A well-known cybersecurity problem is that attacks get progressively creative, challenging online security professionals and resulting in them frequently seeing attacks on an unprecedented scale. Which examples have pushed the boundaries most? 1. The Dyre Banking Scam Hackers like targeting the most lucrative sectors, so it’s no surprise banks frequently feature in cyberattacks. They’re either the businesses under threat or the subjects meant to entice consumers to take specific actions after receiving emails that seem to come from their banking institutions. A banking-specific scam first detected in 2014 used Dyre malware, which compromised victims’ browsers and stole credentials to log into financial institutions’ platforms and other secured interfaces. The scam started when someone received an email attachment supposedly containing an unpaid invoice. Additionally, the attachments contained malware designed to exploit unpatched vulnerabilities in recipients’ Adobe Reader software. These aspects showed creative thinking on the cybercriminals’ behalf. First, they knew such a vague but relevant-sounding attachment name about an invoice would catch people’s interest. Since life can get so hectic, someone might occasionally forget to pay for things. Spelling mistakes in the file name were hallmark characteristics of this cyberattack, but criminals presumably hoped people wouldn’t notice or care. The scammers also rightfully assumed their targets would not update their Adobe software frequently enough, creating many potential entry points for enterprising hackers. Once someone fell for the trick and downloaded the attachment, the malware copied itself and made the seemingly innocent “Google Update Service” on the person’s computer. It then set registry keys and began logging keystroke data before sending it to hackers. As of 2016, United States government authorities said all major antivirus software vendors’ products had detected this threat. However, the detection requires people to use and update such tools regularly. Bank employees carry out stringent know-your-customer procedures to prevent fraud and establish risk profiles. Those are undoubtedly necessary, but this scam shows how easily things can go wrong when customers fall for malware. 2. The WPP Deepfake Scam As technologies have advanced, cybercriminals’ creativity in exploiting them has, too. Artificial intelligence (AI) has become so believable that consumers have had to learn they can’t necessarily trust everything they see or hear due to elaborate deepfakes. The state of things came to the forefront for Mark Read, the CEO of WPP, a British multinational advertising and public relations company. The executive recently detailed a deepfake scam that exploited numerous platforms and media types. Read explained how hackers set up a new WhatsApp account and used a publicly available image of him as the profile picture. They used it to schedule a meeting on Microsoft Teams with another senior executive who thought they were engaging with Read. During the meeting, the cybercriminals deployed a voice clone and YouTube footage of Read, all while simultaneously interacting in the Microsoft Teams chat window to pose as him and fool the other attendee with material that looked, sounded and read like the leader. The goal was to convince an agency head to set up a new business, after which the scammers would get financial and personal details from them. This scam failed, and Read attributed that result to his company’s vigilance, including that of the targeted executive who did not respond as the hackers’ hoped. The CEO pointed out how everyone must be on guard against increasingly elaborate tricks, including those going beyond someone’s email inbox. Some tech experts suggest the blockchain is ideal for securing people’s vocal characteristics and preventing malicious parties from tampering with authenticated clips. However,  since the voices of well-known figures are on television, the radio, YouTube and even audiobooks, motivated cybercriminals have plenty of data to use. 3. Misleading AI Ads Targeting Small Businesses No company or person is wholly safe from cyber scams, but the effects of successfully orchestrated attacks are more disastrous for some victims than others. Small businesses are excellent examples because such organizations often lack the resources to recover fully and quickly. However, as a 2023 study showed, 73% of small businesses experienced cyberattacks, data breaches or both during the previous year. A 2024 report found cyberattacks were the top concern for 60% of respondents, suggesting those polled understand the threat’s severity. Unfortunately, scammers know small-business owners are excellent targets and may prey on victims’ desire to improve their workflows with new tech. Such was the case with a scam against small businesses that caught Google executives’ attention and resulted in company lawsuits against scammers. The tactics centered on Google Bard — the large language model now known as Gemini. The tech company’s first lawsuit was against bad actors who created social media profiles and advertisements encouraging small-business owners to download Bard. However, Google did not require people to download anything to use it; instead, it integrated the tool into many of its existing products. Those who fell for this scam expected that downloading something would let them use Bard. Instead, it gave them malware that compromised their social media profiles. From April to November 2023, Google filed approximately 300 takedown notices associated with this scam. It sought an order to prevent criminals from setting up similar sites and deactivating those currently on file with domain registrars. This scam stood out for creativity because it capitalized on Google’s brand recognition and people’s interest in trying a new product to make business operations more convenient. Truths Mixed With Lies These creative cyber scams prove those orchestrating them will stop at nothing to achieve their aims. Even when the efforts don’t pay off — as in the WPP deepfake case — they become warnings that people must always be on guard for things not being as they seem. After all, most online scams have truthful elements mixed with falsities. There was a product called Google Bard, but using it did not require downloading software. Mark Read is WPP’s CEO, but he never arranged or participated in that meeting about establishing a new business. These cases highlight the importance of thinking carefully before acting and verifying claims before making decisions that could have catastrophic consequences. A well-known cybersecurity problem is that attacks get progressively creative, challenging online security professionals and resulting in them frequently seeing attacks on an unprecedented scale. Which examples have pushed the boundaries most? A well-known cybersecurity problem is that attacks get progressively creative, challenging online security professionals and resulting in them frequently seeing attacks on an unprecedented scale. Which examples have pushed the boundaries most? 1. The Dyre Banking Scam 1. The Dyre Banking Scam Hackers like targeting the most lucrative sectors, so it’s no surprise banks frequently feature in cyberattacks. They’re either the businesses under threat or the subjects meant to entice consumers to take specific actions after receiving emails that seem to come from their banking institutions. A banking-specific scam first detected in 2014 used Dyre malware, which compromised victims’ browsers and stole credentials to log into financial institutions’ platforms and other secured interfaces. The scam started when someone received an email attachment supposedly containing an unpaid invoice. Additionally, the attachments contained malware designed to exploit unpatched vulnerabilities in recipients’ Adobe Reader software. These aspects showed creative thinking on the cybercriminals’ behalf. First, they knew such a vague but relevant-sounding attachment name about an invoice would catch people’s interest. Since life can get so hectic, someone might occasionally forget to pay for things. Spelling mistakes in the file name were hallmark characteristics of this cyberattack, but criminals presumably hoped people wouldn’t notice or care. The scammers also rightfully assumed their targets would not update their Adobe software frequently enough, creating many potential entry points for enterprising hackers. Once someone fell for the trick and downloaded the attachment, the malware copied itself and made the seemingly innocent “Google Update Service” on the person’s computer. It then set registry keys and began logging keystroke data before sending it to hackers. As of 2016, United States government authorities said all major antivirus software vendors’ products had detected this threat. However, the detection requires people to use and update such tools regularly. said all major antivirus software said all major antivirus software Bank employees carry out stringent know-your-customer procedures to prevent fraud and establish risk profiles. Those are undoubtedly necessary, but this scam shows how easily things can go wrong when customers fall for malware. know-your-customer procedures to prevent fraud know-your-customer procedures to prevent fraud 2. The WPP Deepfake Scam As technologies have advanced, cybercriminals’ creativity in exploiting them has, too. Artificial intelligence (AI) has become so believable that consumers have had to learn they can’t necessarily trust everything they see or hear due to elaborate deepfakes. The state of things came to the forefront for Mark Read, the CEO of WPP, a British multinational advertising and public relations company. The executive recently detailed a deepfake scam that exploited numerous platforms and media types. Read explained how hackers set up a new WhatsApp account and used a publicly available image of him as the profile picture. They used it to schedule a meeting on Microsoft Teams with another senior executive who thought they were engaging with Read. During the meeting, the cybercriminals deployed a voice clone and YouTube footage of Read, all while simultaneously interacting in the Microsoft Teams chat window to pose as him and fool the other attendee with material that looked, sounded and read like the leader. The goal was to convince an agency head to set up a new business, after which the scammers would get financial and personal details from them. This scam failed, and Read attributed that result to his company’s vigilance , including that of the targeted executive who did not respond as the hackers’ hoped. The CEO pointed out how everyone must be on guard against increasingly elaborate tricks, including those going beyond someone’s email inbox. that result to his company’s vigilance that result to his company’s vigilance Some tech experts suggest the blockchain is ideal for securing people’s vocal characteristics and preventing malicious parties from tampering with authenticated clips. However,  since the voices of well-known figures are on television, the radio, YouTube and even audiobooks, motivated cybercriminals have plenty of data to use. preventing malicious parties from tampering preventing malicious parties from tampering 3. Misleading AI Ads Targeting Small Businesses No company or person is wholly safe from cyber scams, but the effects of successfully orchestrated attacks are more disastrous for some victims than others. Small businesses are excellent examples because such organizations often lack the resources to recover fully and quickly. However, as a 2023 study showed, 73% of small businesses experienced cyberattacks , data breaches or both during the previous year. A 2024 report found cyberattacks were the top concern for 60% of respondents, suggesting those polled understand the threat’s severity. 73% of small businesses experienced cyberattacks 73% of small businesses experienced cyberattacks were the top concern for 60% were the top concern for 60% Unfortunately, scammers know small-business owners are excellent targets and may prey on victims’ desire to improve their workflows with new tech. Such was the case with a scam against small businesses that caught Google executives’ attention and resulted in company lawsuits against scammers. The tactics centered on Google Bard — the large language model now known as Gemini. The tech company’s first lawsuit was against bad actors who created social media profiles and advertisements encouraging small-business owners to download Bard. However, Google did not require people to download anything to use it; instead, it integrated the tool into many of its existing products. Those who fell for this scam expected that downloading something would let them use Bard. Instead, it gave them malware that compromised their social media profiles. From April to November 2023, Google filed approximately 300 takedown notices associated with this scam. It sought an order to prevent criminals from setting up similar sites and deactivating those currently on file with domain registrars. 300 takedown notices associated 300 takedown notices associated This scam stood out for creativity because it capitalized on Google’s brand recognition and people’s interest in trying a new product to make business operations more convenient. Truths Mixed With Lies These creative cyber scams prove those orchestrating them will stop at nothing to achieve their aims. Even when the efforts don’t pay off — as in the WPP deepfake case — they become warnings that people must always be on guard for things not being as they seem. After all, most online scams have truthful elements mixed with falsities. There was a product called Google Bard, but using it did not require downloading software. Mark Read is WPP’s CEO, but he never arranged or participated in that meeting about establishing a new business. These cases highlight the importance of thinking carefully before acting and verifying claims before making decisions that could have catastrophic consequences.

The is an opinion piece based on the author’s POV and does not necessarily reflect the views of HackerNoon.

Why You Shouldn't Unsubscribe From Spam Emails

Why the Book Publishing Industry Is Terrified of AI

Portfolio

Nominated for 2022 - HackerNoon Contributor of the Year - Data Security

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Threats

Nominated for 2022 - HackerNoon Contributor of the Year - Media

Nominated for 2022 - HackerNoon Contributor of the Year - Hacking

Too Long; Didn't Read

Download free Tech Leaders Productivity Report!

Top 3 Most Creative Cyber Scams in History

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

10 Common Scams Targeting Healthcare Workers

Navigating Data Security Risks in the Age of Artificial Intelligence

Supply Chain - The Achilles Heel of Cybersecurity

AI-Assisted Cyber Attack Methods That Could Cripple Your Business

3 Cybersecurity Priorities for 2021: Threat Fatigue; Remote Work; Budget

10 Common Scams Targeting Healthcare Workers

Navigating Data Security Risks in the Age of Artificial Intelligence

Supply Chain - The Achilles Heel of Cybersecurity

AI-Assisted Cyber Attack Methods That Could Cripple Your Business

3 Cybersecurity Priorities for 2021: Threat Fatigue; Remote Work; Budget

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps