Thursday, March 7, 2024

How cybercriminals scam women ahead of March 8 | Kaspersky official blog

Taking place every year on March 8 in many countries across the world, International Women’s Day is celebrated differently depending on the country: in some it’s a national holiday; in others it’s not a holiday but still widely observed. But what’s the same everywhere is that it’s a day when everyone’s eyes are on women from all walks of life; and when I write everyone’s, that includes scammers’ eyes too. The feverish days running up to March 8 (ordering this, buying that – and all in good time, but not too early if we’re talking fresh flowers) provide a perfect opportunity for cybercriminals to make money, so they triple-down on sending links to fake sites, generating countless fake promotional codes, and making false promises of valuable gifts for every purchase.

In this post, we discuss ways in which women can protect themselves from falling prey to these scams.

Fake marketplace gifts

Statistics show that women are far more likely to shop at online marketplaces than men: 43 percent against 32 percent. Thus, women are more likely to be targeted by promotions that appear in dazzling quantities ahead of any public holiday. Sadly, these campaigns aren’t always legal and run by the brands whose names are used in sending out unprecedentedly generous offers.

For several years in a row, shortly before March 8, young women receive WhatsApp messages purportedly from Amazon and offering a valuable gift: “Welcome to the Amazon International Women’s Day Giveaway! We have more than 10,000 free gifts!” To participate, the recipient is asked to follow a link and fill out a quick survey, and then share the message with a few dozen friends and verify their identity through email. Needless to say, respondents get no fancy smartphones, hair dryers, or laptops. Instead, according to security researchers, victims’ devices may have been compromised, with the scammers getting access to the camera, microphone, banking apps, contacts, and gallery.

In fact, some brands do employ instant messaging services and email to spread promotional offers, and Amazon is no exception. So, if you receive such a message, start by carefully scanning it: suspicious generosity, grammatical errors, an odd sender’s address, and an urgent call to follow a link “while it still lasts” may be a sign that it’s a scam. Remember the rules for safe online shopping and use reliable security to be confident you’re following a link to an official website — not a fake.

“Flowers for our regular customers!”

The tradition of giving women flowers on March 8 dates back to 1946, when Italian women’s rights activists chose the yellow mimosa as a symbol of resilience, sustained growth, and solidarity. Young women still get flowers from their friends and family every March 8. Scammers exploit this sweet tradition too.

On the eve of International Women’s Day, scammers promise to send women flowers, while the recipient women, they say, will only need to pay for delivery. If a woman agrees, she receives a payment link in an instant messaging app. To no one’s surprise, after following all the instructions, the victim gets no flowers, and the florist shop’s phone number turns out to be somehow unavailable.

The whole story is a typical delivery scam, which we’ve written about earlier. Losses in this case include both the “cost of delivery” and the bank card details, which can later be used to steal far larger sums. Here’s a golden rule for you if you want to avoid being scammed: never pay for a gift. After all, it should be free because it’s a gift. If a florist shop, nail salon, or spa decides to be nice and send you flowers all of a sudden, make sure they don’t charge you for this.

“Anything you say can be used against you”

You must have heard the Miranda warning in movies: “Anything you say can be used against you…”. Well, it’s just as true for digital life as it is for real life. We’re talking about doxers. These are people who collect any and all information available about their potential victims — information the victims themselves have published — and threaten to make it public. This type of threat is known as doxing.

Young women are especially defenseless before doxers. A malicious actor can use data on the victim for catfishing: creating a fake online identity with the victim’s name, face, and other personal details to set up further scams on social networks and in dating services. The least they can do is harass you with text messages, phone calls, fake deliveries, or even swatting. Popular streamer Amouranth, with more than 6.3 million Twitch followers, says she gets swatted several times a month.

Streamer Wolfabelle experienced a different kind of doxing: a stalker found out her address and threatened to publish it unless she gave him sexual favors. She even received a photo of her house made by the doxer to prove he wasn’t bluffing.

On a positive note, this isn’t something you can’t prevent. In a nutshell, here’s what you should do: avoid sharing your geolocation, publish only a minimum of information that can appear in online searches, or make your social profiles private. If you’ve already been a victim of doxing, please refer to our other post.

Celebrating March 8 safely

  • Keep your eyes open when accepting promotional offers. Gifts and giveaways are nice, but as soon as they ask you to pay or share the link with your friends, that’s when you know you’re dealing with scammers.
  • Avoid clicking suspicious links in instant messages. Please read our detailed anti-phishing tips and remember that malicious actors become more active in the run-up to and during holidays.
  • Publish your personal details in private social profiles only. This life hack will go at least some way toward keeping you safe from doxing. Remember to carefully select followers and friends who can view your profile details.
  • Use comprehensive security that keeps you from visiting phishing and scam sites, protects your payment and personal details, and prevents identity theft.


from Kaspersky official blog https://ift.tt/htlCxV8
via IFTTT

No comments:

Post a Comment