Take a few seconds to get an idea of what kind of tactics are being used to take advantage of your usual habits and trusting nature.

1. Malicious QR codes

QR code-related phishing fraud has really taken off.  QR codes (those machine-readable, black-and-white matrix codes arranged in a square) have become an increasingly popular way for companies to engage with consumers.  Unfortunately, criminals have responded by creating codes that direct victims to malicious websites.

2. Browser notification hijack
  
Websites have long asked visitors to approve notifications.  What was once a useful way to keep people up to date is now also a social engineering tool.  These “push” notifications have been weaponized, because scammers know many users will blindly click “yes” to allow them.

3. Collaboration scams 

Using this tactic, criminals target professionals in collaborative fields: designers, developers, even security researchers. The lure is an invitation to collaborate on work.  The growth of work-from-home has increased people’s comfort with remote collaboration.  Typically, the threat actors send a meeting invite containing malicious code.

4. Supply chain partner impersonation 

Attacks that exploit parts of an organization’s supply chain are now a big problem.  Targeted emails look like they’re from a trusted partner, but are in fact from bad actors posing as employees of those firms.

5. Deepfake recordings

Social engineers are now using deepfakes—startlingly realistic recordings that simulate a specific person’s appearance or voice—to trick victims into divulging information or performing an action that benefits the attacker.  In one example, a fake recording of a CEO was used to instruct an employee to immediately transfer money to an international account.

© National Security Institute, Inc.