Security News

Europol has announced the arrest of 108 people suspected of being involved in an international call center operation that tricked victims into investment scams. According to the Europol announcement, the crime group directed an army of 200 "Traders" who spoke English, Russian, Polish, and Hindi, calling prospective victims to present fake investment opportunities in cryptocurrency, commodities, and foreign currencies.

"Many of us receive text messages from scammers impersonating a variety of companies including the IRS. While this may seem legit, the IRS does not use text messages for personal tax issues nor do they send taxpayers messages on social media especially in regards to bills or refunds," Lookout researchers caution. Phone scams impersonating the IRS and leaving pre-recorded, threatening or urgent messages are also abundant, and so are emails that appear to be from the IRS or affiliated organizations and ask taxpayers to share sensitive information.

New vocabulary for the same old scams: 3 tricks that trap people buying NFTs. Malicious smart contracts, sleepminting and seed phrases are unfamiliar terms for most people new to the world of non-fungible tokens and cryptocurrencies. Anyone dealing in NFTs and cryptocurrency needs one.

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. "This style of cyber-fraud, known as sha zhu pan - literally 'pig butchering plate' - is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah said in a report published last week.

They're leveraging new iOS features - TestFlight and WebClips - to get fake apps onto victims' phones without being subject to the rigorous app store approval process. According to a Sophos report last fall, the attackers' M.O. is to begin there, then move the conversation to messaging apps.

A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands. The fraudulent operation relies upon the abuse of Google Ads and SEO to draw victims to hundreds of fake websites targeting the Indian audience.

The development follows Ukraine's successful effort of raising over $37 million in crypto donations from all around the world amid the country's ongoing invasion by Russian troops. 'Help Ukraine' crypto donation scams on the rise.

Over the last year or two we've noticed that the steady stream of sextortion emails we used to receive - at one time, we were getting several variants on the theme each week - has dwindled to almost nothing. Often, attackers stick to messages in plain text or HTML for the obvious reason that web or email links in those messages typically turn into directly tempting "Calls to action".

The topic earned ministerial attention after instances of attacks and scams soared recently. 7 million from 790 customers by spoofing text messages in what minister of finance Lawrence Wong referred to as "By far the most serious phishing scam seen" in Singapore.

Bolster published a report which shows an unprecedented level of fraud activity, spurred by the continuing growth of digital commerce, leading to an explosion of companies' external attack surfaces. Using data gathered from analyzing more than one billion sites, the 2022 State of Phishing and Online Fraud Report highlights the trends that drove digital scams in 2021.