Security News
Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service (SaaS) applications without...
Impersonation scams in the U.S. exceeded $1.1 billion in losses last year, according to statistics collected by the Federal Trade Commission, a figure that is three times higher than in 2020. The agency compiled this data based on 490,000 reported scams in 2023.
"Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes," the company said. The social media behemoth told Bloomberg, which first reported the development, that the change is limited to premium users and that a biometric matching process "Will also help X fight impersonation attempts and make the platform more secure."
A malicious for-profit group named 'Fangxiao' has created a massive network of over 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways. The imposter domains are used as part of what appears to be a massive traffic generation scheme that creates ad revenue for Fangxiao's own sites or more visitors for 'customers' who purchase traffic from the group.
This is a story of one piece of what is probably a complex employment scam. Basically, real programmers are having their resumes copied and co-opted by scammers, who apply for jobs, then hire other people with Western looks and language skills are to impersonate those first people on Zoom job interviews.
The research found that 97% of the top ten universities across each country are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. None of the top U.S. and U.K. universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.
Below we look at ways to identify app impersonation, tools to defend yourself from attacks and measures to put in place for better security. In addition to the examples given above, app impersonation occurs in many other ways.
The Securities and Exchange Commission has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. The alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues warnings to inform investors about the latest developments in investment frauds and scams.
Brand impersonation attacks have seen a rise in frequency lately, perhaps because of their high success rate. From a malicious point of view, this is what makes attacks with a brand impersonation component more attractive, especially for brands with a strong reputation.
Mimecast announced the Mimecast CyberGraph solution, a new add-on for Mimecast Secure Email Gateway that is engineered to use Artificial Intelligence to help detect sophisticated phishing and impersonation attacks. "Phishing and impersonation attacks are getting more sophisticated, personalized and harder to stop. If not prevented, these attacks can have devastating results for an enterprise organization," said Josh Douglas, VP, Product Management for Threat Intelligence at Mimecast.