Security News

INKY researchers disclosed the latest variant of the tried-and-true phone scam, a low-tech phone scam where attackers extract personal information by sending out spoofed emails from what appears to be a legitimate source, with no suspicious links or malware attachments, just a pitch and a phone number. In this Help Net Security video, Roger Kay, VP of Security Strategy, INKY, talks about how this time around, attackers impersonated reputable retail brands such as Amazon, Apple, and Paypal, to send out legitimate notifications from QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house expertise in finance and accounting.

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.

At 19 minutes after 3 o'clock UK time today , the criminals behind this scam registered a generic and unexceptionable domain name of the form control-XXXXX.com, where XXXXX was a random-looking string of digits, looking like a sequence number or a server ID:. 28 minutes later, at 15:47 UK time, we received an email, linking to a server called facebook. We've highlighted the error message "Password incorrect", which comes up whatever you type in, followed by a repeat of the password page, which then accepts whatever you type in.

In January 2022, the number of business email compromise attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.

In September, the bureau said such schemes usually include initial contact through dating apps or other social media sites and, through creating an online relationship with the targeted victim, the scammer pitches a cryptocurrency investment or other trading opportunities promising significant profits. Nicole Hoffman, senior cyberthreat intelligence analyst with cybersecurity vendor Digital Shadows, told The Register that romance scams are among the most common financially motivated cybercrimes, and prey on emotions and rely on social engineering.

Sadly, over the years, we've needed to write numerous Naked Security warnings about romance scammers and sextortionists. The bad news is that there is a form of online sexual extortion that is effectively hybrid of romance scamming and porn scamming, where the criminals involved do indeed have content with which to blackmail you.

Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found. One aspect of the campaign that does set it apart from other similarly themed attacks is that it involves "More research and effort as the attacks are customized for each target," he said.

Seventy-four percent of consumers say they have received a scam text so far this year, while as many as 83% have received a scam phone call, according to Allstate Identity Protection's first quarter Identity Fraud in Focus report. Although even successful scams sometimes fail to escalate to instances of full-blown identity theft - and therefore are not counted toward Allstate Identity Protection case counts - they are nonetheless burdensome and costly to victims.

Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe. In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials. According to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials.