“The most wonderful time of the year” is known for its abundant discounts, festive spirit, and the belief in miracles on the horizon. Regrettably, it becomes a prime period for fraudsters who exploit the relaxed atmosphere, stealing personal information and funds just when everyone is enjoying themselves and lowering their defenses.
Deception Alert: Kaspersky Exposes Phishing Scams Disguised As Fake Giveaways
Image via Savvy Security
During this season, Kaspersky analysts have detected instances of phishing centered on the spirit of generosity during Christmas and New Year: perpetrators are camouflaging the illicit acquisition of personal information and finances under the guise of holiday giveaways.
1. Phishing Scams Targeting Personal Accounts
Image via Webroot
Certain phishing websites aim to acquire information by infiltrating users’ personal social media and messaging accounts using various disguises. They request information, and once submitted, it falls directly into the hands of scammers.
A recent incident of such phishing was reported in Singapore. Scammers created a sophisticated phishing site targeting individuals with promises of payments in the upcoming year, supposedly from Singapore’s Ministry of Finance. The deceptive site was meticulously designed to replicate the ministry’s branding, adding an element of credibility. To claim the promised payout, visitors were prompted to input their Telegram account details.
Upon entering Telegram account details, fraudsters gain complete access to the account, potentially leading to digital identity theft, access to private conversations, and the ability to impersonate the victim for further malicious activities.
2. Phishing Sites Mimicking Banks For The New Year Giveaways
Image via Wiper Soft
Another phishing method crafted to ensnare individuals hopeful for miracles involves a lottery featuring financial institutions. Taking advantage of the season of enticing offers and gifts during New Year’s Eve, scammers have developed phishing websites enticing users to partake in giveaways with the ultimate goal of acquiring victims’ bank details for illicit gain.
One specific instance of this New Year’s scam was tailored for Filipino citizens. In this fraudulent scheme, individuals were drawn to a website where they were encouraged to spin a wheel for a chance to win a cash prize. Following the spin, users were presented with their alleged winnings and prompted to choose from various banks for the purported funds to be deposited.
Upon making their selection, users were redirected to phishing sites meticulously designed to replicate legitimate online banking interfaces. This deceptive maneuver served as the final step in the scam, seeking to defraud victims by gaining unauthorized access to their banking credentials and, subsequently, their funds.
3. Fake New Year’s Crypto Gift-Boxes With No Pokémon
The risks within the cryptocurrency market are exceptionally elevated. Stealing a wallet containing even a fraction of a bitcoin proves lucrative for scammers, motivating them to invest substantial effort in crafting convincing phishing emails and websites, thereby increasing the difficulty for users to detect any anomalies.
In a specific incident, perpetrators devised a phishing page that replicated the official promotion of Courtyard.io, a platform enabling users to transform physical collectibles into tokens. The genuine Courtyard.io site encouraged users to register and purchase a New Year’s Eve box featuring a Pokémon card. Exploiting this, scammers replicated the offer on a phishing page. However, to claim the surprise box, visitors were required to link their crypto wallet, leading to the unauthorized access and theft of their funds.
The ingenuity and cunning tactics of scammers necessitate our vigilance. Therefore, it is crucial to exercise caution and thoroughly scrutinize any unsolicited special offers arriving through unknown emails to safeguard against potential scams. In conclusion, a proactive approach to verifying such communications is essential in protecting ourselves from deceptive schemes.
