Security News

Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore
2022-08-08 13:37

What's notable about this campaign is its heavy reliance on Telegram bots and chats to coordinate operations and create phishing and scam pages. When a potential victim contacts the seller through the online storefront, the Classiscam operator deceives the target into continuing the chat on a third-party messaging service like WhatsApp or Viber before sending a link to a rogue payment page to complete the transaction.

Convincing ‘YouTube’ Google ads lead to Windows support scams
2022-07-20 18:43

A scarily realistic-looking Google Search YouTube advertisement is redirecting visitors to tech support scams pretending to be security alerts from Windows Defender. Today, cybersecurity firm Malwarebytes disclosed that they discovered a "Major" malvertising campaign abusing Google ads.

How attackers abuse Quickbooks to send phone scam emails
2022-07-14 04:30

INKY researchers disclosed the latest variant of the tried-and-true phone scam, a low-tech phone scam where attackers extract personal information by sending out spoofed emails from what appears to be a legitimate source, with no suspicious links or malware attachments, just a pitch and a phone number. In this Help Net Security video, Roger Kay, VP of Security Strategy, INKY, talks about how this time around, attackers impersonated reputable retail brands such as Amazon, Apple, and Paypal, to send out legitimate notifications from QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house expertise in finance and accounting.

UK Army’s Twitter, YouTube accounts hacked to push crypto scam
2022-07-04 13:43

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.

Facebook 2FA phish arrives just 28 minutes after scam domain created
2022-07-01 20:01

At 19 minutes after 3 o'clock UK time today , the criminals behind this scam registered a generic and unexceptionable domain name of the form, where XXXXX was a random-looking string of digits, looking like a sequence number or a server ID:. 28 minutes later, at 15:47 UK time, we received an email, linking to a server called facebook. We've highlighted the error message "Password incorrect", which comes up whatever you type in, followed by a repeat of the password page, which then accepts whatever you type in.

Threat actors increasingly use third parties to run their scams
2022-06-28 03:30

In January 2022, the number of business email compromise attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.

LGBTQ+ folks warned of dating app extortion scams
2022-06-27 21:37

In September, the bureau said such schemes usually include initial contact through dating apps or other social media sites and, through creating an online relationship with the targeted victim, the scammer pitches a cryptocurrency investment or other trading opportunities promising significant profits. Nicole Hoffman, senior cyberthreat intelligence analyst with cybersecurity vendor Digital Shadows, told The Register that romance scams are among the most common financially motivated cybercrimes, and prey on emotions and rely on social engineering.

FTC warns of LGBTQ+ extortion scams – be aware before you share!
2022-06-27 17:58

Sadly, over the years, we've needed to write numerous Naked Security warnings about romance scammers and sextortionists. The bad news is that there is a form of online sexual extortion that is effectively hybrid of romance scamming and porn scamming, where the criminals involved do indeed have content with which to blackmail you.

Voicemail Scam Steals Microsoft Credentials
2022-06-21 11:20

Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found. One aspect of the campaign that does set it apart from other similarly themed attacks is that it involves "More research and effort as the attacks are customized for each target," he said.

Fraud trends and scam tactics consumers should be aware of
2022-06-17 03:00

Seventy-four percent of consumers say they have received a scam text so far this year, while as many as 83% have received a scam phone call, according to Allstate Identity Protection's first quarter Identity Fraud in Focus report. Although even successful scams sometimes fail to escalate to instances of full-blown identity theft - and therefore are not counted toward Allstate Identity Protection case counts - they are nonetheless burdensome and costly to victims.