New Spam and Phishing Trends, and how to avoid them.

Alice Bonasio
Aug 8, 2019 · 4 min read
Image for post
Image for post

Scammers are getting ever more creative with new spam, SMS and phishing techniques. Here’s how to avoid getting caught by these latest scamming strategies.

By Daniel Markuson, Digital Privacy Expert at NordVPN.

422.49 billion spam emails are sent worldwide every day. This number also includes phishing, sextortion, advertising, and finance-related scams. Most people can already spot the traditional spam messages that claim they have won a new Lamborghini or inherited a million dollars, so spammers are finding new creative ways to trick people into giving them money or information.

With so much personal data available out there, it is much easier for criminals to customize all kinds of scamming attempts — from simple spam to much more advanced phishing or extortion. These emails, messages, and websites often seem so real, and provide such a high level of detail, as to make even the most cautious person susceptible to falling into a trap.

A New Era of Smishing

Recently, there has been an increase in the numbers of SMS spamming attacks, known as “smishing” where scammers try o steal people’s personal information or credit card details. They do this by initially sending text messages designed to look like they come from a bank, an employer, or an official governmental institution.

A few months ago, a massive smishing attack produced tens of millions of fake SMS messages, inviting the recipients to go on fake websites. The texts were generated by a spam-sending database run by a company called ApexSMS. Interestingly, the system was able to detect when people messaged back using keywords such as “report” and “FCC. These phone numbers were added to a special list of contacts that would not be used by the fraudsters again. However, you should bear in mind that responding to these kinds of texts may leave you vulnerable to identity theft because if you contact the hackers, the hacked phone transmits your sensitive data stored on it,

As investigators later discovered, the database contained around 80 million records. They included people’s names, phone numbers, carrier network names, IP addresses, and even locations. Out of the 38 million texts. that were sent during the attack, 2.1 million people clicked on a link in the fraudulent message. Luckily on this occasion, the scammers used an unprotected server, which experts discovered in time to stop the attack.

Fake Missed Calls

Besides SMS frauds, scammers are now abusing the Notifications and Push APIs on Android devices. These two APIs are used to push notifications on mobile phones to re-engage users. An application or server can push them even if the app is not running. The problem is, the API allows scammers to make their notifications look identical to a legitimate app. For example, they can create fake alerts customized to look like a missed phone call.

One of the ways scammers exploit the feature is using Google Chrome to push messages to mobile phones. To hide their origin, the Google Chrome icon is changed into a “Missed Call” notification. When this happens, one message informs the scammers that they can hack the phone. Another one shows a missed call from a medium called Esmeralda.

Scammers aim to take advantage of well-known applications. They create false alerts using the looks of popular apps. This confuses mobile phone users. Once they press the push notification, their phones get hacked. Thus, before pressing the notification, it is important to pay attention to the message that it contains and think if it is actually related to the nature of the app.

Phishing With Legal Threats

Another new strategy that creative spammers are now using is lawsuit emails. They send fake emails, which claim that the recipient is being sued and request to open and read the attached fraudulent documents and respond within seven days, lest the law suit go ahead.

The scammers use the names of existing law firms and falsify their email addresses. Most of the time, they target the employees of big companies. Around 100,000 businesses have been attacked to date — mostly in Canada.

teps Anyone Can Take to Protect Themselves

While fraudsters are becoming more creative, it is still possible to save ourselves from their attacks by becoming more aware of the latest scamming techniques. Then, it is crucial to check the messages, phone calls, and emails you receive before opening them. These are the basic but important steps in protecting ourselves handing our personal data to scammers.

Tech Trends

Showcase for the latest disruptive technology that is…

Alice Bonasio

Written by

Technology writer for FastCo, Quartz, The Next Web, Ars Technica, Wired + more. Consultant specializing in VR #MixedReality and Strategic Communications

Tech Trends

Showcase for the latest disruptive technology that is changing the education landscape globally

Alice Bonasio

Written by

Technology writer for FastCo, Quartz, The Next Web, Ars Technica, Wired + more. Consultant specializing in VR #MixedReality and Strategic Communications

Tech Trends

Showcase for the latest disruptive technology that is changing the education landscape globally

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store