{"id":12371,"date":"2018-12-11T09:00:48","date_gmt":"2018-12-11T05:00:48","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=12371"},"modified":"2019-11-15T15:22:40","modified_gmt":"2019-11-15T11:22:40","slug":"phishing-spam-hooks","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/phishing-spam-hooks\/12371\/","title":{"rendered":"Online fraud: 5 most common spammer tricks"},"content":{"rendered":"

Spam<\/a> and phishing<\/a> often go hand in hand: Fraudsters send mass mailings in an attempt to phish information from recipients. For them, users\u2019 personal data remains a highly prized and desired asset, as evidenced by both the constant high-profile media stories and our own spam flow analysis. A common aim of spam is to gain access to your accounts or bank card numbers through e-mail phishing and social engineering techniques.<\/p>\n

In this post, we look at the five tricks most commonly employed by spammers.<\/p>\n

1. Fake notifications from social networks<\/h2>\n

Spammers actively send fake notifications that seem to come from popular social networks and are about new friends, their activities, comments, likes, and so forth. Such messages are often indistinguishable from the real thing, the only difference being that they contain a phishing link, which is not always easy to spot. On following the link, users are prompted to enter their username and password on a fake login page.<\/p>\n

Another common variant is messages supposedly from social networks, but this time with threats alleging, for example, that suspicious activity has been detected on your account, or that a new feature has been introduced and users who don\u2019t give their consent will be blocked. Whatever the case, the message will contain a button with a link to a phishing login page.<\/p>\n

\"Phishers<\/a>

Phishers most popular tricks: Fake notifications from social networks<\/p><\/div>\n

2. Banking phishing<\/h3>\n

Phishing aimed at obtaining users\u2019 bank card details is still the most popular kind of fraud. Fake messages may be sent in the name of banks or payment systems. The most common message subjects are related to account blocking or \u201csuspicious activity\u201d on the client\u2019s personal account.<\/p>\n

Under the pretext of restoring access, confirming identity, or canceling a transaction, the user is asked to enter bank card details (often including the CVV\/CVC code) on a fake bank website. On receiving the data, the criminals immediately withdraw money from the victim\u2019s account. It\u2019s the same story with payment systems, but in those cases, victims are asked only to log in to their accounts.<\/p>\n

\"Phishers<\/a>

Phishers most popular tricks: Fake notifications from banks and payment systems<\/p><\/div>\n

3. Fake notifications from popular services and sellers<\/h3>\n

Likewise, fake notifications are created using the brand names of popular online stores, delivery services, booking sites, multimedia platforms, job search websites, and other popular online services. Cybercriminals rely on the odds their spam messages will reach at least some genuine users of such services, who are likely to panic and click or tap whatever they see.<\/p>\n

\"Phishers<\/a>

Phishers most popular tricks: Fake notifications from various services and shops<\/p><\/div>\n

4. Fake notifications from e-mail services<\/h3>\n

Scammers use this kind of spam to harvest usernames and passwords for e-mail services. One of two common pretexts is typically deployed: Users are prompted either to restore their password or to increase the available space in their mailbox, which is supposedly full. In the latter case, the phishing link promises a manifold increase in storage capacity, which in the era of cloud computing and the ever-growing need for storing large amounts of data does not seem all that suspicious.<\/p>\n

\"Phishers<\/a>

Phishers most popular tricks: Fake notifications from e-mail services<\/p><\/div>\n

5. \u201cNigerian prince\u201d fraud<\/h3>\n

Lastly, one of the oldest types of spam \u2014 the promise of fortune from a relative or a lawyer of a dead millionaire in exchange for an up-front payment \u2014 is still making the rounds. A variation on the theme involves the scammer posing as a celebrity in a difficult situation. Victims are promised an impressive reward if they agree to help the unfortunate millionaire withdraw funds trapped in various bank accounts. To do so, they must, of course, first send detailed information about themselves (passport details, account data, etc.) and a modest amount of money for paperwork.<\/p>\n

\"Phishers<\/a>

Phishers most popular tricks: Nigerian prince fraud<\/p><\/div>\n

The list of spammers\u2019 favorite topics and techniques does not end there, but the five methods described above are the most effective and thus the most common.<\/p>\n

Don\u2019t be a victim<\/h3>\n

The best advice is to be careful. But that\u2019s a bit vague, so here\u2019s some nitty-gritty:<\/p>\n