New Study From Gen Reveals Over 600% Rise in 'Scam-Yourself' Attacks

Uploaded on 2025-02-05 in FREE TO VIEW

promotion

In a startling revelation from Gen's latest Threat Report, cybersecurity experts have identified an unprecedented surge in what’s being termed "scam-yourself" attacks, with incidents skyrocketing by 614% in recent months.

This dramatic increase signals a concerning shift in cybercriminal tactics, moving away from traditional attack vectors toward methods that exploit human psychology to bypass security measures. 

Gen is far from the only people who seem to have noticed this trend, either. Proofpoint, another large cybersecurity company, saw a 53% rise in phishing attempts in 2021 compared to the previous year. The data is clear - attackers are now targeting a system's human element more than ever. 

Understanding the Rise of 'Scam-Yourself' Attacks

Unlike conventional cyberattacks where criminals attempt to breach systems directly, 'scam-yourself' attacks represent a sophisticated evolution in social engineering. These attacks succeed by manipulating users into voluntarily downloading malware or compromising their own security, effectively turning victims into unwitting accomplices in their own breach.

The genius (and danger) of these attacks lies in their simplicity. By convincing users to take actions that appear legitimate or necessary, cybercriminals bypass many traditional security measures that organisations have spent years implementing. The attack's success relies not on sophisticated malware or zero-day exploits but on human psychology and social engineering. This also means that the breach can lay undetected far longer than traditional exploits. 

Common Types Of 'Scam-Yourself' Attacks

These deceptive attacks manifest in several forms, each designed to appear legitimate while concealing malicious intent:

Software Update Deception: Users receive convincing notifications about critical software updates, complete with familiar branding and urgent messaging. When users follow the prompt to "update," they actually download malware instead.

License Expiration Schemes: Attackers create authentic-looking alerts warning users about expired licenses for common software. The resulting "renewal" process leads to malware installation or credential theft.

System Optimisation Tricks: Pop-ups or advertisements promise to improve system performance, often mimicking legitimate system messages. Users who engage with these prompts inadvertently install malicious software.

Protecting Against 'Scam-Yourself' Attacks

Organisations and individuals can implement several strategies to guard against these increasingly prevalent threats. 

From investing in the necessary security tools to supporting IT and security professionals to study a master's in cyber security and increasing general awareness, there are ways to protect against cyberattacks like these.
Some of the key protective measures include:

Comprehensive Employee Training

Regular security awareness training remains crucial, with a specific focus on recognising social engineering tactics. Employees should understand that legitimate software updates typically come through official channels, not unexpected pop-ups or emails.

Robust Security Protocols

Organisations should implement strict software installation policies and maintain centralised update management systems. This prevents individual users from falling victim to fake update prompts and unauthorised software installations.

Technical Controls

Deploy advanced endpoint protection solutions that can detect and block suspicious download attempts, even when initiated by users. Email filtering systems should be configured to identify and quarantine messages containing suspicious download links.

Verification Procedures

Establish clear procedures for verifying software update requirements and license renewals. This might include consulting IT departments before proceeding with any system modifications or software installations.

Looking Ahead

The unprecedented rise in ‘scam-yourself’ attacks is a sign of a significant paradigm shift. It is clear that attackers have identified the fact that the weakest link in modern security systems is the human that operates it. 

Safety standards like encryption protocols have become so ubiquitous that using the human element to break through seems to be the most viable (and often the easiest) alternative. This trend is a worrying change. As bad actors will inevitably get better at social engineering and getting past defence strategies, organisations will struggle to keep up. It is also a sobering reminder that cybersecurity is not just about technical control. The industry will need human-centric security strategies across the board. 

For security professionals and organisations looking to stay ahead of these emerging threats, continuous education and upskilling are essential. Advanced qualifications as well as constantly keeping on top of the emerging patterns in the industry, is a must-have. 

The future of cybersecurity seems to be in the integration of a human-centric approach and maintaining unrelenting technical barricades to attacks. As new threats take shape across industries, cybersecurity will need to evolve with it or run the risk of getting caught off guard.

Image: Pixabay

You Might Also Read:

Protecting Patient Privacy: Cybersecurity Priorities For Healthcare:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Lessons Learned From The Salt Typhoon Hacks
Cyber Threat Forecast Part 2 - India    »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Belden

Belden

Belden is a global leader in signal transmission and security solutions for mission-critical applications in enterprise and industrial markets. Belden brands include Hirschmann and Tofino Security.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

Conference Index

Conference Index

Conference Index provides an indexed listing of upcoming meetings, seminars, congresses, workshops, summits and symposiums across a wide range of subjects including Cybersecurity.

Findcourses.com

Findcourses.com

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Knownsec

Knownsec

Knownsec provides customers with cloud defense, cloud monitoring, and cloud mapping products and services with "AI + security big data" as the underlying capability.

VT Group (VTG)

VT Group (VTG)

VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace.

Quantum Bridge

Quantum Bridge

Our unbreakable key distribution technology ensures the highest level of protection for your critical infrastructure and sensitive data in an evolving digital landscape.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.

Digital & Intelligence Service (DIS)

Digital & Intelligence Service (DIS)

DIS is the fourth Service of the SAF, here to defend and dominate in the digital domain, and achieve peace and security for our land.