What's notable about this campaign is its heavy reliance on Telegram bots and chats to coordinate operations and create phishing and scam pages. When a potential victim contacts the seller through the online storefront, the Classiscam operator deceives the target into continuing the chat on a third-party messaging service like WhatsApp or Viber before sending a link to a rogue payment page to complete the transaction.
A scarily realistic-looking Google Search YouTube advertisement is redirecting visitors to tech support scams pretending to be security alerts from Windows Defender. Today, cybersecurity firm Malwarebytes disclosed that they discovered a "Major" malvertising campaign abusing Google ads.
INKY researchers disclosed the latest variant of the tried-and-true phone scam, a low-tech phone scam where attackers extract personal information by sending out spoofed emails from what appears to be a legitimate source, with no suspicious links or malware attachments, just a pitch and a phone number. In this Help Net Security video, Roger Kay, VP of Security Strategy, INKY, talks about how this time around, attackers impersonated reputable retail brands such as Amazon, Apple, and Paypal, to send out legitimate notifications from QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house expertise in finance and accounting.
British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.
At 19 minutes after 3 o'clock UK time today , the criminals behind this scam registered a generic and unexceptionable domain name of the form control-XXXXX.com, where XXXXX was a random-looking string of digits, looking like a sequence number or a server ID:. 28 minutes later, at 15:47 UK time, we received an email, linking to a server called facebook. We've highlighted the error message "Password incorrect", which comes up whatever you type in, followed by a repeat of the password page, which then accepts whatever you type in.
In January 2022, the number of business email compromise attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.
In September, the bureau said such schemes usually include initial contact through dating apps or other social media sites and, through creating an online relationship with the targeted victim, the scammer pitches a cryptocurrency investment or other trading opportunities promising significant profits. Nicole Hoffman, senior cyberthreat intelligence analyst with cybersecurity vendor Digital Shadows, told The Register that romance scams are among the most common financially motivated cybercrimes, and prey on emotions and rely on social engineering.
Sadly, over the years, we've needed to write numerous Naked Security warnings about romance scammers and sextortionists. The bad news is that there is a form of online sexual extortion that is effectively hybrid of romance scamming and porn scamming, where the criminals involved do indeed have content with which to blackmail you.
Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found. One aspect of the campaign that does set it apart from other similarly themed attacks is that it involves "More research and effort as the attacks are customized for each target," he said.
Seventy-four percent of consumers say they have received a scam text so far this year, while as many as 83% have received a scam phone call, according to Allstate Identity Protection's first quarter Identity Fraud in Focus report. Although even successful scams sometimes fail to escalate to instances of full-blown identity theft - and therefore are not counted toward Allstate Identity Protection case counts - they are nonetheless burdensome and costly to victims.