Security News

Cyber criminals are taking advantage of this easy access to resources, and using deepfakes to build on today's crime techniques, such as business email compromise, to make off with even more money, according to Trend Micro researchers. Specifically, corporations need to worry about deepfakes, we're told, as criminals begin using them to create fake individuals, such as job seekers to scam their way into roles, or impersonate executives on video calls to hoodwink employees into transferring company funds or data.

Group-IB has noted a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. This Help Net Security video reveals how crypto giveaway scams have evolved into a profitable illicit market segment.

Group-IB has noted a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. Crypto giveaway scams have evolved into an illicit market segment with multiple services that aim to facilitate fraudulent operations.

An ongoing malvertising campaign is injecting ads in the Microsoft Edge News Feed to redirect potential victims to websites pushing tech support scams. App subdomains to host their scam pages within a single day.

Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription, which in turn would earn threat actors a commission.

Brian Krebs is reporting on a clever PayPal phishing scam that uses legitimate PayPal messaging. Basically, the scammers use the PayPal invoicing system to send the email.

How a business email compromise scam spoofed the CFO of a major corporation. Business email compromise attacks work by using a standard phishing scheme and then lending it authority by impersonating a trusted and often high-ranking individual associated with the targeted organization.

A new business email compromise campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA. By accessing accounts of high-ranking employees like CEOs or CFOs of large organizations, the threat actors can monitor communications and respond to emails at the right moment to divert a large transaction to their bank accounts. The phishing emails sent in these attacks tell the target that the corporate bank account they usually send payments to has been frozen due to a financial audit, enclosing new payment instructions that switch to the account of an alleged subsidiary.

Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41 percent of all email-based scams targeting employees, during Q2 of this year. According to the report, advance-fee scams represented 54 percent of all response-based email threats in Q2. This threat type has seen a 3.4 percent increase in share of reports so far in 2022, and routinely occupies the majority of response-based attacks.

America's financial watchdog has accused 18 individuals and shell companies of using compromised brokerage accounts to manipulate stock prices to rake in $1.3 million in illicit profits. According to the SEC complaint, fraudsters in the US, Canada, and the Dominican Republican broke into at least 31 American-owned retail brokerage accounts in late 2017 and early 2018.