One in five Brits duped by phishing scams leveraging trusted brand names
Threats / One in five Brits duped by phishing scams leveraging trusted brand names
29 November 2018
Cyber criminals have almost perfected the art of targeting British consumers with phishing scams to steal their personal information or to install malware into their devices, so much so that one in five British consumers have fallen for phishing emails pretending to be from trusted and popular brands.
Last year, suspected online fraudsters used the logo of Emirates Airlines in emails addressed to thousands of users, asking them to participate in surveys and win free tickets in return. The phishing e-mails in question asked users to click on malicious links to participate in a survey. Once users clicked on such links, hackers could then gain access to their devices as well as to other sensitive details like credit card information.
Around the same time, hundreds of Gmail accounts were targeted by a massive phishing attack which requested Gmail users to allow ‘Google Docs’ to access their e-mail accounts. Hackers behind the operation used a web app named ‘Google Docs’ which had nothing to do with Google but gave users the impression that they were giving access permissions to the original Google programme.
Hundreds of Netflix users were also targeted by a phishing scam that attempted to steal their credit card details. Hackers behind the operation asked Netflix users to update their Netflix membership details by clicking on certain malicious links. When victims completed these forms, the site redirected them to the legitimate Netflix homepage in an effort to make the scam harder to detect.
In July this year, hundreds of Argos customers were targeted by a phishing scam that involved fraudsters sending them texts, offering discounts and refunds and luring them to click on links that appear to be the Argos website.
For instance, an Argos customer reported on Twitter that he received a text message that stated his Argos card had a refund of 170 from an overpayment and featured a link to a site where he could request a refund.
British consumers still falling for phishing scams
A survey of 1,000 British consumers by security firm DomainTools has revealed the extent to which cyber fraud rings have been able to dupe British consumers into clicking on malicious links or sharing their personal information with the belief that they have been interacting with popular and trusted brands.
The survey revealed that phishing scams leveraging trusted brand names have been able to dupe one in five British consumers so far. Of those who were duped, 20% said their computers were infected with a virus, 15% had their personal information stolen, and 6% were tricked into purchasing a fake product.
16% of British consumers also told DomainTools that they were unsure whether they had clicked on a scam email, thereby suggesting that the number of people affected by phishing scams could be much higher than believed.
“As we enter into the holiday season, it is important for consumers to remain vigilant in the face of potential threats. The holiday season allows bad actors the opportunity to maximize their investment in siphoning credentials, financial data, and PII (personally identifiable information), some of the most prized records,” said Corin Imai, senior security advisor at DomainTools.
“Being acutely aware of these attacks by cross-referencing URLs on emails with the legitimate websites of retailers before clicking on any links and being overly cautious can be helpful in not falling for sophisticated attacks,” he added.
Fraudsters leveraging brand names of Amazon, Argos & Tesco
A similar survey carried out by DomainTools last year revealed that the brands most likely to be leveraged for phishing scams included Amazon (88%), Argos (46%) and Tesco (35%) and that 24% of their customers had their computers infected with viruses, 20% had their credit card details or personal information stolen, and another 8% lost money on deals that never existed.
“The issue here reinforces that people will blindly click on links if they believe it has come from a trusted resource. People are trusting, and criminals take advantage of this by preying on their emotions and having massive success, mainly due to people not querying messages. It’s important that they stop and think before clicking,” said Stephen Burke, Founder & CEO of Cyber Risk Aware.