There is seemingly no end of online scammers devising new tactics to steal money or information. Derek Slater of CSO lists seven tactics to watch for (https://www.csoonline.com/article/3613937/7-new-social-engineering-tactics-threat-actors-are-using-now.html).
- Malicious QR codes - machine readable, black and white matrix codes in a square, used to order products or services by smartphone - can be used to connect to malware.
- Browser notifications are used to connect to phishing scams or malware. (Be careful before responding.)
- Invitations to professionals to collaborate on a project; the threat actor sends a program with malicious code. These scams are often well detailed.
- Impersonating a supply chain partner. A vendor email compromise was used in the SlolarWinds hack.
- Deepfake recordings to transmit fraudulent instructions. (Always get independent verification before complying.)
- Text message scams to get personal information or transmit malware.
- "Typosquatting" - impersonating legitimate domains by using slight variations in spelling.
The best way to combat these scams: zero trust, verify everything and if an offer seems too good to be true it probably is.