Broker Check

Seven New Social Engineering Fraud Tactics

April 22, 2021

There is seemingly no end of online scammers devising new tactics to steal money or information. Derek Slater of CSO lists seven tactics to watch for (https://www.csoonline.com/article/3613937/7-new-social-engineering-tactics-threat-actors-are-using-now.html).

  1. Malicious QR codes - machine readable, black and white matrix codes in a square, used to order products or services by smartphone - can be used to connect to malware.
  2. Browser notifications are used to connect to phishing scams or malware. (Be careful before responding.)
  3. Invitations to professionals to collaborate on a project; the threat actor sends a program with malicious code. These scams are often well detailed.
  4. Impersonating a supply chain partner. A vendor email compromise was used in the SlolarWinds hack.
  5. Deepfake recordings to transmit fraudulent instructions. (Always get independent verification before complying.)
  6. Text message scams to get personal information or transmit malware. 
  7. "Typosquatting" - impersonating legitimate domains by using slight variations in spelling.

The best way to combat these scams: zero trust, verify everything and if an offer seems too good to be true it probably is.