Evri, Amazon and Paypal Among Brands Most Used by Scammers
With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks. Fraudsters will often employ fake websites, social media advertisements, or even auction websites to lure buyers in with enticing deals on expensive technology like smartphones, persuading them to make bank transfers, only to disappear after the payment is made.
Now research has identified how scammers have exploited the brand names of popular companies, finding that Evri, Amazon and PayPal are the most-used companies to trick people.
As phishing scams are increasingly used by scammers along with AI, the study – conducted by UK retailer Currys – also tested AI's ability to identify scam emails, but found that the technology missed around 10% of them.
The report found that delivery company Evri is the favourite brand scammers are using to target their victims, with 39,978 searches over the past year for “evri scam email”. These searches have also increased by 823% over the past 12 months, when comparing search volume in March 2023 to February 2024.
The next brand scammers hide behind most is PayPal with 28,900 searches over 12 months for “paypal scam email”, however, the monthly search volume for this has decreased by 19% over the past 12 months. And Amazon was the third brand most people were searching in relation to scam emails, with 14,000 annual searches for “amazon scam email”.
Report finds AI can’t detect 10% of scam emails
The study also used two forms of AI to analyse a mixture of 40 genuine and scam emails, asking it to identify whether the email was a phishing attempt or a genuine communication from a brand.
The study discovered that both AI assistants incorrectly identified 10% of the mixture of scam and legitimate emails fed to them. Perplexity was better at discovering the spam emails, correct in 28 out of 29 cases, compared to ChatGPT 4 which only identified 27 out of 29 correctly.
- Check the sender's email address: Legitimate companies use domain emails, which are usually the name of the company. Be wary of emails from a public domain (like @gmail.com or @yahoo.com) or with misspelled domains that look similar to real ones
- Look for poor spelling and grammar: Professional organisations proofread their communications. Frequent spelling and grammar errors can be a red flag. Although with the help of AI this will become less frequent
- Be sceptical of urgent requests for info: Phishing emails often create a sense of urgency, like threatening to close an account unless you update your information immediately. A legitimate company will never rush you in this way
- Don't click on suspicious links: Hover over any links in the email (without clicking) to see the URL or web address. If it looks strange or doesn't match the company's official website, don't click it. Some scammers will use link shorteners like Bit.ly to hide malicious links; brands are unlikely to do this
- Check for generic greetings: Phishing emails often use generic greetings like "Dear Customer" instead of your name. Companies you do business with usually personalise their emails. They may have tech sophisticated enough to take the first part of your email address however so be sure to sense check the greeting
- Beware of requests for personal info: Legitimate companies will not ask for sensitive information via email. Be cautious of emails requesting passwords, account numbers, or other personal details
- Look for inconsistencies: Sometimes, the scam is in the details. Check for slight variations in email addresses, links, and domain names. These errors might be easy to overlook at first glance, so check carefully
And when it came to legitimate emails, both recognised even less. Perplexity incorrectly categorised three genuine emails as spam and ChatGPT 4 did the same for two.
This highlights the increased sophistication of phishing emails, suggesting more of the public will fall victim to them, particularly as the National Cyber Security Centre (NCSC) said that AI would “almost certainly” increase the volume of cyber-attacks and heighten their impact over the next two years. This is due to cyber criminals using the technology to approach potential victims in a more convincing way by creating fake “lure documents” (such as scam emails) that don’t contain the translation, spelling or grammatical errors that tended to give away phishing attacks.
While even the savviest of shoppers can be fooled by a fraudster, maintaining good cyber hygiene can help to protect you from the majority of scams, Steve Bradford, Senior Vice President EMEA, SailPoint, told Cyber Magazine recently.
“Processes like multi-factor authentication, one-time passcodes from banks to authorise larger transactions, and complex login passwords all help maintain identity security. It sounds like common knowledge, but many of us know not to share passwords with others, yet we ignore this practice when it comes to sharing them across multiple applications and shopping online,” he told us.
“A shared password stolen from one application can be used to break into your other applications. Always consider ways to digital padlock your account and look over any online interaction with a sceptical eye.”
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
