Security News

In this video for Help Net Security, Charles Brook, Threat Intelligence Researcher at Tessian, talks about how cybercriminals have taken advantage of the crisis in Ukraine to create charity donation scams. While there are legitimate ways to donate money and resources, scammers have started using impersonation techniques and sneaky tactics to dupe individuals into sending fake donations via emails, asking for cryptocurrency, or via fake websites.

IRS warns consumers and businesses of common scams during tax season. Tax season is prime time for phone scams, the IRS cautions.

Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. Although Mailchimp stated it acted quickly to terminate access to the breached employee account, the siphoned credentials were used to access 319 MailChimp accounts and further export the mailing lists pertaining to 102 accounts.

Europol has announced the arrest of 108 people suspected of being involved in an international call center operation that tricked victims into investment scams. According to the Europol announcement, the crime group directed an army of 200 "Traders" who spoke English, Russian, Polish, and Hindi, calling prospective victims to present fake investment opportunities in cryptocurrency, commodities, and foreign currencies.

"Many of us receive text messages from scammers impersonating a variety of companies including the IRS. While this may seem legit, the IRS does not use text messages for personal tax issues nor do they send taxpayers messages on social media especially in regards to bills or refunds," Lookout researchers caution. Phone scams impersonating the IRS and leaving pre-recorded, threatening or urgent messages are also abundant, and so are emails that appear to be from the IRS or affiliated organizations and ask taxpayers to share sensitive information.

New vocabulary for the same old scams: 3 tricks that trap people buying NFTs. Malicious smart contracts, sleepminting and seed phrases are unfamiliar terms for most people new to the world of non-fungible tokens and cryptocurrencies. Anyone dealing in NFTs and cryptocurrency needs one.

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. "This style of cyber-fraud, known as sha zhu pan - literally 'pig butchering plate' - is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah said in a report published last week.

They're leveraging new iOS features - TestFlight and WebClips - to get fake apps onto victims' phones without being subject to the rigorous app store approval process. According to a Sophos report last fall, the attackers' M.O. is to begin there, then move the conversation to messaging apps.

A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands. The fraudulent operation relies upon the abuse of Google Ads and SEO to draw victims to hundreds of fake websites targeting the Indian audience.

The development follows Ukraine's successful effort of raising over $37 million in crypto donations from all around the world amid the country's ongoing invasion by Russian troops. 'Help Ukraine' crypto donation scams on the rise.