The top four email scam themes and strategies currently in use in the Middle East, Turkey, and Africa (META) region have been identified by Kaspersky specialists.
These scams demonstrate various social engineering approaches used by cybercriminals, but the goal remains the same: to attract unsuspecting victims and steal their personal and financial information.
The most common sort of social engineering attack is phishing. According to the Spam and Phishing in 2022 report, Kaspersky’s anti-phishing system prevented more than 500 million attempts to reach bogus Web sites in 2022. This type of threat is becoming more prevalent in the META region: In Q2 2023, there were 111% more phishing detections than in Q1 (153% rise in South Africa, 145% increase in Kenya and 125% in Nigeria).
The four stated email scams further disguise themselves as coming from reliable sources, duping their recipients into opening the emails, clicking on dangerous links, or downloading damaging attachments. They are as follows:
Email Scam number 1 – Undeliverable parcels: Taking advantage of people’s natural curiosity, numerous consumers have received emails and SMS messages from postal and courier firms with links to confirm payment or unsubscribe. When people click on these links, they are taken to a false page that steals important information.
Email Scam number 2 – Know Your Customer (KYC): Cybercriminals posing as prominent banks have been urging consumers to undergo KYC verification in order to comply with banking regulations or avoid transaction suspension. The goal here is to exploit human fear by emphasizing phrases like “urgent” in the email to deceive victims. The email’s format and appearance, as well as the KYC link, appear to be genuine in order to deceive consumers visually.
Email Scam number 3 – Unusual email account log-in behavior: These bogus warnings identify phony sign-in/log-in activity in a user’s email account and provide a link to report the user. The email contains sign-in information such as country, IP address, date, and browser, making the alert appear real and causing concern. When combined with the foreign travel season, this scam theme has the potential to improve cybercriminal success rates.
Email Scam number 4 – Free money: These bogus emails exploit human greed and curiosity. Cybercriminals try to persuade people to open a malicious email attachment containing a money deposit. The attachment, in actuality, is an HTML page that takes the victim to a bogus Microsoft Outlook website in order to collect email credentials.
The approaches described above are known as social engineering techniques. Social engineering is a type of manipulation that is based on how people think and act. This entails sending an email or SMS message that appears to be from a reputable source. Once a cybercriminal understands what motivates an individual’s activities, they attempt to take advantage of their ignorance and control their behavior to achieve the end aim.
“There is no aspect of our lives that cybercriminals cannot take advantage of.” Human emotion and behavior are no exception. These frauds are the product of fear, curiosity, and greed-based manipulation. “The main takeaway is to pay attention to basic details in emails before responding, even if they are from trusted sources, because one wrong click can result in severe consequences,” said Maher Yamout, Lead Security Researcher at Kaspersky.