Most people are keeping a close eye out for online scams these days, but if you’re not careful, you might do the scammers’ work for them.
A new study from Gen, the company behind cybersecurity brands like Norton, Avast, LifeLock, AVG, ReputationDefender, and CCleaner, shines some light on “scam yourself” attacks that are on the rise dramatically. Instead of using other nefarious methods, these scams rely on social engineering to get people to download malware themselves.
Also: This ‘lifelike’ AI granny is infuriating phone scammers. Here’s how – and why
Millions of people have fallen for these scams, Gen says, with a 614% increase in the third quarter of this year over the second quarter.
What is a “scam yourself” attack? Here’s what you need to know.
- Fake updates – The next time your browser tells you it’s time to update, take a second to make sure it’s a real notification. The fake update scam, where a site tricks you into downloading software hidden as a necessary update, is on the rise. Make sure you only trust updates that appear directly from a settings menu instead of popups, and check the URL to verify the website.
- Click fix – If you’ve ever Googled any sort of computer issue, you’ve likely run across an authentic-looking webpage that promises a quick fix to your problem if you simply copy and paste a certain text into your command prompt. Unfortunately, you’ll open your computer to attackers if you do that.
- Fake tutorial – Thanks to community forums and sites like YouTube, remedying a tech problem has never been easier. Unfortunately, scammers are aware that many online aren’t savvy about tech problems, so they’re creating fake tutorials. Instead of fixing a problem, these guides lead to malware. The tutorials usually include a “critical instruction” like “You’ll need to turn off your antivirus for this to work and then involve running a line of text through a command prompt. The end result is you installing dangerous software on your system.
Fake Captcha – How often do you really pay attention to the little “I’m not a robot” prompts you see every day? Those are known as captchas, and scammers are taking advantage of people’s casual attitudes. With this scam, you click on what looks to be a real captcha. When you pass the initial verification, you’re told to follow more instructions (like pressing the windows button + R to open a command prompt and pasting a text string) that install malware on your computer. Norton says more than 2 million people globally were targeted by this scam in the past quarter.
<!–>
“Scam-Yourself attacks have become a cybercriminal’s dream,” Gen explains. “Users are unknowingly following instructions that do the attackers’ bidding for them, whether through fake CAPTCHAs, misleading YouTube tutorials, or cleverly disguised README files.”
Also: AI songs are infiltrating Spotify – here’s why it’s an issue for fans and creators
What can you do to avoid these scams? Start by not relying on the fastest fix. We’ve grown so accustomed to allowing updates and searching online for a quick answer that we often don’t take the time to verify what we’re seeing. But if you take a second to reconsider what you’re looking at, scams are often obvious.
These fakes aren’t going anywhere, the study concludes, so it’s important to recognize them before it’s too late.
–>