It's been one heck of a year. Between massive security breaches and new COVID variants, it's safe to say it's been a year of protecting yourself. Unfortunately, the world of cybercrime hasn't taken a break during the pandemic, which means that staying vigilant while online is more important than ever.
In fact, in just the first four months of 2021, the US was already experiencing 25% more digital fraud than the previous year, and it didn't get much better from there. As the consequences of poor cybersecurity continued to become a part of everyday online life, and to paraphrase GI Joe, understanding how they work is half the battle.
Over the course of the year, Tech.co has covered a wide range of scams, from ransomware and phishing attacks to fake vaccine surveys and cryptocurrency hacks. In this article, we're going to round them all up to help you understand how to avoid them in the new year.
The Worst Scams of 2021
It's that time of year! Let's take a look at some of the worst scams spotted in 2021, and vow to be better in 2022.
The Bait Attack Scam
The key to an effective phishing scam is the ability to actually get a potential victim to engage with it. Because most phishing scams are far from clickable content and often just end up your spam folder, scammers have gotten wise to focus their attention on potential victims that actually open these kinds of emails. And the way they are finding these click-heavy users is through something called “bait attacks.”
A bait attack is a low-threat attack that doesn't even try that hard to scam you. It's often something as simple as an empty email with an innocuous subject line like “Hi” or “How are you?” However, if the user responds to the email in any way, it informs that scammer that you're someone ripe for the scamming.
Almost immediately after responding, users will receive a second email that is poised to steal your data. Gmail was the primary provider that this scam focused on, with 91% of attacks coming on the popular platform.
The SIM Swapping Scam
There are a lot of ways you can protect yourself online. From password managers to VPNs, the kind of software available today does plenty to keep you safe. This is one of those scams that you can protect yourself from, but it's still worth knowing exactly what to look out for.
It starts with a potential scammer attempting to convince your mobile carrier to send them a new SIM card, often with a combination of stolen data and readily available personal information. If they succeed, they'll be able to set up any phone with your credentials, giving them access to a wide range of your sensitive information.
Just a few weeks ago, a rash of these SIM-swapping attacks hit everyday users with the goal of emptying out cryptocurrency accounts. One victim reportedly lost up to $80,000 in Bitcoin.
The Vaccine Survey Scam
Tragically, the pandemic has given the scam business a lot to work with. Fearful people are much more prone to falling for scams, at least that appeared to be the case with a March 2021 scam that saw users being duped into taking a fake vaccine survey in exchange for a non-existent reward, the shipping of which the user would have to cover.
There, of course, was no such reward, with all of the information provided in the survey and, of course, the credit card number used for shipping sent to a nefarious third-party.
“The past year has been incredibly challenging for every single one of us,” said Ian Dyson, commissioner of the City of London Police. “Sadly, we have seen devious criminals taking advantage of the coronavirus pandemic as a means to commit fraud, often homing in on people’s anxieties and the changes that have occurred to their daily lives.”
The YouTube Collaboration Scam
The good news about some phishing scams is that you don't really have to worry about a lot of them, as they are often geared towards particular professions. The bad news is that this targeted approach makes it a lot harder to know whether or not you're a potential victim of the scam until it's too late. At least, that's the case with this particularly clever phishing scam that was aimed at YouTube creators.
If you know anything about YouTubers, it's that they love to collaborate. This scam takes advantage of that by sending fake collaboration emails for anti-virus software, VPNs, music players, photo editing apps, or online games. Once the victim clicks on the collaboration opportunity, the scammers hijack their account, selling it to the highest bidder or using it to broadcast other scams.
The scam was pretty widespread too. Propagated primarily through Gmail at first, Google announced that its Threat Analysis Group (TAG) had blocked 1.6 million emails from the campaign to protect its YouTube brethren, and displayed 62,000 Safe Browsing phishing page warnings, blocked 2,400 files, and successfully restored 4,000 accounts.”
The Fake Ransomware Scam
Most scams are designed to trick you into providing money or information to a third party. Ransomware attacks, on the other hand, actually hold your data hostage, requiring a ransom to release it. However, if you can convince someone that you've encrypted their information without actually doing so, apparently that'll work too.
This scam found WordPress users inundated with an admittedly alarming message, which states that their information is encrypted, and they'd need to pay to have it unencrypted. The thing is the message was a fake. No data was encrypted, and the message could be bypassed easily.
Still, the countdown and generally threatening look of the message was enough to convince at least a few to pay the ransom. The lesson here: always check if your data is actually encrypted when a ransomware hack occurs.
The Excel Attachments Scam
The inclination to click on a mysterious link to find out what it is runs deep in the average user. Fortunately, most email providers can tell when a link is malicious, and they block them from being read. But this scam from September found one effective way to dodge spam blockers in service of infecting computers with malware: Microsoft Excel.
Because Excel is so low on the priority list of potential threats, emails with mysterious links to spreadsheets were able to eke by blockers into inboxes. The cells of the spreadsheet were then filled with “lightweight embedded macros,” which wreaked havoc on your computer if you activated them.
When it comes to mysterious links, we implore you to fight your instincts and never click on them. In fact, avoiding links in emails that aren't from people you know is your best bet in the long run.
The Google Photos Poster Scam
Phishing scams, like clickbait, are terrible because they're designed to get you to click on them. Whether it be something you really want or a problem you really need to fix, an effective phishing scam will be tailored to a user's inability to stay away. And this scam from earlier this year took advantage of that big time.
By impersonating the platform with some very convincing design choices, the scammers would insist that pictures taken and stored by the user on Google Photos would be used on a poster promoting the platform. As soon as you click on any of the links though, the Google facade is dropped, and you're sent to fake giveaway and rewards scams. In the event you actually follow through, you'll be asked to provide financial information, which of course, will be used to steal your identity and your money.
While Google Photos would be technically allowed to do this, the odds that the company actually would are quite low. Suffice it to say, even when the design is convincing, critical thinking is a great way to stop phishing scams in their tracks.
Types of Scams
In 2021, there were a few key types of scams that dominated headlines. Phishing scams, ransomware attacks, and cryptocurrency hacks have become an increasing nuisance in the online world. And the first step towards protecting yourself is knowing what to look for.
As arguably the most common type of scam in the world, phishing is the process of pretending to be a reputable company or website in hopes that the user will be convinced and provide personal or financial information. Whether it be over the phone, through SMS messages, or via email, these scammers are relentless in trying to get their hands on your precious, precious data.
In 2021, early predictions showed that phishing scams would be even more prevalent, and the means by which these phishing scams are propagated have been elaborate to say the least.
As the name suggests, ransomware is a form of malware that can infect your computer and either threaten to publish your data or withhold it indefinitely unless a ransom is paid to the perpetrator. It's extremely common among businesses, but individuals have been affected as well, which is never fun.
Ransomware is not nearly as conspicuous as phishing scams, but there are still some interesting ways in which cyber criminals will infect your computer with this vicious malware.
Cryptocurrency is the decentralized, digital currency that is housed on the blockchain, allowing for a notable lack of regulation across its use. Unfortunately, this lack of regulation has a tendency to allow for cyber criminals to take advantage, leading to some seriously unfortunate cryptocurrency scams that cost victims a lot of money.
The best way to hold on to your Doge and your Eth going into 2022 is to stay vigilant and avoid any nefarious deals that might be riskier than they're worth.
How to Protect Yourself Online
We've been saying it all year, but the online world doesn't have to be a scam-riddled hellscape. While phishers and scammers and ransom-takers may be lurking around every corner, the reality is that there are plenty of tools designed to help you and your business stay safe all year round.
Password managers are a great place to start. Not only will you be able to ensure that your credentials are securely protected from nefarious actors, you also won't have to remember all those pesky passwords. Talk about a win-win!
Antivirus software and VPNs are a good next step as well, as they can protect you from malware, tracking, and other questionable tactics used in the tech industry. Finally, if you're a business struggling to manage cybersecurity and remote workforces, remote access software is designed to help you work from home without the threat of hacks.
All those tools are great, but your most valuable asset when it comes to cybersecurity is your own vigilance. If you take a closer look, most scams are incredibly easy to spot, as long as you take the time to do so. Good luck out there, and we'll see you in the 2022 with a whole new batch of scams!