Cryptoscams Drive 189% Increase in Phishing Attacks Exploiting Google Services

Kaspersky are highlighting the surge in attempts to access phishing resources mimicking Google services. In January 2023, experts witnessed a 189% increase in attempts worldwide, (compared to December 2022), with the trend set to continue in February. Such phishing pages are designed to lure unsuspecting users into giving up their login credentials, allowing attackers to gain access to multiple users and accounts within a company’s ecosystem.

Google’s YouTube video hosting platform is a particular target for fraudsters, as they can use it to rapidly achieve their goals. Kaspersky has observed a fraudulent scheme where attackers gain access to the account of a popular vlogger, change the background and profile avatar, then start broadcasting their own video.

One such video, dedicated to cryptocurrencies and exploits already existing stream with Elon Musk, was used to persuade viewers to follow a QR code shown on the screen. One of the links led to a scam resource allegedly hosting a cryptocurrency raffle, putting users’ money and personal data at risk.

An example of a phishing page mimicking YouTube

 

“Phishing attacks continue to evolve and become more sophisticated, with cybercriminals exploiting popular online services like Google to trick users into giving up their personal information. The rise of malicious exploitation of video content, as seen in this recent cryptoscam on YouTube, adds another layer of deception, making it even more difficult for users to distinguish between what’s real and what’s not. It’s essential users take proactive steps to secure their accounts and data, such as using strong passwords, two-factor authentication, and reliable security solutions,” comments Roman Dedenok, a security expert at Kaspersky.

To stay protected from such threats, Kaspersky experts also recommend:

• Use strong and unique passwords: Create strong and unique passwords for each of your accounts and avoid using the same password for multiple accounts. Use a combination of uppercase and lowercase letters, numbers, and symbols to create a password that’s difficult to guess.
• Set up two-factor authentication: Two-factor authentication adds an extra layer of security to your accounts by requiring a second form of identification, such as a code sent to your phone or an authentication app, in addition to your password.
• Be cautious of suspicious emails and messages: Don’t click on links or download attachments from unknown senders and be wary of messages that ask for your login credentials or personal information.
• Use a security solution: Install a reliable security solution, like Kaspersky Premium to protect your device from malware and phishing attacks. Make sure to keep the software up to date and run regular scans.
• Verify the authenticity of sources: Verify the authenticity of websites and sources before clicking on links or entering any personal information. Be wary of suspicious-looking websites or unfamiliar domains.

February 22, 2023