In 2023, the public primarily confronted two varieties of online scams: the technical and the topical.
Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. A team of hackers can, say, boost their own info-stealing websites through Google search results, providing a veneer of authenticity to their malicious intent. These scams can involve vast criminal segmentation and coordination between malware developers, code writers, and hackers who sometimes also infect legitimate websites with dangerous tools.
Topical scams, on the other hand, are simpler. By leveraging major news events or luring users with too-good-to-be-true deals, cybercriminals trick victims into giving away their vital credit card information through cyberspace.
Both are dangerous, both are effective, and both had their fair share of sneaky examples this year.
With the holiday over, we at Malwarebytes Labs wanted to look back on four of the sneakiest online scams we saw last year.
Forged in fire, fraud on Facebook
In November, an insulated tumbler made by the drinkware company Stanley allegedly survived a roaring fire that sadly destroyed a womanâs car. The car owner, Danielle Marie Lettering, posted a video on TikTok that showed a Stanley tumblerâmerely singedâinside a wrecked Kia.
âEverybody is so concerned if the Stanley spills but what else,â Lettering said in the video she posted. âIt was in a fire yesterday and it still has ice in it.â
Letteringâs TikTok video has more than 90 million views and a wealth of comments about first-time interest in Stanleyâs products.
And right on time, just weeks later, Malwarebytes Labs spotted a fraudulent Facebook adâposing as a legitimate sale from Dickâs Sporting Goodsâselling the now-storied Stanley Quencher cup for just $19, a steal compared to Amazon listings near $45.
Users who clicked on the ad were not taken to the legitimate website for Dickâs Sporting Goods, but instead routed to a website where the payment processor was registered in Hong Kong.
Sprung just before Black Friday, this scam had it allâthe urgency of an annual mega-shopping event, the name of a recognized and trusted online retailer, and the allure of a once-benign product now launched into viral celebrity.
WoofLocker sends victims into a redirection labyrinth
Tech support scams often follow a similar plot: Cybercriminals will place malicious ads online that label a bogus phone number for everyday users who are experiencing common tech problems. When those users look up their tech troubles online, theyâll see results that display the scammersâ phone number, fooling them into calling what they think is a legitimate helpline, only to be led through a series of social engineering tricks to eventually hand over their money.
But the tech support scam held up by âWooflockerâ is different.
Wooflocker does not rely on malicious advertising (also known as malvertising). Wooflocker only ensnares victims who, of their own accord, visit any of several compromised websites.
With every visit to a compromised website, a user is surreptitiously âfingerprintedââif their IP address, computer environment, and cyber-defenses (or lack thereof) are all preferable to the hackers behind Wooflocker, then those website visitors are redirected to another domain with a URL that is created then and there by Wooflockerâs hacking scripts.
Malwarebytes Labs first spotted Wooflocker in 2020, and even then, we learned that the cybercriminals behind it had likely been building out their web traffic redirection machine since 2017. But in the years since we last checked in, Wooflocker has become more sophisticated. The current iteration of Wooflocker now relies on web hosting services in Bulgaria and Ukraine, which could potentially provide added protection against any takedown efforts.
The âlogout kingâ gets pinned
In March, the reporting outlet ProPublica revealed that, after months of investigation, it had likely tracked down one of the most notorious online scammersâthe self-proclaimed âlog-out king,â also known as OBN Brandon.
OBN Brandonâs trick is almost always the same. He reports accounts of growing Instagram influencers to the customer service department of Meta, the company formerly known as Facebook, which also owns Instagram. Once he wrongfully enacts a ban on the account, OBN Brandon reaches out to the person behind the account and says he can bring it backâfor a price.
As to how OBN Brandon convinces Metaâs customer support to take down an account, there are multiple tactics. According to ProPublica:
âIn some cases OBN hacks into accounts to post offensive content. In others, he creates duplicate accounts in his targetsâ names, then reports the original accounts as imposters so theyâll be barred for violating Metaâs ban on account impersonation. In addition, OBN has posed as a Meta employee to persuade at least one target to pay him to restore her account.â
Once a simple image-sharing tool, Instagram has now ballooned into a business platform for countless influencers who take promotional offers from larger companies to be featured in posts and Reelsâwhich are short-form videos on the app. Similarly, many small businesses and entrepreneurs use the platform to self-promote and connect users to their products and services.
One OBN victim that ProPublica spoke to claimed that, before his account was targeted, he had been making between $15,000 and $20,000 a month simply from his Instagram account.
âPeople pay me all the time to post promos for music, crypto,â the individual told ProPublica. âI can make five, 10 grand by accident if I needed to. ⊠The moneyâs crazy.â
In its investigation, ProPublica identified a 20-year-old Nevada man as a likely operator or affiliate behind OBN Brandon. Once the outlet gave more details to Meta, Meta sent a cease-and-desist order to the man, also banning him from the platform.
In their villain era
For years, Taylor Swift fans were starving.
Not since 2018 had the most recent TIME Person of the Year produced a full-fledged world circuit tour. But in 2023, that changed, when Swift began her âErasâ tour, a globe-spanning celebration of her past albums that, on stage, delighted audiences for three-and-a-half hours every night, no matter the weather.
Still in production, Swiftâs âErasâ tour has already brought in literal billions for the pop star goddess, according to one Washington Post estimate.
But the tour has also brought in a significant payday for ticket scammers.
In June, just a few months into the start of the âErasâ tour, Attorney General Dana Nessel for the state of Michigan issued a warning to Swift fans in her state.
âMichigan residents who are defrauded by online ticket scammers should not just shake it off,â said Nessel. âWe know these scams all too well. If you believe you were taken advantage of, filing a complaint with my office is better than revenge.â
According to Malwarebytes Labsâ own reporting at the time, scams that preyed on the Eras tour were popping up all across the United States:
âOther locations for the tour are trying to get ahead of the scam curve, issuing their own warnings ahead of events where possible. For example, Cincinnati has highlighted tales of woe related to fake ticket sales on Facebook. Detroit flagged fake ticket sales on Instagram. CBC covered multiple fake sale attempts cheating folks in Canada out of significant chunks of money. Elsewhere, teens have lost out on $1,200 thanks to Craigslist scammers.â
With many, many, many more shows scheduled (the latest of which is in December 2024), stay alert.
We donât just report on threatsâwe remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
