Every arrival of a big popular event is the same thing: cybercriminals take advantage of these dates to act with the most varied approaches. And one type of attack has been highlighted on the eve of Easter this year: malicious content in fraud attempts via direct messages on social networks.
The bandits are taking advantage of the increase in Easter eggs in 2023, with values up to 35% above last year, according to the market intelligence company Horus. Due to this rise, many people have chosen to send virtual cards direct messages (or DMs) on social networks and content via messengers.
Threats are disguised as basic text messages, or more elaborate, with images. In addition to apps like iMessage, Telegram and WhatsApp, criminals have also explored extensions (add-ons) of communication platforms to send malicious links or bait for bigger scams.
How to identify fraudulent messages from Easter Scams?
While most scraps are safe, it’s important to take a few seconds before clicking on a link or replying to a direct message, just to make sure it’s genuine. Scammers use fraudulent content to trick the user into clicking on a malicious link.
The goal is to get the user to enter login credentials or account numbers; or share personal information in a practice known as phishing. These messages sometimes contain spelling or grammatical errors; or use strange phrases.
However, with the rise of artificial intelligence tools like ChatGPT, scammers can clean up spelling and grammatical errors, making it harder to spot fraudulent messages.
Other warning signs are:
- Unexpected contact from an unknown phone number or a number claiming to be from a legitimate organization;
- Urgent or threatening language, such as a notice that your account will be closed if you do not provide personal information;
- Request to click on a link to update personal data or log in to the account;
- Bonus, reward or cashback offer;
- Request processing or administrative fee in advance.
How to protect information in direct messages from Golpe na Easter?
Security firm McAfee lists two tips that can help users protect personal information from direct messaging scams:
- Be skeptical of messages from unknown senders, urgent notices, refund offers, or requests to log into your account. Carefully check any links contained in the message before clicking. Go directly to the company’s website instead of clicking on an embedded link;
- There are many “mods”, or application modifiers, in app versions that bring additional functionality to direct messaging applications; or offer ways to bypass communication blocks in some countries. These “mods” are frequent targets for malware or spyware. So avoid them.
