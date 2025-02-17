Gen Q4 Threat Report: 321 Threats Blocked Per Second As Social Media Becomes A Playground For Scammers

Auckland, 17 February 2024

Social media, AI and human trust led to a record-breaking year of advanced scams and personal data loss

Gen™ (NASDAQ: GEN), a global leader in consumer Cyber Safety with a family of brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner, today released its Q4/2024 Gen Threat Report. The report reveals a surge in online threats to close out a record-breaking 2024, with 2.55 billion cyberthreats blocked in October to December – equalling 321 threats every second. The risk ratio of encountering threats reached 27.7 percent in Q4, with social engineering attacks comprising 86 percent of all blocked threats, demonstrating the advanced psychological tactics used by cybercriminals today.

"We’re continuing to see scam-related threats becoming far more dangerous as they hide, sometimes in plain sight, throughout every aspect of our digital life,” said Siggi Stefnisson, Cyber Safety CTO at Gen. “This quarter we saw them prey on people’s emotions, such as the need to shop on budget during the holidays, the desire to find love during the end of the year, the hope for change during government elections and more. And, unfortunately, this is resulting in people continuing to lose money and control over their personal information. In 2025 we only expect these risks to increase as the rise of AI-powered systems and devices will mark the next frontier for cybercrime.”

The Dark Side of Social Media

Scam-related attacks continue to demonstrate global reach and adaptability. Phishing attacks rose by 14 percent in Q4 of 2024, with many exploiting platforms for creating websites like Wix and spoofing brands such as Apple iCloud with fake invoice scams. Meanwhile, malvertising remained a leading method of driving scams and malware delivery, comprising 41 percent of all blocked attacks for the quarter.

Social media platforms remained one of the prime grounds for scams and cybercrime at the end of 2024. Facebook stands out, accounting for a staggering 56 percent of total identified threats. YouTube trails behind at 24 percent, followed by X with 10 percent and Reddit and Instagram both accounting for 3 percent of all social media threats. When it comes to messaging platforms, despite WhatsApp's larger user base, Telegram experiences six times more threats due to scammers utilising the platform’s additional privacy features to make their crimes harder to track by authorities.

The ways that scammers are using social media vary with such different people and use cases for the platforms. Gen found that the main ways people were scammed across social media were:

Deceptive online ads (Malvertising) (27%): These deceptive ads spread malicious software onto the device being used or redirected people to malicious websites that can do the same.

These deceptive ads spread malicious software onto the device being used or redirected people to malicious websites that can do the same. Fake e-shops (23%): People are lured by fraudulent online stores, also exposing personal and financial data.

People are lured by fraudulent online stores, also exposing personal and financial data. Phishing (18%): Scams aimed at stealing sensitive information like credit card numbers or passwords.

Social media is quickly turning into a playground for scammers to leverage platform algorithms, AI, and personalised interactions to scale their attacks faster and more effectively than ever before. Read the full analysis on social media threats in our latest blog.

Year-End Spike in Financial Scams

October to December marked the year’s most active quarter for financial scams, with mobile phones serving as a primary attack vector. Leading this trend were:

The largest deepfake crypto scam: The infamous CryptoCore group, known for hijacking YouTube accounts to promote their crypto scam campaigns, capitalised on the US Presidential Election. The group used deepfake videos featuring figures like Elon Musk to steal over $7 million from its victims. This marked the largest attack of its kind.

The infamous CryptoCore group, known for hijacking YouTube accounts to promote their crypto scam campaigns, capitalised on the US Presidential Election. The group used deepfake videos featuring figures like Elon Musk to steal over $7 million from its victims. This marked the largest attack of its kind. Mobile banking trojans: New mobile bankers, phone applications designed to steal banking information, launched in Q4 of 2024. This included DroidBot which used remote access capabilities to go after banking details and crypto wallets. Another was ToxicPanda that disguised itself as Visa, dating apps and Chrome. The well-known BankBot banker saw infections rise by 236 percent compared to Q3 of 2024.

New mobile bankers, phone applications designed to steal banking information, launched in Q4 of 2024. This included DroidBot which used remote access capabilities to go after banking details and crypto wallets. Another was ToxicPanda that disguised itself as Visa, dating apps and Chrome. The well-known BankBot banker saw infections rise by 236 percent compared to Q3 of 2024. Spyware and SpyLoans: Malicious apps promising quick money with high interest rates and predatory repayment schedules, also surged this quarter. Once installed, these apps request access to SMS messages, photos and other sensitive information, allowing them to spy on the victim. After a few weeks, the victim faces extortion and threats of their private data being published unless they pay to the cybercriminals. A new spyware strain disguised as a body mass index (BMI) calculator spread via the Amazon App Store, a novel distribution tactic reflecting the rising number of official Android app stores.

Personal Data – The New Gold

Personal data loss continued to pose a high risk of identity theft and loss of privacy for consumers. Scam-Yourself Attacks, such as ClickFix and FakeCaptcha, grew rapidly. In Q4, Gen blocked attacks targeting 4.2 million individuals, a 130 percent increase from the previous quarter. These campaigns use psychological manipulation to deceive people into copying and executing malicious code, potentially leading to financial fraud, account takeovers or malware infections.

To help people stay protected from this threat and keep their data safe, Gen introduced a Clipboard Protection feature across the Norton, Avast and AVG brands that blocks clipboard-based threats before they can execute.

For the third consecutive quarter, ransomware continued its alarming upward trend, with a notable 50 percent increase in Q4. This highlights an escalating threat for both organisations and individuals globally.

To read the full Q4/2024 Gen Threat Report, visit: https://www.gendigital.com/blog/insights/reports/threat-report-q4-2024

About Gen

Gen™ (NASDAQ: GEN) is a global company dedicated to powering Digital Freedom through its trusted Cyber Safety brands, Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner. The Gen family of consumer brands is rooted in providing safety for the first digital generations. Now, Gen empowers people to live their digital lives safely, privately, and confidently today and for generations to come. Gen brings award-winning products and services in cybersecurity, online privacy and identity protection to nearly 500 million users in more than 150 countries. Learn more at GenDigital.com.

