Security News

Gay hookup site typosquatted to push dodgy Chrome extensions, scams
2022-09-14 18:15

Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription, which in turn would earn threat actors a commission.

Clever Phishing Scam Uses Legitimate PayPal Messages
2022-09-01 12:18

Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email.

How a business email compromise scam spoofed the CFO of a major corporation
2022-08-25 13:28

How a business email compromise scam spoofed the CFO of a major corporation. Business email compromise attacks work by using a standard phishing scheme and then lending it authority by impersonating a trusted and often high-ranking individual associated with the targeted organization.

Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams
2022-08-24 15:53

A new business email compromise campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA. By accessing accounts of high-ranking employees like CEOs or CFOs of large organizations, the threat actors can monitor communications and respond to emails at the right moment to divert a large transaction to their bank accounts. The phishing emails sent in these attacks tell the target that the corporate bank account they usually send payments to has been frozen due to a financial audit, enclosing new payment instructions that switch to the account of an alleged subsidiary.

Response-based attacks make up 41% of all email-based scams
2022-08-17 03:00

Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41 percent of all email-based scams targeting employees, during Q2 of this year. According to the report, advance-fee scams represented 54 percent of all response-based email threats in Q2. This threat type has seen a 3.4 percent increase in share of reports so far in 2022, and routinely occupies the majority of response-based attacks.

SEC says brokerage accounts hijacked for $1.3m pump-and-dump scam
2022-08-16 21:25

America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits. According to the SEC complaint, fraudsters in the US, Canada, and the Dominican Republican broke into at least 31 American-owned retail brokerage accounts in late 2017 and early 2018.

$23 Million YouTube Royalties Scam
2022-08-15 14:14

Scammers were able to convince YouTube that other peoples' music was their own. No one knows how common this scam is, and how much money total is being stolen in this way.

Technical support scam still alive and kicking
2022-08-09 14:31

A technical support scam, sometimes referred to as "Tech support scam," is a kind of online fraud in which a scammer reaches a target, generally by phone, and pretends to offer a technical support service. Figure A. Some tech support scams have also been using email or even SMS messages, but the rate of success of those is significantly lower than alerts shown directly on the user's screen.

Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore
2022-08-09 07:07

What's notable about this campaign is its heavy reliance on Telegram bots and chats to coordinate operations and create phishing and scam pages. When a potential victim contacts the seller through the online storefront, the Classiscam operator deceives the target into continuing the chat on a third-party messaging service like WhatsApp or Viber before sending a link to a rogue payment page to complete the transaction.

Convincing ‘YouTube’ Google ads lead to Windows support scams
2022-07-20 18:43

A scarily realistic-looking Google Search YouTube advertisement is redirecting visitors to tech support scams pretending to be security alerts from Windows Defender. Today, cybersecurity firm Malwarebytes disclosed that they discovered a "Major" malvertising campaign abusing Google ads.