Specialists from Kaspersky have identified the top four email scam themes and tactics currently in use in the Middle East, Turkey, and Africa (META) region.
These scams demonstrate various social engineering approaches used by cybercriminals, but the goal remains the same: to attract unsuspecting victims and steal their personal and financial information.
The most common sort of social engineering attack is phishing. According to the Spam and Phishing in 2022 report, Kaspersky’s anti-phishing system prevented more than 500 million attempts to reach bogus Web sites in 2022. This type of threat is becoming more prevalent in the META region: Phishing detections increased 111% in Q2 2023 compared to Q1 (153% rise in South Africa, 145% increase in Kenya, and 125% increase in Nigeria).
The four stated email scams further disguise themselves as coming from reliable sources, duping their recipients into opening the emails, clicking on dangerous links, or downloading damaging attachments. They are as follows:
Undelivered parcels: Exploiting human curiosity, many people have received emails and text messages from postal and courier services providing links to confirm payment or to unsubscribe. Clicking on these links redirects individuals to a fake page that steals sensitive information.
Know Your Customer (KYC): Cybercriminals have been posing as prominent banks requesting people to complete KYC verification to comply with financial regulations or avoid suspension of transactions. The objective here is to exploit human fear by highlighting words such as “urgent” in the email to manipulate victims. The format and design of the email, and the KYC link appear to look authentic to visually trick people.
Unusual email account log-in activity: These fake alerts flag false sign-in/log-in activity into an individual’s email account and provide a link to report the user. The email includes sign-in details such as country, IP address, date and browser which make the alert appear legitimate and cause worry. Coupled with the international travel season, this scam theme can increase the cybercriminal success rate.
Free money: These fraudulent emails play on elements of human greed and curiosity. Cybercriminals attempt to convince people to open a malicious email attachment related to money deposits. In reality, the attachment is an HTML page that redirects the victim to a fake Microsoft Outlook page to steal email credentials.
The above tactics are known as social engineering techniques. Social engineering is a manipulation technique built on how people think and act. This involves an email or text message pretending to be from a trusted source. Once a cybercriminal understands what motivates an individual’s actions, they try to exploit their lack of knowledge and manipulate their behavior to meet their end goal.
“There is no aspect of our lives that cybercriminals cannot exploit. Human behavior and emotion is no exception. These scams are a result of manipulation based on fear, curiosity, and greed. The key takeaway is to pay attention to basic details in emails before responding, even if they are from trusted sources, because one wrong click can lead to harsh consequences,” said Maher Yamout, Lead Security Researcher at Kaspersky