Security News

A mobile phishing campaign is spreading via text messages purporting to come from an Apple chatbot - and offering "Free trials" of iPhone 12. Clicking the link triggers an interaction - via multiple texts - with a supposed "Apple chatbot."

A man from India has pleaded guilty to his role in a scheme that tried to embezzle about $600,000 from seven people over the age of 65 in the U.S., federal prosecutors say. Chirag Sachdeva, 30, participated in a telemarketing scheme that offered victims computer protection services after misleading them to believe that malware had been detected on their computers, according to a statement from the U.S. attorney's office in Rhode Island.

The V in vishing stands for voice, and it's a way of referring to scams that arrive by telephone in the form of voice calls, rather than as electronic messages. We can't tell whether this is just one group of crooks who are focusing on both vishing and the UK at the moment, or if it's a broader global trend, but we are experiencing unwanted vishing calls at a much greater rate than any time in the past few years.

The Sharepoint link you're expected to click to access the One Note file does look suspicious because there's no clear connection between the sender's company and the location of the One Note lure. It's only at this stage that the crooks present their call-to-action link - the click that they didn't want to put directly ino the original email, where it would have stood out more obviously as a phishing scam.

A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals. It is said the crew used combinations of stolen personal information, spoofed phone numbers, fake email accounts, and even voice-altering software to contact bank staff and con them into handing over control of accounts by posing as legit customers.

Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. While previous phishing messages leveraging Instagram as a lure have been sent via email, the attackers in this campaign send the phishing messages on Instagram's platform itself.

Even though the blue text of the link itself looks like a URL, it isn't actually the URL that you will visit if you click it. Your email address is embedded in the link in the email that you click on, so the phishing page can fill in the email field as you would probably expect.

Authorities in Maryland have issued an advisory about an apparent email phishing scam targeting firearms dealers in the state. Maryland State Police said it was issued after the Maryland State Police Licensing Division was notified Tuesday about emails received by at least two firearms dealers.

Online shopping is the most prevalent type of scam with people losing nearly $14 million to date, according to FTC data. Americans have reported 152,129 coronavirus-related fraud cases to the Federal Trade Commission since the start of 2020, according to data analyzed by Atlas VPN. FTC data further revealed that Americans have lost more than $98 million to COVID-19 and stimulus check scams.

Among consumers reporting being targeted with digital COVID-19 schemes globally, 27% said they were hit with pandemic-themed phishing scams. "From the impacts of phishing and other well documented COVID-19 scams like unemployment fraud, it's clear that fraudsters have the data and increasing opportunities to create synthetic identities and utilize stolen identities," said Shai Cohen, senior vice president of Global Fraud & Identity Solutions at TransUnion.