Online fraud has perhaps never been as prevalent as it is now, with the number of people doing work online and from their homes shooting up over the last few months on account of the pandemic. As more and more companies have been asking their employees to stay at home and work from there, the risks of getting targeted by hackers and fraudulent operators are higher, since home networks are much less secure than enterprise networks. At the same time, people will also use their personal emails and other services concurrently with their work environment, increasing the chances of hacking as well. Thus, it is extremely important that everyone is more careful while working online during this time.
A report by cybersecurity firm Group-IB has found that a large number of fraud attempts take place through suspicious links in emails, which redirect users to websites where their personal data can be stolen, if clicked on. Therefore, cyber security experts from Winz.io advise everyone to be extremely careful when opening emails, and to check if the email looks genuine before clicking on any links contained in it. The report also says that phishing and other fraud attempts have increased by over 9% in the first half of the year, as compared to the same period last year. Another worrying finding from this report is that almost 70% of fraudulent websites used secure SSL/TLS connections. Such connections are generally found only on genuine and trustworthy websites, but there have been increasing instances of fake or forged certificates being sold on the dark web, which can then be used by hackers. SSL/TLS certificates are important, since almost all browsers will identify sites not having those certificates as potentially dangerous, and will not open them unless specifically directed to by the user. Thus, having fake or spoofed certificates will allow fraudulent operators to attract more users to their sites.
Other trends have shown that more than 46% of malicious emails were purported to be from legitimate online services and businesses, while 24% of them came from supposed email providers. Other popular businesses and sectors to impersonate included financial services (10.7%), payment services (4.3%), and social networks (4.2%). Bookmakers or online gambling websites were also popular at (3.8%). This is important since such websites can easily obtain users’ financial information, which can then be used to conduct fraudulent transactions or simply steal the users’ money.
The general increase in hacking attempts this year can be seen from the fact that there was a five-fold increase in DDoS attacks between February and May, due to the increase in online activity after various lockdowns were enforced across the world. At the same time, there was a decrease in the number of ransomware attacks, with the report stating that only 1% of the emails the firm analyzed had ransomware, which is a huge decline from 2019, where ransomware was found in every second email. However, this was replaced by spyware to a large extent, with 43% of emails containing spyware. Other popular methods of hacking included downloaders, which download additional malware onto users’ computers (17%), backdoors opening up access to victims’ computers (16%), and Trojans targeting banking information (15%).
Online gaming websites have become an attractive target as well for hackers. Quite a few Asian gaming sites were hit last year, while BetUS saw a hack with a large amount of data made public earlier this year. SBTech, a sportsbook provider, was forced to go offline for some time after an unspecified digital attack on the company. This just goes to show that it is not just customers who are at risk.