Security News

Scammers will always find a new way to get money. Job searchers can be vulnerable, too.

Government imposter scams now come with a new twist that has the potential to make them even more effective, as the Inspector General for the Social Security Administration warns. According to reports received by the Office of the Inspector General, the scammers' tactics arsenal has been updated to include the use of fake IDs designed to look like those used by Federal employees.

If you're active on social media, you probably know that copyright infringement is a big deal online, and that even accidentally including or referring to somebody else's material can leave you facing a copyright complaint notice sent by the social media platform involved. If you don't sort out the complaint, you could end up locked out of your account or even have your account shut down.

Now, FlexJobs revealed the 14 most common, and effective, job search scams. "Unfortunately, online job scams remain a troubling component of the work-from-home job market, even as the number of legitimate remote job opportunities continues to grow," said Sara Sutton, founder and CEO at FlexJobs, in a press release.

With the arrival of tax season, the IRS has sent out a dire notice to tax professionals warning them of a new wave of digital scams involving people trying to steal Electronic Filing Identification Numbers. Agency officials said they have seen a wave of fake emails with the subject line, "Verifying your EFIN before e-filing," that purport to come from "IRS Tax E-Filing." The IRS said tax professionals have become "Prime targets" for cyberattackers looking for information that would make it easy to steal identities and file falsified tax returns for refunds.

U.S. law enforcement arrested six "Ringleaders" of a Ghana-based cybercriminal enterprise, who had allegedly launched a slew of money-stealing scams dating back to 2013 that included romance scams, business email compromise attacks and fraud. While the six arrested were allegedly involved with the criminal enterprise based in Ghana, they were located across the U.S. and targeted individuals and businesses in the U.S. Scams Relating to Romance, COVID-19 Relief.

A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug that allowed malicious parties to bypass the iframe sandboxing policy in the browser engine that powers Safari and Google Chrome for iOS and run malicious code.

The US Federal Trade Commission, America's official consumer protection watchdog, recently warned that romance scammers are making more money than ever before. The FTC says that the median average financial loss in a romance scam was $2500, more than ten times as much as the average for other online scams.

The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million.

Romance scams remain the most successful fraud strategy for cybercrooks, and represents a growing sector, according to the Federal Trade Commission. Romance scams have flourished during the COVID-19 pandemic, thanks to a widening pool of targets, the FTC said.