Tech support scams continue to remain one of the top phishing threats, according to a report by cybersecurity firm NortonLifeLock’s.

The firm's global research team, Norton Labs, recently published its third quarterly Consumer Cyber Safety Pulse Report, detailing the top consumer cybersecurity insights and takeaways from July to September 2021.

According to the report, “tech support scams, which often arrive as a pop-up alert convincingly disguised using the names and branding of major tech companies, have become the top phishing threat to consumers”

“Tech support scams are expected to proliferate in the upcoming holiday season, as well as shopping and charity-related phishing attacks,” the report further added.

Norton blocked over 12.3 million tech support URLs, which topped the list of phishing threats for 13 consecutive weeks between July and September.

"The effectiveness of this type of scam has escalated during the pandemic due to consumers’ increased reliance on their devices to manage hybrid work schedules and family activities," it said.

Furthermore, it successfully blocked 17,214,929 Cyber Safety threats in India alone over the past quarter, averaging 187,118 blocks per day. Globally, the numbers for the quarter reached nearly 860 million, including 41 million file-based malware, 309,666 mobile-malware files, nearly 15 million phishing attempts and 52,213 ransomware detections.

“Tech support scams are effective because they prey on consumers’ fear, uncertainty and doubt to trick recipients into believing they face a dire cybersecurity threat,” said Darren Shou, head of technology, NortonLifeLock.

“Awareness is the best defense against these targeted attacks. Never call a number listed on a tech support pop-up, and instead reach out to the company directly through their official website to validate the situation and next steps," Shou added.

Cyber safety

The report also highlighted other trends in terms of cyber safety of consumers.

As per the report, in-game items are highly sought after among cybercriminals and can be traded on real-world marketplaces. Norton Labs caught a new phishing campaign specifically designed to obtain players’ login credentials and two-factor authentication information with the intent to steal and sell such high value virtual items.

Separately, researchers identified a punycode phishing campaign targeting bank customers with a near carbon copy of the real banking homepage to trick them into entering their credentials.

Stolen gift cards were also targeted.

“Especially as the holidays near, consumers should be aware that gift cards are a prime target for attackers because they typically have lower security than credit cards and aren’t tied to a specific person’s name,” the report added.

Attackers also use websites intended to check a gift card’s balance to uncover valid card number and pin combinations, giving them full access to the funds.