18 Mar New Form of Phishing to Look Out For
Phishing is moving beyond the email to your online presence to collect personal details to attack you on social networks.
In a world where millennials have grown up with a device in their hand, inherently trusting everything they interact with on the web, cybercriminals are meeting victims where they are online, using a new type of phishing attack that gets the user to give up personal details.
How are They Doing These?
Users surfing the web are unexpectedly redirected to a “Congratulations” page with either a prize wheel or a 3-question quiz. It’s an attack designed to gather email addresses and personal information to be used later as part of a subsequent spam campaign.
Cybercriminals use the visitor’s desire to win a prize, utilizing over 40 well-known brands, such as airlines, retail stores, and restaurants, to lull the victim into a false sense of security. To “win,” victims must share the quiz on social media and provide personal details.
Phishing campaigns like these outperform traditional campaigns with higher victim counts due to the social sharing aspect, which makes it feel like your friend on social media endorses the quiz.
While the current version of this scam seems to focus on the consumer, it’s not a stretch to see this targeting business email. Think of a scam pretending to offer catered lunch to an office, asking for name, phone, title, and company email. All the context needed for CEO fraud, data breaches, ransomware and more.
Organizations need to be educating their users through Security Awareness & Training on these new types of phishing scams, and how they can be used against both the individual and the organization in scenarios involving fraud, data theft, espionage, and more.