New Study From Gen Reveals Over 600% Rise in 'Scam-Yourself' Attacks

Uploaded on 2025-02-05 in FREE TO VIEW

promotion

In a startling revelation from Gen's latest Threat Report, cybersecurity experts have identified an unprecedented surge in what’s being termed "scam-yourself" attacks, with incidents skyrocketing by 614% in recent months.

This dramatic increase signals a concerning shift in cybercriminal tactics, moving away from traditional attack vectors toward methods that exploit human psychology to bypass security measures. 

Gen is far from the only people who seem to have noticed this trend, either. Proofpoint, another large cybersecurity company, saw a 53% rise in phishing attempts in 2021 compared to the previous year. The data is clear - attackers are now targeting a system's human element more than ever. 

Understanding the Rise of 'Scam-Yourself' Attacks

Unlike conventional cyberattacks where criminals attempt to breach systems directly, 'scam-yourself' attacks represent a sophisticated evolution in social engineering. These attacks succeed by manipulating users into voluntarily downloading malware or compromising their own security, effectively turning victims into unwitting accomplices in their own breach.

The genius (and danger) of these attacks lies in their simplicity. By convincing users to take actions that appear legitimate or necessary, cybercriminals bypass many traditional security measures that organisations have spent years implementing. The attack's success relies not on sophisticated malware or zero-day exploits but on human psychology and social engineering. This also means that the breach can lay undetected far longer than traditional exploits. 

Common Types Of 'Scam-Yourself' Attacks

These deceptive attacks manifest in several forms, each designed to appear legitimate while concealing malicious intent:

Software Update Deception: Users receive convincing notifications about critical software updates, complete with familiar branding and urgent messaging. When users follow the prompt to "update," they actually download malware instead.

License Expiration Schemes: Attackers create authentic-looking alerts warning users about expired licenses for common software. The resulting "renewal" process leads to malware installation or credential theft.

System Optimisation Tricks: Pop-ups or advertisements promise to improve system performance, often mimicking legitimate system messages. Users who engage with these prompts inadvertently install malicious software.

Protecting Against 'Scam-Yourself' Attacks

Organisations and individuals can implement several strategies to guard against these increasingly prevalent threats. 

From investing in the necessary security tools to supporting IT and security professionals to study a master's in cyber security and increasing general awareness, there are ways to protect against cyberattacks like these.
Some of the key protective measures include:

Comprehensive Employee Training

Regular security awareness training remains crucial, with a specific focus on recognising social engineering tactics. Employees should understand that legitimate software updates typically come through official channels, not unexpected pop-ups or emails.

Robust Security Protocols

Organisations should implement strict software installation policies and maintain centralised update management systems. This prevents individual users from falling victim to fake update prompts and unauthorised software installations.

Technical Controls

Deploy advanced endpoint protection solutions that can detect and block suspicious download attempts, even when initiated by users. Email filtering systems should be configured to identify and quarantine messages containing suspicious download links.

Verification Procedures

Establish clear procedures for verifying software update requirements and license renewals. This might include consulting IT departments before proceeding with any system modifications or software installations.

Looking Ahead

The unprecedented rise in ‘scam-yourself’ attacks is a sign of a significant paradigm shift. It is clear that attackers have identified the fact that the weakest link in modern security systems is the human that operates it. 

Safety standards like encryption protocols have become so ubiquitous that using the human element to break through seems to be the most viable (and often the easiest) alternative. This trend is a worrying change. As bad actors will inevitably get better at social engineering and getting past defence strategies, organisations will struggle to keep up. It is also a sobering reminder that cybersecurity is not just about technical control. The industry will need human-centric security strategies across the board. 

For security professionals and organisations looking to stay ahead of these emerging threats, continuous education and upskilling are essential. Advanced qualifications as well as constantly keeping on top of the emerging patterns in the industry, is a must-have. 

The future of cybersecurity seems to be in the integration of a human-centric approach and maintaining unrelenting technical barricades to attacks. As new threats take shape across industries, cybersecurity will need to evolve with it or run the risk of getting caught off guard.

Image: Pixabay

You Might Also Read:

Protecting Patient Privacy: Cybersecurity Priorities For Healthcare:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Lessons Learned From The Salt Typhoon Hacks
Cyber Threat Forecast Part 2 - India    »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Online Business Systems

Online Business Systems

Online Business Systems is an information technology and business consultancy. We design improved business processes enabled with robust and secure information systems.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

Prescient

Prescient

Prescient’s Cyber solutions supplement your firm’s existing data security infrastructure with specialized investigations that identify unconventional cyber risks.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.