Security News

U.S. law enforcement arrested six "Ringleaders" of a Ghana-based cybercriminal enterprise, who had allegedly launched a slew of money-stealing scams dating back to 2013 that included romance scams, business email compromise attacks and fraud. While the six arrested were allegedly involved with the criminal enterprise based in Ghana, they were located across the U.S. and targeted individuals and businesses in the U.S. Scams Relating to Romance, COVID-19 Relief.

A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug that allowed malicious parties to bypass the iframe sandboxing policy in the browser engine that powers Safari and Google Chrome for iOS and run malicious code.

The US Federal Trade Commission, America's official consumer protection watchdog, recently warned that romance scammers are making more money than ever before. The FTC says that the median average financial loss in a romance scam was $2500, more than ten times as much as the average for other online scams.

The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. During their campaigns over the past three months, the number of malicious ad impressions served in a day recorded spikes as high as 16 million.

Romance scams remain the most successful fraud strategy for cybercrooks, and represents a growing sector, according to the Federal Trade Commission. Romance scams have flourished during the COVID-19 pandemic, thanks to a widening pool of targets, the FTC said.

Businesses and consumers are relying on the voice call more than ever during the pandemic with voice traffic up 184% in 2020 compared to 2019, according to a Hiya report. Nearly 40% of all respondents reported losing money to phone scams in 2020 - with an average of $182 per person.

A text message-based tax scam is making the rounds in the U.K., in a probable harbinger of things to come as the U.S. tax season gets underway in earnest. "In this scam, we have to admit that the crooks pulled off a surprisingly believable sequence of web pages - not perfect, but visually believable nevertheless," he said.

Every month of the year has some sort of tax relevance somewhere in the world, and tax scamming cybercrooks take advantage of the many different regional tax filing seasons to customise their criminality to where you live. In the UK, the 2019/2020 tax year ended on 05 April 2020, and the deadline for filing your taxes electronically was 31 January 2021.

Brit cops have cuffed eight men in England and Scotland amid a probe into SIM-swapping attacks on high-profile US targets - including sports stars, musicians, and "Influencers" - that had money and personal data stolen. Last year unauthorised third parties took over the Twitter accounts of 130 celebrities including Elon Musk, Bill Gates, and former US president Barrack Obama.

Because my email address is public, most of these messages are unsolicited; a few might even be dangerous. Scam emails often look real; they're personalized and can be quite convincing.