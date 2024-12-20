BY Stu Sjouwerman4 minute read

Phishing scams are forever growing, becoming more sophisticated and harder to detect.

While most people have learned to spot obvious phishing attempts, a new wave of sophisticated scams is emerging that catches even the most vigilant users off guard. From AI-powered deepfakes that swap faces and mimic voices, impersonate celebrities, and produce fraudulent funeral livestreams, knowing about these lesser-known phishing threats will help you and your business avoid becoming the next victim. 1. THE ‘WE KNOW WHERE YOU LIVE’ SCAM In this scam, which is a variation of sextortion, scammers obtain private information from online data breaches and use that to run extortion campaigns. They send targeted emails, addressing victims by their first and last name, mentioning their telephone number and using photos of their home (allegedly taken from Google Maps Street View). They claim to have used your laptop camera to film private videos of you. They threaten to release this sensitive content unless a ransom is paid. Scammers demand anywhere from $500 to $2000 in Bitcoin, sometimes supplying a QR code for easy payment.

Subscribe to the Compass newsletter. Fast Company's trending stories delivered to you daily Privacy Policy | Fast Company Newsletters

2. THE FAKE FUNERAL LIVESTREAM Con artists have begun targeting mourners on social media by hosting fake funeral services. The plot begins when a memorial service is posted on Facebook or elsewhere announcing the deceased. Scammers pounce on the opportunity, use stolen photos of the deceased, and paste fake live stream URLs in the comments section. There are two variations to this scam. In the first, a posted link takes grievers to a fake website where they are asked to pay a small online fee (using a credit card) to watch the virtual funeral online. The virtual funeral obviously doesn’t exist. The second variation is where scammers request donations on behalf of the deceased’s family.

3. THE CELEB AI CASH GRAB Cybercriminals use AI to create hyper-realistic videos (a.k.a. deepfakes) featuring well-known celebrities to con people out of money. For instance, fraudsters have taken to YouTube with manipulated videos of Elon Musk that combine authentic footage from his public appearances with AI-altered audio tracks. These videos are typically broadcasted from hijacked YouTube channels that already have thousands of subscribers. When a live video is posted, it triggers a go-live notification to subscribers. A QR code is shown, urging viewers to jump on Elon’s latest cryptocurrency craze. 4. THE FAKE SHOPPING LIST ATTACK

advertisement

When searching for Walmart customer service, users encounter a sponsored search result that displays Walmart’s official URL. Clicking on the URL takes the unsuspecting victim to a malicious shopping list created by scammers. While shopping lists are generally harmless, in this case, they’re populated with fake contact information that serve as landing pages for Google ads. Since the URL is technically the legitimate Walmart website, users are convinced it is an official Walmart contact. The victim dials the fake customer service number listed on the page and interacts with a scammer posing as a customer service rep. The victim is informed that a large purchase was made on their account. The victim then passes through a multi-layered campaign where scammers assume roles of a supervisor, a bank employee, and a false FTC investigator. They use scare tactics and coercion to manipulate the victim into giving up their bank details and social security number. 5. THE FAKE EVENT TICKET SCAM If you buy event tickets online, it’s likely you’ve interacted with platforms like Eventbrite that enable organizers to create and promote events. However, scammers are abusing this platform to steal money and personal information. They create email invitations complete with legitimate-looking logos and branding to deceive buyers. Since the invite is triggered from the Eventbrite platform, the email evades detection by email and anti-spam filters. When the buyer clicks on the email, they are taken to a dodgy webpage controlled by cybercriminals. This page prompts the buyer to enter personal data such as login credentials, tax identification, or credit card.