Security News

Over the last year or two we've noticed that the steady stream of sextortion emails we used to receive - at one time, we were getting several variants on the theme each week - has dwindled to almost nothing. Often, attackers stick to messages in plain text or HTML for the obvious reason that web or email links in those messages typically turn into directly tempting "Calls to action".

The topic earned ministerial attention after instances of attacks and scams soared recently. 7 million from 790 customers by spoofing text messages in what minister of finance Lawrence Wong referred to as "By far the most serious phishing scam seen" in Singapore.

Bolster published a report which shows an unprecedented level of fraud activity, spurred by the continuing growth of digital commerce, leading to an explosion of companies' external attack surfaces. Using data gathered from analyzing more than one billion sites, the 2022 State of Phishing and Online Fraud Report highlights the trends that drove digital scams in 2021.

The US Federal Trade Commission said that Americans reported record high losses of $547 million to romance scams in 2021, up almost 80% compared to 2020 and over six times compared to losses reported in 2017. Financial losses stemming from romance scams have skyrocketed during recent years, with a total of $1.3 billion lost over the past five years.

The U.S. Department of Justice has announced the indictment of several India-based call centers and their directors for targeting Americans with Social Security, IRS, and loan phone call scams. The call centers allegedly placed scam robocalls that were rerouted through an already-indicted VoIP service provider to make it appear as if the calls were coming from U.S.-based entities.

As you probably know, PCR tests, which currently require processing in a laboratory, are considered more accurate than self-administered lateral flow tests. PCR tests are both advised and free in the UK if you already have coronavirus symptoms, or have been in contact with someone who's infectious.

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found. Scams related to the courier accounted for 23 percent of all phishing emails during that time frame when the company's name had been attached to only 9 percent of scams in the third quarter.

In South Africa, you get an IRP5 at the end of the tax year - an archaic term that we are guessing is short for Inland Revenue/Personal, Form #5, even though the South African tax office hasn't been called the Inland Revenue for nearly 25 years. Here at Naked Security, we know the names of these forms, amongst numerous others, because they often show up in tax scam emails, presumably to give those messages an air of realism.

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement.

The Omicron variant has contributed to a 521 per cent rise in COVID test related scam emails between October 2021 and January 2022, according to Barracuda Networks. One of the most common scams include offers to sell counterfeit or unauthorised COVID tests, and other medical supplies such as masks or gloves.