Tech support scams top phishing threat for consumers

NortonLifeLock’s global research team has published its third quarterly Consumer Cyber Safety Pulse Report, detailing the top consumer cyber security insights and takeaways from July to September 2021.

The latest findings show tech support scams, which often arrive as a pop-up alert convincingly disguised using the names and branding of major tech companies, have become the top phishing threat to consumers. The new threat insights have been identified across the gaming, banking, gift cards and religious institutions.

Norton blocked more than 12.3 million tech support URLs, which topped the list of phishing threats for 13 consecutive weeks between July and September. The effectiveness of this type of scam has escalated during the pandemic due to consumers’ increased reliance on their devices to manage hybrid work schedules and family activities.

Tech support scams are effective because they prey on consumers’ fear, uncertainty and doubt to trick recipients into believing they face a dire cyber security threat, according to Darren Shou, head of technology at NortonLifeLock.

“Awareness is the best defense against these targeted attacks. Never call a number listed on a tech support pop-up, and instead reach out to the company directly through their official website to validate the situation and next steps," Shou said.

Norton blocked 35,438,273 cyber safety threats in Australia alone over the past quarter, averaging 385,198 blocks per day – figures globally for this same quarter reached nearly 860 million, including 41 million file-based malware, 309,666 mobile-malware files, nearly 15 million phishing attempts and 52,213 ransomware detections.

Additional findings from the Consumer Cyber Safety Pulse Report include:

Virtual gaming goods have real value: Rare, in-game items are highly sought after and can be traded on real-world marketplaces. For example, a multiplayer online role-playing game touts a virtual blue “Party Hat,” which was most recently valued at approximately $6,700. Norton Labs caught a new phishing campaign specifically designed to obtain players’ login credentials and two-factor authentication information with the intent to steal and sell such high value virtual items.
Fraudulent online banking pages are convincing: Norton Labs researchers identified a punycode phishing campaign targeting bank customers with a near carbon copy of the real banking homepage to trick them into entering their credentials.
Stolen gift cards are (almost) as good as cash: Especially as the holidays near, consumers should be aware that gift cards are a prime target for attackers because they typically have lower security than credit cards and aren’t tied to a specific person’s name. Further, many gift cards are made by the same company with a 19-digit number and 4-digit PIN. Attackers use websites intended to check a gift card’s balance to uncover valid card number and pin combinations, giving them full access to the funds.

The Norton research team are forecasting that tech support scams are expected to proliferate in the upcoming holiday season, as well as shopping and charity-related phishing attacks.