Subscribe

Fraud targets most likely to be scammed on their birthday

Fraud Birthday
/ 22nd August 2022 /
George Morahan

Members of the public are more likely to be hacked on their birthday than any other day of the year, research by cybersecurity platform TitanHQ shows.

The company has warned internet users about some less commonly known phishing scams and advised people on how to protect themselves from being attacked online.

In addition to better-known scams involving fake invoices, requests for personal and payment information from fraudsters purporting to be the target's bank, and fraudulent threats of legal action for unpaid taxes, the tricks listed below are catching many people out.

The Happy Birthday email

Phishing emails usually harp on a message of urgency (i.e, your password is about to expire) to rush users through a desired call to action before thinking about what they are really doing.

However, another less commonly known approach is to hit them in a vulnerable moment in which they have their guard down.

In Association with

In a new trend that exploits flattery, attackers send targeted victims an email on their birthday. These are no generic attacks as the attackers must actually know when your birthday is. The email contains a birthday greeting that invites the user to click on a link to see the e-birthday card that a loved one sent. 

Sometimes even going as far as to tell the victim they have an Amazon gift card waiting for them that someone purchased for their birthday. Of course, there is no e-card or voucher, just a weaponised malware payload such as ransomware that will invade your network once it infiltrates your computer. 

 The question quiz scam

Recently, the Akamai Threat Research team uncovered an attack they call the “question quiz.”  The targeted victim receives an email or Facebook Invite from a well-established brand asking them to participate in a quiz. Those who participate and complete the quiz are told they will receive a nice prize and end up scammed instead. 

This attack was backed by an elaborate network of over 9,000 domains and subdomains. Each domain was only used for a short amount of time and then discarded before it could be properly classified as malicious. The attack also disguised the attacks using an array of content delivery network (CDN) features. 

Fraud Birthday
Victims of online fraud are most likely to be targeted on their birthday. (Pic: Getty Images)

 The Google contest winner

With this scam, the victim receives an email announcing that they are the latest “Google Winner” as a way to thank you for being a loyal user of Google services. The email includes precise directions as to how to claim your prize which of course involves sharing your personal details with Google. 

The letter also includes a link taking you to a fake Google site that requires you to log on with your Google credentials. While the criminals don’t steal any funds in this scam, they do walk away with your Google details, which people often use at many third-party sites, as well as personal information that can be used to validate your identity. 

The MFA attack

Multifactor authentication is highly recommended today for any resource site that requires login credentials, but don’t think that MFA is foolproof. Because of the increasing usage of MFA, cybercriminals are quickly developing ways around it. 

During this phishing attack, a user usually clicks on a link that takes them to a website that is spoofing their bank’s webpage. The victim then inputs their credentials, which the attacker captures in real-time and immediately uses them. The attacker’s logon to the actual bank’s site initiates an MFA check which the user assumes was initiated by their own login attempt.

A pop-up then appears on the spoofed page prompting the user to type in their MFA code. Once this is inputted, the attacker now gains complete access to the victims account and can change the MFA phone number if desired.

TitanHQ has advised users at risk of being defrauded to learning the basic tell-tale signs of an attack, to use a combination of email and web filtering software, apply a healthy amount of scepticism when replying to emails, to layer their company's protection, and to only accept communication from trusted sources.

(Pic: Getty Images)

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram