Avast Threat Report shows a surge in social engineering

Avast Threat Report shows humans are better targets than software

Emma McGowan 14 Dec 2023

The latest Avast Threat Report identifies the most prominent targets for cybercrime—and it’s us.

When you think of cybercriminals, you might conjure up a movie image of people working in dark rooms with complex spreads of monitors filled with lines and lines of code as they try to break through the security of remote systems.  

And while that has some slight relationship to the real world, Avast Threat Labs’ latest findings show that online fraudsters aren’t focusing as much on breaking through software-based security. Instead, they’re opting to hack through human defenses to procure personal data, financial information, and cash. 

The autumn season usually marks a slowdown in online traffic and, thus, a decrease in cybercrime. That isn’t the case this year. Instead, Threat Labs detected a 50% uptick in blocked intrusion attempts, setting a new record at over one billion unique malware attacks for the quarter.   

Social engineering, malware, and web-based threats are at an all-time high. 

The increased threat of adware through ad-supported applications 

Adware has been with us for decades. It’s a class of malware that entices a user to install software that bombards our systems with advertising in browsers, apps, and on your desktop. If you or someone you know ever clicked on a pop-up advertisement to “Install this program to get…”, and installed it, then you’ve seen adware. It’s not necessarily illegal, but it’s absolutely a pain. 

In more recent and explicitly illegal instances, Threat Labs has detected adware on mobile devices that opens web pages and clicks on links while the device screen is off. These adware trojans can attempt to steal user login information, detect location information, and even attempt to make purchases on your behalf. 

How does adware get into your system?  

Going back to our movie villain example above, hackers aren’t as interested in trying to install threat applications themselves. It’s far easier to get you to do that work for them. The Threat Report indicates their preferred method of doing so is through any application (on your desktop, mobile, or tablet) that serves up ads from an outside market.  

Ad-supported mobile and desktop applications can’t necessarily control the advertisements they serve. All the scammers need to do is place compelling advertisements through the app platform that leads you to voluntarily install malware onto your system.  

The pattern is routine: 

  1. You install a legitimate app that’s supported by advertising 
  2. Scammers place ads for legitimate-sounding services through the app 
  3. The service they provide installs the malware that steals your information 

Social media platforms can serve ads for malvertising and phishing 

While you’re on your favorite social media websites, you might happen upon an article from a professional news outlet reporting big news: a billionaire philanthropist is launching an AI program to help families in financial need. 

Clicking on the article, which is actually an ad placed by scammers, leads you to a familiar-looking website that asks you to sign up for the program to begin receiving thousands of dollars per month. 

Of course, it’s a fraud, leading to installing malware that steals information from your device, or asks you to volunteer information to be used to help scammers gain access to your email and financial accounts. 

Like ad-supported applications, social media websites are overwhelmed with ad placements, and aren’t able to police every ad bought on their platform. Fake news stories claiming to share hot gossip or free money might pass a cursory inspection since it’s the websites where those ads lead that host the danger. 

Hackers and scammers weaponize social engineering to gain your trust 

Above and beyond malvertising and social media scams, hackers increasingly utilize social engineering (aka manipulating people into handing over money or valuable personal information) techniques to gain people's trust and gain access to their personal information and devices.  

You might feel like you’ve got a good eye for spotting scams, but scammers using messaging apps or even telephone calls are getting more sophisticated every day. Scam calls, for instance, have grown to sound exactly like real customer support calls. 

Tech support scammers often use social engineering tactics to impersonate tech support representatives from well-known companies. They may call or email you, claiming that your computer has been infected with a virus or that your account has been compromised. They will then try to convince you to give them remote access to your computer or to share your login credentials. Once they have access to your computer or your login credentials, they can steal your personal information, install malware, or even lock you out of your own device. 

Just a few minutes of reading can make you a smarter cyber citizen 

Cybercriminals are constantly evolving their tactics, so it is important to stay informed about the latest threats. The Avast Threat Labs report is a valuable resource for learning about the latest trends in cybercrime. By understanding how hackers operate, you can take steps to protect yourself from falling victim to their scams. 

To learn more about the latest threats and increase your threat intelligence, read the full Avast Threat Labs Report 

--> -->