Phishing scammers never stop evolving, and unfortunately, their newer techniques are the most effective so far. According to an Akamai report, compiled by their lead security researcher, Or Katz, the latest trend in phishing attacks starts by inviting a user to take an online quiz. Procrastination, free time, curiosity, and all kinds of human nature traits lead to the 'why not' decision to click on the 'Start Quiz' button, essentially entering a phishing arena.
What happens next is a short quiz consisting of a set of three simple questions that are related to the products and services of a specific brand that the scammers impersonate. To make things convincing enough, the scammers create a matching quiz UI theme and even go to the extent of using the official brand logos. Once the quiz is done, and no matter the answers given, the user is provided with a chance to win a lucrative prize that is relevant to the brand. For example, airline tickets, a box of donuts, a smartphone, or whatever else is adequately valuable to spark our longing for freebies.
This leads to the victims being directed to fill out a 'classic' phishing form that is again customized to the impersonated brand, containing messages that create a false sense of urgency such as 'only 32 tickets remaining'. The forms ask users for sensitive information that is supposedly required in order to claim the prize, and many provide them, blinded by the feeling of winning something. Most of the URLs that are used to host these forms are cases of 'typosquatting', which means that they are very similar to the legit ones. To strengthen the whole act, scammers extend their deceptive practices to social media, using fake accounts to write comments that support the validity of the prize giveaways.
In numbers, Akamai analyzed 689 phishing campaigns that impersonated 78 well-known commercial brands that are engaged in the retail, food, airline, and entertainment sectors. According to Akamai, phishing campaigns that use social media and a feel-good approach showcase a significant success and higher numbers of affected victims when compared to the 'traditional' scare-tactics. Users are advised to be extra careful when offered 'too good to be true' prizes, the vast majority of which are phishing attempts.
Are you an online quiz-taker? Have you been offered amazing prizes in exchange for personal information? Let us know in the comments below, and also hop to our socials on Facebook and Twitter to check what else is hot in the tech world today.