consumers. Both face up to 20 years in prison.
In Japan, authorities are taking pre-emptive measures to combat scammers preying on their seniors.
The attackers especially target the elderly, a notoriously vulnerable demographic, prompting them to pay for removing a “virus” from their computer. With the victim duped, scammers demand payment in the form of payment (gift) cards easily found at convenience stores.
In a novel tactic to thwart such “tech support” scams, the Echizen Police in Fukui have started placing dummy payment cards across the prefecture’s convenience stores. As reported by local news site Fukushimbun Online, the move has already helped some steer clear of fraud.
“It's hard to get people to talk to you if they just ask you to make a purchase, but if you use a dummy card, it's easier to guide them,” said Yayoi Tanaka, of the Takefu Hinomi store.
Read: How To Spot and Avoid Tech Support Scams
Respondents to our survey who say they can recognize a scam are more likely to have experienced a security incident. But those who cannot recognize scams likely have experienced one without knowing.
Credit: Bitdefender
Password management remains a consumer weak points, with 37% of netizens writing down their passwords, 18.7% using the same password for three or more accounts, and 15.8% using the same password for at least two accounts.
Poor password hygiene is a leading attack vector for cybercriminals. Even if a person uses strong, unique passwords for every account, attackers still find ways to grab them and take over the accounts – either because multi-factor authentication wasn’t enabled, or they got conned into divulging their login data.
Almost 4 in 5 (78.3%) consumers use their smartphone to do banking, access healthcare data, manage investments, trade crypto – in general, to manage important data and conduct sensitive transactions. Yet many admit to deploying no form of dedicated security on their device. We asked participants why they didn’t use a mobile security solution, despite knowing the risks.
Of those who shun mobile security solutions, the top cited reason is they trust their vendor to handle the problem (38%). In second place, 23.2% said they didn’t know they could buy mobile security. Over a fifth (21.3%) are well aware they can buy security on their phone but feel it’s too expensive. And 19.4% feel secure without added security on their device. 13.3% admitted they had no reason in particular to ignore mobile security, and 11.55% think such a solution will slow down their phone.
Credit: Bitdefender
This, even though consumers’ biggest cybersecurity fear is hackers accessing their finances.
Credit: Bitdefender
As noted earlier, cyberattacks targeting consumers today are enabled by socially engineered mechanisms. Victims get contacted by phone, SMS, instant messaging platforms or social media and are tricked into divulging sensitive data or to simply send money to the scammer.
If you're suspicious about a certain phone call, email or SMS, Bitdefender offers Scamio as a fast and efficient way to find out if you’re being conned. Simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check: a screenshot, PDF, QR code or link. Scamio lets you know in seconds if it’s a scam. Use it anywhere via web browser, Facebook Messenger, or WhatsApp. Scamio is localized for use in the USA, France, Germany, Spain, Italy, Romania, Australia and the UK.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 19, 2024
November 14, 2024