Security News

A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. The FBI's Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done their homework.

Hiya has detected the newest scam call tactic, the eavesdropping scam. The new scam aims to get users to call back by leaving vague voicemail messages where an unknown voice is heard talking about the potential victim.

In this video for Help Net Security, Charles Brook, Threat Intelligence Researcher at Tessian, talks about how cybercriminals have taken advantage of the crisis in Ukraine to create charity donation scams. While there are legitimate ways to donate money and resources, scammers have started using impersonation techniques and sneaky tactics to dupe individuals into sending fake donations via emails, asking for cryptocurrency, or via fake websites.

IRS warns consumers and businesses of common scams during tax season. Tax season is prime time for phone scams, the IRS cautions.

Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. Although Mailchimp stated it acted quickly to terminate access to the breached employee account, the siphoned credentials were used to access 319 MailChimp accounts and further export the mailing lists pertaining to 102 accounts.

Europol has announced the arrest of 108 people suspected of being involved in an international call center operation that tricked victims into investment scams. According to the Europol announcement, the crime group directed an army of 200 "Traders" who spoke English, Russian, Polish, and Hindi, calling prospective victims to present fake investment opportunities in cryptocurrency, commodities, and foreign currencies.

"Many of us receive text messages from scammers impersonating a variety of companies including the IRS. While this may seem legit, the IRS does not use text messages for personal tax issues nor do they send taxpayers messages on social media especially in regards to bills or refunds," Lookout researchers caution. Phone scams impersonating the IRS and leaving pre-recorded, threatening or urgent messages are also abundant, and so are emails that appear to be from the IRS or affiliated organizations and ask taxpayers to share sensitive information.

New vocabulary for the same old scams: 3 tricks that trap people buying NFTs. Malicious smart contracts, sleepminting and seed phrases are unfamiliar terms for most people new to the world of non-fungible tokens and cryptocurrencies. Anyone dealing in NFTs and cryptocurrency needs one.

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. "This style of cyber-fraud, known as sha zhu pan - literally 'pig butchering plate' - is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah said in a report published last week.

They're leveraging new iOS features - TestFlight and WebClips - to get fake apps onto victims' phones without being subject to the rigorous app store approval process. According to a Sophos report last fall, the attackers' M.O. is to begin there, then move the conversation to messaging apps.