Security News

Due to SaaS, in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020 and now reaches 100. In 2021, scams were the most common type of cybercrime.

Home delivery scams, where the crooks falsely apologise to you for not delivering your latest parcel, have been around for years. As we have unfortunately needed to say many times on Naked Security, these scams seem to have become steadlily more professional-looking during the pandemic, as more and more people have got into the habit of ordering deliveries for everyday shopping instead of heading into stores.

Truecaller announced a research conducted in partnership with The Harris Poll in March of 2022, and the findings detail trends/insights on the impact of spam and phone scams that have increasingly permeated the U.S. over the last 12 months. The study estimates that a staggering $39.5 billion was lost to phone scams this past year, which is the highest number recorded since Truecaller began researching scam and spam calls in the U.S. eight years ago.

Scammers are now leveraging dating apps like Tinder and Grindr to pose themselves as former victims of physical abuse to gain your trust and sympathy and sell you bogus "ID verification" services. BleepingComputer came across multiple instances of users on online dating apps being approached by catfishing profiles who ask these users to prove that they are not a former sex offender by buying these services.

Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency. An example of one of the scam videos can be seen below, where Elon promotes the new scam site and says he invested $50 million into the platform.

Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency. An example of one of the scam videos can be seen below, where Elon promotes the new scam site and says he invested $50 million into the platform.

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. "The websites all shared a common issue - malicious JavaScript had been injected within their website's files and the database, including legitimate core WordPress files," Krasimir Konov, a malware analyst at Sucuri, said in a report published Wednesday.

Cyber-scams cost victims around the globe at least $6.9 billion last year, according to the FBI's latest Internet Crime Report. A subset of this category, business email compromise, is proving very lucrative and and cost victims almost $2.4 billion from 19,954 victims, according to the feds.

The Federal Bureau of Investigation said today that the amount of money lost to business email compromise scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. Victims reported losses of almost $2.4 billion in 2021, based on 19,954 recorded complaints linked to BEC attacks targeting individuals and businesses.

Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 - there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates. The IT services vendor actors impersonated is widely used by major federal agencies, including the DHS, and other such WEB-sites of States and Cities in the U.S. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.