WhatsApp, Email and SMS are the channels most used by cybercriminals to scam

Messages received via email, SMS or WhatsApp lead the ranking of the fraud techniques most used by cybercriminals.

According to the survey “Cybersecurity and habits of use of digital channels” prepared by Sigma Dos in collaboration with the Spanish Confederation of Savings Banks (CECA), 73% of Spaniards admit to having received this type of fraudulent messages, 42% confess having answered and detected false calls on behalf of a financial institution and 35% having been contacted by strangers through social networks.

Although it is true that there is increasing awareness regarding cybersecurity, hackers advance at the same time as technological developments and are committed to developing, almost daily, innovative and infinite techniques to commit crimes and invade the privacy of users.

As an example, a few weeks ago the Telematic Crimes Group of the Guardia Civil warned of the new method used by cyberattackers who impersonate Netflix through a personalised email in which the recipient is informed that the subscription to the streaming platform had not been able to renew itself. “In the email, the scammers invite the user to click on a link to update the data and, immediately afterwards, the victim is directed to a screen almost identical to that of Netflix,” explains Fran Peláez, founding partner of PenalTech.

However, “nothing is what it seems,” warns the computer crime expert. “It is in this window where cybercriminals steal valuable personal information from the user such as their name and surname, telephone number, credit card number, expiration date and CVV code,” adds the lawyer.

We have all heard about phishing emails at some point. That is, massive emails that attackers send to a large number of recipients, their content being generic for all possible victims. However, attacks or scam attempts as unique as the one explained above lead us to unmask the figure of spear phishing. “This unique modality is a type of targeted phishing attack, that is, it is designed to attack specific people or organisations (such as, for example, subscribers to the Netflix platform), by sending malicious emails,” says Fran Peláez.

The personalisation of spear phishing attacks is what makes them truly dangerous and effective. Hackers previously select their targets, investigate them and create the most personalised SMS, WhatsApp or email message possible. “We must be very cautious with what we show on social networks since the fact that we publish a photograph watching the latest premiere of a Netflix series like ‘Bridgerton’ or frequently celebrating the victory of our soccer team in the stadium itself may give clues to possible cybercriminals that we are subscribers of the famous streaming platform and members of a certain football club,” concludes the PenalTech partner.