Kaspersky experts have outlined the top four email scam themes and tactics currently prevalent in the Middle East, Turkiye, and Africa region (META).
These scams highlight different social engineering techniques used by cybercriminals, however the objective remains the same, which is to entice unsuspecting victims and steal their personal and financial information.
Phishing remains the most common type of social engineering attack. According to the Spam and Phishing in 2022 report, Kaspersky's anti-phishing system thwarted over 500 million attempts to access fraudulent Web sites globally in 2022. In the META region, we see that this type of threat is growing over time: Q2 2023 saw 2 times more (111% increase) phishing detections in comparison with Q1 (153% increase in South Africa, 145% increase in Kenya and 125% increase in Nigeria).
The four email scams described further disguise themselves to have come from trusted sources, tricking their recipients into opening the emails, clicking on malicious links or downloading harmful attachments. They include:
Undelivered parcels: Exploiting human curiosity, many people have received emails and text messages from postal and courier services providing links to confirm payment or to unsubscribe. Clicking on these links redirects individuals to a fake page that steals sensitive information.
Know Your Customer (KYC): Cybercriminals have been posing as prominent banks requesting people to complete KYC verification to comply with financial regulations or avoid suspension of transactions. The objective here is to exploit human fear by highlighting words such as “urgent” in the email to manipulate victims. The format and design of the email, and the KYC link appear to look authentic to visually trick people.
Unusual email account log-in activity: These fake alerts flag false sign-in/log-in activity into an individual’s email account and provide a link to report the user. The email includes sign-in details such as country, IP address, date and browser which make the alert appear legitimate and cause worry. Coupled with the international travel season, this scam theme can increase the cybercriminal success rate.
Free money: These fraudulent emails play on elements of human greed and curiosity. Cybercriminals attempt to convince people to open a malicious email attachment related to money deposits. In reality, the attachment is an HTML page that redirects the victim to a fake Microsoft Outlook page to steal email credentials.
The above tactics are known as social engineering techniques. Social engineering is a manipulation technique built on how people think and act. This involves an email or text message pretending to be from a trusted source. Once a cybercriminal understands what motivates an individual’s actions, they try to exploit their lack of knowledge and manipulate their behaviour to meet the end goal.
“There is no aspect of our life that cybercriminals cannot exploit. Human behaviour and emotion is no exception. These scams are a result of manipulation based on fear, curiosity and greed. The key takeaway is to pay attention to basic details in emails before responding, even if they are from trusted sources, because one wrong click can lead to harsh consequences” said Maher Yamout, Lead Security Researcher at Kaspersky