Cybersecurity giant Avast has published its Q4 2022 Threat Report, taking a close look at the type of scams targeting vulnerable users.
Some of the most notable scam types included social engineering which exposes human error, like refund and invoice fraud tactics, as well as supposed tech support scams. Lottery-themed adware campaigns remained just as prevalent, as they have done in previous quarters.
Besides scams, the company noted a pair of zero-day exploits in Chrome and Windows, which have since been patched, highlighting the importance for users to keep software up-to-date.
Popular email scams
Avast Malware Research Director Jakub Kroustek explained that cybercriminals accredit a large proportion of their success to human nature, which sees us reacting with urgency, fear, and trying to regain control of issues.
Kroustek’s advice is: “When people face surprising pop-up messages or emails, we recommend they stay calm and take a moment to think before they act.”
An alarming increase in refund and invoice fraud was noted during the final months of 2022 leading up to Christmas, which saw fooled users given malicious actors control to their screen and online banking. Instead of calling the number on the scam email, unsure users may want to head directly to the platform’s website and use a number that they’re sure of.
Data theft also occurred in several lottery-type popups, as well as the Arkei information stealer which saw a staggering 437% increase. Arkei is known for stealing information from browsers’ autofill forms, among other sources.
Finally, a pair of zero-day exploits were found in Google Chrome and Windows. Avast says that both companies were notified and reacted promptly, helping to minimize risk to users.
- All this talk of scams got you worried? Try one of the best firewalls or use the best ID theft protection tools
