Spam trends of the week: Bitdefender Antispam Lab reveals top spammer picks for January

If you want to stay up to date with the most recent messages delivered by fraudsters worldwide, you’re in the right place.

The 2024 spam season has just begun, and researchers at Bitdefender Antispam Lab are determined to keep you well informed of the spam trends that threaten your digital privacy, security and finances.

The start of the new year brings plenty of uncertainties and resolutions, and unfortunately some fraudulent spam too. Here’s what we’ve found so far:

• Scammers continue to target users with fake emails impersonating financial institutions at an alarming rate.
• Top spam destinations this month include the US which received 49.2% of the entire global spam by volume, Japan with 9.8%, the UK with 6.7%, Germany with 6.2%, Ireland with 4.6%, Australia with 3.3% and South Africa with 3.2%.
• Fake shipping emails are not only prevalent amid the shopping season.
• Phishing for credentials is also atop the spammers’ list.
• Some of the most impersonated brands of 2024 include Microsoft, FedEx, Amazon, Netflix, Google, Coinbase, DocuSign, American Express and Apple.

Banks, credit cards and crypto phishing

According to Bitdefender Antispam telemetry, cybercriminals have waged several phishing campaigns impersonating popular banks, financial institutions, and cryptocurrency platforms such as Dutch digital asset exchanges Bitvavo, Coinbase, financial services company Charles Schwab, Comdirect Bank and American Express to steal customers’ personal info including login credentials.

Most fraudulent correspondence may look and sound like a legitimate message with requests for information to protect accounts due to suspicious activity, confirm personal information or approve a pending payment. The scammers often say they need your information now and warn that something bad will happen (account will be suspended) if you do not act immediately.

Samples of fake messages can be seen below:

Bitvavo customers were asked to update their personal information under new European legislation.

A machine-translated version of the above sample reads:

“We would like to inform you of the updated European legislation, which came into effect on January 1, 2024, regarding the mandatory annual update of contact details for all Bitvavo users.”

“If you fail to perform this update before January 19, we are required by European law to place a crypto withdrawal lock on your account. This lock applies to withdrawals to external addresses as well as all other activities in the field of trading, euro withdrawals and staking.”

Online scammers are also impersonating FinanzOnline, Austria’s transactional portal that gives consumers and business access to fiscal authorities and enables users to file tax return.

In one phishing sample, the fraudsters bait recipients with a hefty refund.

“On Wednesday, December 20, 2023, you were entitled to a refund of €537.38 from our side. This amount was transferred on January 5th. However, we were informed that the account number we knew was no longer valid. In order for your tax refund to be processed successfully, it is essential that the account number provided is in your name.”

How can you stay safe against financial phishing emails:

• Never access links or attachments in unsolicited emails
• Don’t log in to your online financial accounts using unsolicited links to address any security issues on your accounts, credit cards or confirm payments.
• Never send sensitive information, credit card numbers, Social Security Numbers or IDs.
• Immediately report and delete any messages you receive from unfamiliar domains or senders.
• Always check security alerts and notification by logging in to your e-banking account from your browser or dedicated app.
• If you’re unsure of the legitimacy of a message, contact your bank or financial service using official channels only.

More fake notifications for shipping, streaming and document signing services.

No matter the time of year, scammers continue to stuff user inboxes with the regular suspects, which include:

• Bogus delivery messages that ask you to re-schedule or pay additional shipping fees for a delivery
• Fake requests to update payment methods streaming service Netflix.
• Phony surveys that promise you mystery boxes
• Credential phishing for DocuSign and Microsoft accounts

Samples can be seen below:

How to protect your account and data:

• Always check the sender’s email address and email body for typos.
• Instead of accessing links in unsolicited correspondence, check your account through the official website or app installed on your phone. There you can see if your accounts/subscriptions are still active or if you are required to provide any other information or update payment methods.
• Scrutinize all messages and URLs that urge you to update your info or provide sensitive information.
• Know that Netflix will never ask you to share your information (bank account numbers, credit card numbers or passwords) in an email or text message.
• Enable two-factor authentication on your accounts.
• Always report phishing attempts to the company
• Install a security solution on your devices to prevent phishing links from harming you financially.
• Use Bitdefender Scamio to immediately find out if an unsolicited email or text message is trying to scam you. You can have a chat with our complimentary scam detection service powered by AI and Bitdefender threat protection, prevention and detection technologies to get a quick verdict on potential fraud attempts heading your way.

Don’t let scams and phishing attempts catch you napping this year.

Opt for one of our all-in-one security solutions to protect all your devices from malicious and fraudulent activity.

With Bitdefender's all-in-one plans, you get award-winning antimalware protection and benefit from advanced anti-fraud and anti-phishing filtering systems that warn you whenever you visit a website that may try to defraud you. Paired with our state-of-the-art Password Manager to help you store your sensitive data passwords, a powerful Premium VPN or Digital Identity Protection, you can rest assured that your online privacy and identity are safe against snoops and identity thieves.