Modern phishing baits – upcoming genres

They say creativity is a great tool for problem-solving. They also say creativity makes you sell your stuff faster. These days, though, do you know, creativity is being used for creating problems ?

Phishing scammers these days are being far more creative than what has been expected for a long time. What were the most popular phishing tactics of this early decade ? Let me jot a few familiar phishing email subject lines 

• A delivery attempt was made
• Password check required immediately – reset request was made
• XYZ Service: Change Your Password Immediately
• Your XYZ Service account is suspended
• Suspicious Account activity detected
• Hello (Yes! And then propose some absurd investment deal in the mail content)

Quite familiar, and much courtesy to the awareness trainings and articles, most of us are at least aware of such scams. But then the other day, I happened to skim my spam box, (which is a ritual just out of boredom) and I came across the following 

Okay, interesting. The attacker himself is apparently spreading news or let us say the awareness against the rising rate of cyber attacks, against the malware that steal passwords. And what do you get when you click on the ‘read more’ hyperlink – the malware itself ! 

This interestingly explains how the attacker brains are coming up with tactics that will outwit your intelligence and intuitions, or at least make you wonder at them.

These scammers also have quite adapted their techniques now, which are now more towards content that possess personalised lures for the email readers. For example, as a target of Indian origin I recently received a spam informing me that my Kundali (a document containing ‘future prediction’ of an individual based on birth date primarily) was ready to be downloaded, which I had requested (wish I remembered when?), and they urged that I only needed to fill in some missing information – like my birth date. Convincing enough to click a bait link, is it?

Another set of subject lines below from my spam box targeting the tax-payers. 

And another trending forte of phishing mails are the ones, in which the attacker would claim that the victim email recipients have been caught watching porn content over the web via a malware that they have infected into the victim’s computer and to prevent them from spreading the videos to their contacts, they need to pay the attackers x value in bitcoins. 

They would top up this spiky content with lots of technical stuff, to make it appear convincing. And, for a person not familiar with phishing scams out there, such threats are enough to bring him to his toes! Read out an excerpt below 

No doubt the level of phishing awareness and detection techniques are improving, but so are the baits. 

Well, as unpredictable these mails are, watch out for one of these, or an even better luring idea that an attacker might devise, landing in your mailbox the other day.