Something is changing in the world of cybersecurity. In the first half of 2023, Avast researchers observed a notable shift in threat trends. While traditional consumer-focused cyber threats experienced a slight decline, social engineering, and web-related threats, such as scams, phishing, and malvertising, surged dramatically. According to the Avast Q2 2023 Threat Report, these threats accounted for more than 75% of Avast’s overall detections on desktops during the quarter, with scams alone contributing to 51% of the total detections. 

Cybercriminals are adapting and innovating alongside the rapid evolution of technology that we’ve all observed over the past year. They've leveraged AI tools to craft nearly perfect imitations of legitimate communication, making it increasingly difficult for individuals to differentiate between what is real and what isn't. Furthermore, the adoption of smishing—phishing through SMS–has capitalized on the high open rates and innate trust individuals place in text messages. 

The data from Q2 2023 signifies a shift in the cybersecurity landscape. Threat actors are opting for the psychological manipulation afforded by scams and phishing rather than the technical exploits found in traditional malware attacks. As a result, our defense must adapt, focusing not just on improving technological measures but also on building awareness and promoting skepticism towards unsolicited communication. 

Scam 1: Fake SHEIN gift cards 

For example, back in March we uncovered a new Instagram scam using fake SHEIN gift cards as lure. During Q2 we found that the scammers are widening their operations, covering more countries, such as Israel. They have also evolved and moved on from fake SHEIN gift cards to a maybe more appealing iPhone 14 scam targeting users in Mexico and Spain. 

The result is always the same: Instead of getting the deal they were looking for, the victims are instead subscribed to a service they know nothing about. 

Scam 2: Fake ransomware 

Avast Threat Labs also identified a new data extortion scam targeting companies via email, seemingly from a ransomware or data extortion cyber gang. The emails, addressed to employees by their full names, claim a security breach has occurred, with a significant amount of company information stolen, including employee records and personal data. Senders purport to be from ransomware groups like “Silent Ransom” or “Lockffit.” The emails press employees to notify their managers about the situation, threatening to sell the stolen data if ignored, and remind the recipients about the regulatory penalties of data breaches. 

However, these communications appear to be more scare tactics than actual extortion campaigns following a data breach. They are an effort to intimidate decision-makers into paying to prevent further consequences, like having their data sold or facing potential regulatory fines. There's no offered proof of the breach other than possession of the recipient's email and name. 

Avast has captured identical scam messages targeting different organizations, merely changing details like the recipient's name, the contact email, the supposed amount of stolen data, and even the alleged cybercriminal group. This modus operandi points to semi-automated attacks using a list of targets, akin to sextortion tactics. 

Scam 3: Sextortion 

And speaking of sextortion, the Avast team also uncovered a new sextortion campaign during Q2. Sextortion scams are email-based cyberattacks where the scammers claim to have taken control of your system, often saying they have recorded your activities through your device's cameras and demanding payment to keep your privacy intact. The scammers capitalize on the victim's fear and embarrassment, hoping for quick payment to avoid potential exposure. 

Scam 4: Cancer kid 

One of the nastiest scams we have detected is this disturbing crowfunding scheme exploiting public generosity. The scam involves a series of emotionally charged video ads, narrating the story of a cancer-stricken child named "Semion," soliciting urgent financial aid for his treatment. These videos, primarily in Russian with multilingual subtitles, have been shared on platforms like YouTube and Instagram, eliciting significant monetary donations from empathetic viewers directed towards a donation page offering multiple payment methods. 

In the face of these rising threats, it is essential to remember the fundamental rule of the Internet: trust, but verify. The shift towards a more scam-dominant threat landscape emphasizes the importance of digital literacy and security awareness among consumers. 

The surge in scams and phishing incidents during Q2/2023 underscores an evolving threat landscape that requires adaptable, informed, and proactive cybersecurity measures. The cornerstone of those measures must be comprehensive education and awareness initiatives aimed at enabling users to recognize and respond appropriately to these deceptive and damaging attacks. 

Read the full Q2 2023 Threat Report here.