Security News
Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41 percent of all email-based scams targeting employees, during Q2 of this year. According to the report, advance-fee scams represented 54 percent of all response-based email threats in Q2. This threat type has seen a 3.4 percent increase in share of reports so far in 2022, and routinely occupies the majority of response-based attacks.
America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits. According to the SEC complaint, fraudsters in the US, Canada, and the Dominican Republican broke into at least 31 American-owned retail brokerage accounts in late 2017 and early 2018.
Scammers were able to convince YouTube that other peoples' music was their own. No one knows how common this scam is, and how much money total is being stolen in this way.
A technical support scam, sometimes referred to as "Tech support scam," is a kind of online fraud in which a scammer reaches a target, generally by phone, and pretends to offer a technical support service. Figure A. Some tech support scams have also been using email or even SMS messages, but the rate of success of those is significantly lower than alerts shown directly on the user's screen.
What's notable about this campaign is its heavy reliance on Telegram bots and chats to coordinate operations and create phishing and scam pages. When a potential victim contacts the seller through the online storefront, the Classiscam operator deceives the target into continuing the chat on a third-party messaging service like WhatsApp or Viber before sending a link to a rogue payment page to complete the transaction.
A scarily realistic-looking Google Search YouTube advertisement is redirecting visitors to tech support scams pretending to be security alerts from Windows Defender. Today, cybersecurity firm Malwarebytes disclosed that they discovered a "Major" malvertising campaign abusing Google ads.
INKY researchers disclosed the latest variant of the tried-and-true phone scam, a low-tech phone scam where attackers extract personal information by sending out spoofed emails from what appears to be a legitimate source, with no suspicious links or malware attachments, just a pitch and a phone number. In this Help Net Security video, Roger Kay, VP of Security Strategy, INKY, talks about how this time around, attackers impersonated reputable retail brands such as Amazon, Apple, and Paypal, to send out legitimate notifications from QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house expertise in finance and accounting.
British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.
At 19 minutes after 3 o'clock UK time today , the criminals behind this scam registered a generic and unexceptionable domain name of the form control-XXXXX.com, where XXXXX was a random-looking string of digits, looking like a sequence number or a server ID:. 28 minutes later, at 15:47 UK time, we received an email, linking to a server called facebook. We've highlighted the error message "Password incorrect", which comes up whatever you type in, followed by a repeat of the password page, which then accepts whatever you type in.
In January 2022, the number of business email compromise attacks impersonating external third parties surpassed those impersonating internal employees for the first time and has continued to exceed traditional internal impersonations in each month since. These tactics are increasingly dangerous, with one attack stopped by Abnormal requesting $2.1 million for a fake invoice.