No doubt over the past few weeks you’ve been inundated with emails about privacy policies and email subscription updates as companies worked to meet new EU regulations (GDPR) that went into effect on May 25. Cybercriminals used this flood of emails to their advantage, sending out similar emails to try to trick you out of your password and credit card details or trick you into downloading ransomware.
This is part of a much larger trend of cybercriminals using current events to try to trick you. When you’re expecting to see an email about a particular event or subject, you probably won’t notice something suspicious.
In the case of GDPR, cybercriminals knew that companies all over the world would be sending out emails about updating their policies to meet GDPR. People would probably be getting so many of these that they wouldn’t notice—or even look for—anything shady.
ZDNet covers a specific GDPR example, where cybercriminals sent emails that looked like they were from Airbnb hosts. It linked to a fraudulent site asking for personal information, including credit card details.
Cybercriminals will also use annual events to target you. Tax season is especially popular. We’ve covered an example of a phishing email that looks like a notification about W2s. Many variations look like they’re from the IRS demanding payment—these extended well past the deadline, threatening you with legal action. It’s such a popular time for cybercriminals that the IRS compiles a yearly list of the trends in tax-related phishing attacks.
On a more micro level, cybercriminals will use current events to target you on an individual basis. A lot of times, cybercriminals won’t act as soon as they get access to your email account or network. They will sit in your account and wait for the right time. Here’s a scenario we’ve seen play out before:
The cybercriminal gets into Rory’s email account. Rory and Amy are emailing back and forth about a work topic, and Rory tells Amy he will send her more details tomorrow. The cybercriminal sends a malicious email that looks like an encrypted email to Amy early the next day from Rory’s account.
Amy thinks it’s the email she is expecting from Rory (after all, it’s from his account and he said he would send details—why would she think anything different). She clicks a link in the email to read it, gets a login screen, and enter her credentials. The cybercriminal now has her information.
It’s not an unlikely or even unusual scenario.
As always, be cautious when clicking links in emails and sending money or personal information. Even if it’s an email you’re expecting to get, give it a second look.