AXEL.org

internet scams

Shady Schemes and Sinful Scams: The History of Internet Spam

Ever since the infancy of the Internet, spam has caused headaches for those that encounter it. Whether it be old-fashioned email spam or a modern phishing attempt through social media, we all have to deal with annoying, dangerous spam. Thankfully, tech companies have found ways to minimize the amount of spam we see, with spam folders and CAPTCHA tests becoming prevalent across the Internet. However, even with these security measures, spam still sometimes gets through, putting businesses and individuals at risk.

Early Days of Spam

The first recorded instance of “spam” actually occurred well before the invention of the Internet. In 1864, British politicians received a knock on the door, along with a telegram message; the politicians were terrified a war had broken out. But when they received the telegram, it did not tell of war or death, but an advertisement for a local dentistry. The politicians were understandably irritated and told the press about this occurrence, further amplifying the dentistry’s message as well [1]. Ultimately, this story shows how annoying (yet successful) spam messages can be. And when the Internet broke into the mainstream in the 1990s, pranksters and cybercriminals set their sights on the new, burgeoning medium.

As Internet use became more widespread, emails became the main target for spammers. In fact, in 2008, spam was so prevalent, it constituted 92.6% of all emails sent [2]. Although email was quickly becoming a valuable tool at home and the workplace, spam still made up the vast majority of all emails sent. Thankfully, in 2019, that number dropped to 28.5%. However, that number shows how spammers have simply found new, more successful ways to inundate users with ads and scams.

Unfortunately, many spam emails became more than annoying advertisements and sought to harm users as well. These scam emails seek to trick the receiver, typically by masquerading as another person. A well-known example is the “Nigerian prince” phishing scam, where the scammer promises a large sum of money in exchange for a smaller, upfront payment by the receiver. However, when the receiver makes the payment, the scammer does not fulfill their promise, making away with the upfront payment. While the success rate of this scam is low, it worked often enough to become profitable to scammers.

Modern-Day Scams and Spam

Now, spammers have diversified their targets, attacking people with more advanced social media and email scams. One prevalent example is a phishing scam that seeks access to personal Facebook accounts. In this scheme, scammers typically send a vague message with a link. When the user clicks the link, they see what appears to be a Facebook login page, but is actually a webpage masquerading as Facebook. Unsuspecting users then log in to the fake page, unknowingly giving their login information to the scammers. The crooks then have control of the account, then often post ads and try to trick the account’s friends with the same scheme.

Other modern scams use similar techniques, where the scammer typically disguises their email as an official work email. One example of this is CEO Fraud, where scammers, who pretend to be the CEO of the company, email lower-level employees at a business. The emails, typically written with an urgent tone, instruct employees to wire money to an account connected to the scammer. And while most employees don’t fall for this trick, the small amount that do lead to big paydays for scammers.

In addition, with the rise of cryptocurrencies and their decentralized, anonymous nature, crypto scams have become more prevalent as well. The most prominent example of this occurred in 2020, when 45 popular Twitter accounts were hacked, including Barack Obama, Bill Gates and Kim Kardashian. The accounts Tweeted identical messages, promising to double the value of Bitcoin that users send to a cryptocurrency wallet. While the Tweets were quickly taken down, the scammers still received over $100,000 in Bitcoin from users in that short period [3].

Tips to Avoid Scams

While many tips to avoid Internet scams may seem like common sense, it’s still important to review ways to protect yourself. After all, spam and scams are still evolving; we don’t know how these criminals will target their victims in a few years. So it’s crucial to stay informed on ways to protect yourself from these scammers.

Don’t click on anything from unknown accounts

This is the main way scammers can hack into your account and post spam. Just one click can give access to your entire account to the scammers. Only click on links from accounts and people you trust. If someone messaged you, and you’re not sure who it is, never click a link.

Check the email address

While this may sound obvious, double-checking emails can save you or your company from chaos. Scammers can make their emails look incredibly similar to official work emails; the only difference being a slightly different email address. For example, an email from help@google.com is safe. An email from help@google-admin.com is not safe. Before clicking a link, always double-check the email address to make sure it’s from the official site.

If it sounds too good to be true, it probably is

If you receive a message promising to double your money quickly, it is almost certainly a scam. Any message that promises thousand-dollar gift cards or free iPads simply wants your information to pile you with spam. Unless you’ve entered a sweepstakes, any message saying you’ve won something valuable is almost certainly fake.

AXEL’s Efforts to Can Spam

AXEL is committed to protecting your data, including protection from scammers, spammers, and cybercriminals. That’s why AXEL Go uses industry-leading data encryption, blockchain technology, and digital “shredding” to protect your data. As scammers evolve their practices, so does AXEL. For example, AXEL Go uses a system of decentralized servers to transfer your documents. So even if hackers gained access to a server, your files are still safe and uncompromised. To try out AXEL Go’s unparalleled data security, sign up for a two-week free trial here

[1] “Getting the Message, at Last.” The Economist. December 15, 2007. https://www.economist.com/node/10286400/print?story_id=10286400.

[2] Johnson, Joseph. “Spam E-mail Traffic Share 2019.” Statista. January 25, 2021. https://www.statista.com/statistics/420400/spam-email-traffic-share-annual/.


[3] Iyengar, Rishi. “Twitter Blames ‘coordinated’ Attack on Its Systems for Hack of Joe Biden, Barack Obama, Bill Gates and Others.” CNN. July 16, 2020. https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html.

Cyber Monday Attracts Cybercriminals

Black Friday and Cyber Monday have been merging for years. This year, amid a global pandemic, the trend is likely to accelerate. With almost 1/3rd of historically in-store shoppers claiming they will only shop online this year[1],  hackers and online fraudsters will assuredly be on the prowl. Here are some of the most common scams to watch out for and how to avoid them.

Popular Cyber Monday scams

Most of these cons aren’t exclusive to Cyber Monday, but the influx of online shoppers during the time period does magnify thieves’ efforts.

Phishing emails

‘Tis the season for shady emails. Since legitimate retailers send emails en masse during Cyber Week to advertise deals, many fraudulent phishing attempts slip through the cracks. These emails will look like they’re from an established brand but are really trying to trick you.

We recommend being suspicious of any brand emails sent during Cyber Week and checking the sender’s address to ensure it appears valid. Do not trust any address not instantly recognizable as being credible. Never click links or open attachments in these emails. Navigate to the brand’s website via your browser and see if the promotion is there too. If it is, make the transaction through the website rather than clicking any email links.

Fake social media offers

Even Black Friday and Cyber Monday deals have limits to their believability. Cybercriminals make fake social medial accounts to take advantage of consumers wanting the best bargains. These accounts will post up too-good-to-be-true offers with malicious links or bogus surveys with the promise of free rewards.

The easiest way to avoid these scams is not to get caught up in the fear of missing out on a once-in-a-lifetime deal. The truth is, most of these are ploys to infect your system or steal sensitive personal information. Don’t follow strange Twitter accounts shilling pie-in-the-sky promotions.

Formjacking

Also known as “e-skimming,” formjacking is an especially deceptive way to scam unsuspecting online shoppers. Here, the bad actor is able to inject malicious code into otherwise legitimate retail sites. The malware executes once the shopper enters their payment information. Then, the script scrapes the credit card information and transmits it back to the hacker.

Cyberthieves target third-party plugins on e-commerce websites to find vulnerabilities. This makes it difficult for retailers to spot the problem before it becomes a huge issue since it doesn’t even occur in their controlled system. Although smaller companies without the resources to staff large IT teams are most affected, large corporations are also not immune. For example, in 2018, online ticket vendor Ticketmaster suffered a formjacking incident that exposed customer’s personal information and payment data[2].

Preventing formjacking as a consumer is difficult, if not impossible. The website is legit, and there’s no signal that the payment form is compromised. Shop trusted sites you’ve ordered from previously and use a credit card instead of a debit card number, if possible. Typically, credit cards offer more comprehensive fraud coverage than debit cards. You won’t be liable for the vast majority of fraudulent credit card charges. Just remember to pay it off immediately!

Man-in-the-middle attacks

This is a cyberattack where the hacker compromises a network and inserts themselves between two other parties. The attacker can then intercept and alter the information relayed between these parties. A common example of a “man-in-the-middle” attack is when a threat actor gains control of a public WiFi access point. Everyone connecting to the public WiFi is then at the mercy of the cybercriminal.  Hackers typically accomplish this in one of two ways:

Hacking the router. If the router used for a businesses’ WiFi is in a public area,  or there is a nefarious employee, the router itself is susceptible to a hack. Small companies, such as local restaurants, usually lack sufficient IT personnel to prevent these breaches.

Setting up a fraudulent access point. Sometimes, the fraudsters don’t even have to hack anything. They simply set up their own unauthorized WiFi access point and name it deceptively. This tricks customers into connecting to harmful networks.

Companies should keep their routers out of public spaces and only allow trusted employees to deal with them. However, the best way to prevent these occurrences is for customers to refrain from using public WiFi altogether. Use your cellphone data whenever you can. Cellular networks are much more challenging to crack.

Counterfeit goods

Here’s a new twist on an old classic. Cyber Monday is a massive opportunity for counterfeiters to sell their inauthentic wares. In a bit of irony, counterfeiters may actually charge more for their fakes than usual while still making it look like a great sale to their victims. So, before you click the checkout button on that incredible deal from Gucci-Bag-Sales-4-You.com, think twice. Is the website reputable? If not, you should probably pass.

Check online to see if there are validated reviews for the site before you buy. If there’s even a hint of fake reviews, steer clear. Verify how long the company has been in business. One trick is to perform a WHOIS lookup on the domain. Copy and paste the web address into the WHOIS lookup box and hit the search icon. Then, search for the “Creation Date” attribute within the returned information. If the site was registered recently, that’s a major red flag.

Stay safe

Black Friday, Cyber Monday, and all of Cyber Week are fantastic times to save big on your favorite products. But you have to be safe and vigilant to prevent hacks, data breaches, and other scams. Please don’t get fooled by those looking to leverage other people’s greed to satisfy their own.

AXEL is passionate about data security. That’s why our motto is “Securing data at rest and in motion.” We are a company that’s always utilizing new technologies to offer more robust protection for your information. If you’d like to learn more about our philosophy and software solutions, such as our secure, privacy-focused file-sharing platform, AXEL Go, please visit axelgo.app today.

 

 

[1] Emily Eberhard, “How the pandemic may affect holiday shopping”, July 2020, Think With Google, https://www.thinkwithgoogle.com/consumer-insights/consumer-trends/pandemic-holiday-shopping/

[2] John Leyden, “Ticketmaster gatecrash: Gig revelers’ personal, payment info glimpsed by support site malware”, The Register, June 27, 2018, https://www.theregister.com/2018/06/27/ticketmaster_support_bot_hack/