New Study From Gen Reveals Over 600% Rise in 'Scam-Yourself' Attacks

Uploaded on 2025-02-05 in FREE TO VIEW

promotion

In a startling revelation from Gen's latest Threat Report, cybersecurity experts have identified an unprecedented surge in what’s being termed "scam-yourself" attacks, with incidents skyrocketing by 614% in recent months.

This dramatic increase signals a concerning shift in cybercriminal tactics, moving away from traditional attack vectors toward methods that exploit human psychology to bypass security measures. 

Gen is far from the only people who seem to have noticed this trend, either. Proofpoint, another large cybersecurity company, saw a 53% rise in phishing attempts in 2021 compared to the previous year. The data is clear - attackers are now targeting a system's human element more than ever. 

Understanding the Rise of 'Scam-Yourself' Attacks

Unlike conventional cyberattacks where criminals attempt to breach systems directly, 'scam-yourself' attacks represent a sophisticated evolution in social engineering. These attacks succeed by manipulating users into voluntarily downloading malware or compromising their own security, effectively turning victims into unwitting accomplices in their own breach.

The genius (and danger) of these attacks lies in their simplicity. By convincing users to take actions that appear legitimate or necessary, cybercriminals bypass many traditional security measures that organisations have spent years implementing. The attack's success relies not on sophisticated malware or zero-day exploits but on human psychology and social engineering. This also means that the breach can lay undetected far longer than traditional exploits. 

Common Types Of 'Scam-Yourself' Attacks

These deceptive attacks manifest in several forms, each designed to appear legitimate while concealing malicious intent:

Software Update Deception: Users receive convincing notifications about critical software updates, complete with familiar branding and urgent messaging. When users follow the prompt to "update," they actually download malware instead.

License Expiration Schemes: Attackers create authentic-looking alerts warning users about expired licenses for common software. The resulting "renewal" process leads to malware installation or credential theft.

System Optimisation Tricks: Pop-ups or advertisements promise to improve system performance, often mimicking legitimate system messages. Users who engage with these prompts inadvertently install malicious software.

Protecting Against 'Scam-Yourself' Attacks

Organisations and individuals can implement several strategies to guard against these increasingly prevalent threats. 

From investing in the necessary security tools to supporting IT and security professionals to study a master's in cyber security and increasing general awareness, there are ways to protect against cyberattacks like these.
Some of the key protective measures include:

Comprehensive Employee Training

Regular security awareness training remains crucial, with a specific focus on recognising social engineering tactics. Employees should understand that legitimate software updates typically come through official channels, not unexpected pop-ups or emails.

Robust Security Protocols

Organisations should implement strict software installation policies and maintain centralised update management systems. This prevents individual users from falling victim to fake update prompts and unauthorised software installations.

Technical Controls

Deploy advanced endpoint protection solutions that can detect and block suspicious download attempts, even when initiated by users. Email filtering systems should be configured to identify and quarantine messages containing suspicious download links.

Verification Procedures

Establish clear procedures for verifying software update requirements and license renewals. This might include consulting IT departments before proceeding with any system modifications or software installations.

Looking Ahead

The unprecedented rise in ‘scam-yourself’ attacks is a sign of a significant paradigm shift. It is clear that attackers have identified the fact that the weakest link in modern security systems is the human that operates it. 

Safety standards like encryption protocols have become so ubiquitous that using the human element to break through seems to be the most viable (and often the easiest) alternative. This trend is a worrying change. As bad actors will inevitably get better at social engineering and getting past defence strategies, organisations will struggle to keep up. It is also a sobering reminder that cybersecurity is not just about technical control. The industry will need human-centric security strategies across the board. 

For security professionals and organisations looking to stay ahead of these emerging threats, continuous education and upskilling are essential. Advanced qualifications as well as constantly keeping on top of the emerging patterns in the industry, is a must-have. 

The future of cybersecurity seems to be in the integration of a human-centric approach and maintaining unrelenting technical barricades to attacks. As new threats take shape across industries, cybersecurity will need to evolve with it or run the risk of getting caught off guard.

Image: Pixabay

You Might Also Read:

Protecting Patient Privacy: Cybersecurity Priorities For Healthcare:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Lessons Learned From The Salt Typhoon Hacks
Cyber Threat Forecast Part 2 - India    »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Open Information Security Foundation (OISF)

Open Information Security Foundation (OISF)

OISF is a non-profit organization led by world-class security experts, programmers, and others dedicated to open source security technologies.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

HackHunter

HackHunter

HackHunter’s passive sensor network continuously monitors, detects and alerts when a malicious WiFi network and/or hacking behaviour is identified.

Cyber Intelligence House (CIH)

Cyber Intelligence House (CIH)

Cyber Intelligence House provides risk exposure solutions for a wide range of audiences including companies, government agencies, regulators, investors, law enforcement and consumers.

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

ThreatER

ThreatER

ThreateER (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.

Star Lab

Star Lab

Star Lab specializes in the development and productization of embedded security technologies.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.

Sandfly Security

Sandfly Security

Sandfly focuses on Linux security that is high performance, high stability, high compatibility, and low risk.

Anagram

Anagram

Anagram is the world’s first human-driven security awareness training platform that delivers real results.