Cryptoscams drive 189% increase in phishing attacks exploiting Google services
Today, Kaspersky highlights the surge in attempts to access phishing resources mimicking Google services. In January 2023, experts witnessed a 189% increase in attempts worldwide (compared to December 2022), with the trend set to continue in February. Such phishing pages lure unsuspecting users into giving up their login credentials, allowing attackers to access multiple users and accounts within a company’s ecosystem.
Google’s YouTube video hosting platform is a particular target for fraudsters, as they can use it to achieve their goals rapidly. Kaspersky has observed a fraudulent scheme where attackers gain access to the account of a popular vlogger, change the background and profile avatar, then start broadcasting their video.
One such video, dedicated to cryptocurrencies and exploiting existing streams with Elon Musk, was used to persuade viewers to follow a QR code shown on the screen. One of the links led to a scam resource allegedly hosting a cryptocurrency raffle, putting users’ money and personal data at risk.
An example of a phishing page mimicking YouTube
“Phishing attacks continue to evolve and become more sophisticated, with cybercriminals exploiting popular online services like Google to trick users into giving up their personal information. The rise of malicious exploitation of video content, as seen in this recent crypto scam on YouTube, adds another layer of deception, making it even more difficult for users to distinguish between what’s real and what’s not. It’s essential users take proactive steps to secure their accounts and data, such as using strong passwords, two-factor authentication, and reliable security solutions,” comments Roman Dedenok, a security expert at Kaspersky.
To stay protected from such threats, Kaspersky experts also recommend the following:
- Use strong and unique passwords: Create strong and unique passwords for each account, and avoid using the same password for multiple accounts. Use a combination of uppercase and lowercase letters, numbers, and symbols to create a password that’s difficult to guess.
- Set up two-factor authentication: Two-factor authentication adds an extra layer of security to your accounts by requiring a second form of identification, such as a code sent to your phone or an authentication app, in addition to your password.
- Be cautious of suspicious emails and messages: Don’t click links or download attachments from unknown senders; be wary of messages asking for your login credentials or personal information.
- Use security solution: Install a reliable security solution, like Kaspersky Premium to protect your device from malware and phishing attacks. Make sure to keep the software up to date and run regular scans.
- Verify the authenticity of sources: Verify the authenticity of websites and sources before clicking links or entering personal information. Be wary of suspicious-looking websites or unfamiliar domains.
