Kaspersky experts have outlined top four email scam themes and tactics currently prevalent in the Middle East, Tyrkiye, Africa region (META) . These scams highlight different social engineering techniques used by cybercriminals, however the objective remains the same, which is to entice unsuspecting victims and steal their personal and financial information.
Phishing remains the most common type of social engineering attacks. According to the Spam and Phishing in 2022 report, Kaspersky's anti-phishing system thwarted over 500 million attempts to access fraudulent Web sites globally in 2022. In Saudi Arabia, we see that this type of threat is growing over time: Q2 2023 saw (157%[AO1] increase) phishing detections in comparison with Q1.
The four email scams described further disguise themselves to have come from trusted sources, tricking their recipients into opening the emails, clicking on malicious links or downloading harmful attachments.
Undelivered parcels: Exploiting human curiosity, many people have received emails and text messages from postal and courier services providing links to confirm payment or to unsubscribe. Clicking on these links redirects individuals to a fake page that steals sensitive information.
Know Your Customer (KYC): Cybercriminals have been posing as prominent banks requesting people to complete KYC verification to comply with financial regulations or avoid suspension of transactions. The objective here is to exploit human fear by highlighting words such as “urgent” in the email to manipulate victims. The format and design of the email, and the KYC link appear to look authentic to visually trick people.
Unusual email account log-in activity: These fake alerts flag false sign-in/log-in activity into an individual’s email account and provide a link to report the user. The email includes sign-in details such as country, IP address, date and browser which make the alert appear legitimate and cause worry. Coupled with the travel season, this scam theme can increase the cybercriminal success rate.
Free money: These fraudulent emails play on elements of human greed and curiosity. Cybercriminals attempt to convince people to open a malicious email attachment related to money deposits. In reality, the attachment is an HTML page that redirects the victim to a fake Microsoft Outlook page to steal email credentials.
The above tactics are known as social engineering techniques. Social engineering is a manipulation technique built on how people think and act. This involves an email or text message pretending to be from a trusted source. Once a cybercriminal understands what motivates an individual’s actions, they try to exploit their lack of knowledge and manipulate their behavior to meet the end goal.
“There is no aspect of our life that cybercriminals cannot exploit. Human behavior and emotion is no exception. These scams are a result of manipulation based on fear, curiosity and greed. The key takeaway is to pay attention to basic details in emails before responding, even if they are from trusted sources, because one wrong click can lead to harsh consequences” commented Maher Yamout, Lead Security Researcher at Kaspersky.
To safeguard yourself against such scams, Kaspersky experts recommend the following: