Security News

The United States Department of the Treasury's Financial Crimes Enforcement Network has issued an alert to warn financial institutions of fraud and cyberattacks related to COVID-19 vaccines. In its newly released alert, FinCEN tells financial institutions to be wary of "Potential for fraud, ransomware attacks, or similar types of criminal activity related to COVID-19 vaccines and their distribution."

A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked. One recipient said they fell for the scam after their card was denied in a purchase online and thought the email was a legitimate Chase fraud alert.

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. Many scammers have rolled out campaigns offering COVID-19 vaccines, free medical tests and testing kits, tax rebates for donation to pandemic relief funds, information on COVID-19 cases, and new job opportunities due to the economic downturn.

Here's our latest Naked Security Live talk, discussing IM scams and how to avoid them, as well as giving you some pointers on how to think like a scammer and thereby stay one step ahead. Don't forget that receiving a message from a friend's account doesn't always mean your friend actually sent the message - if their account has been hacked, then it could be a crook using your friend's name to trick you. Watch directly on YouTube if the video won't play here.

This scam goes even further - whether as a distraction to buy a bit of time before victims realise they've been taken in and rush to change their Messenger passwords, or simply to give the crooks a second bite at the cherry, we don't know. After entering your password, there's a short delay, as you might expect whan logging in to any online service, after which the crooks seem to pick from a range of other scams and redirect you to one of them randomly.
![S3 Ep11: DIY phishes, sandwich scams and vaccine hacking [Podcast]](/static/build/img/news/s3-ep11-diy-phishes-sandwich-scams-and-vaccine-hacking-podcast-small.jpg)
We look at phishing tricks that really work, investigate a bizarre scam involving Subway sandwiches, and ask whether cybercriminals have lost their interest in the rest of us now they have coronavirus-related targets to go after. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

Count the Subway sandwich faithful among the latest victims of cybercriminals. Researchers at Sophos discovered a phishing campaign aimed at Subway loyalty-card members in the U.K. and Ireland, in an attempt to trick them into downloading malware.

Here's our latest Naked Security Live talk, about how to avoid email scams that arrive under the guise of a well-known brand - in this case, global sandwich seller Subway. Watch directly on YouTube if the video won't play here.

Subway customers in the UK and Ireland were swamped with scam emails yesterday in a phishing campaign that aimed to trick recipients into downloading malware. As a result of this uncertainty, many Twitter users have asked Subway if the scamming campaign was down to some sort of breach: perhaps, they wondered, criminals had somehow got access to Subway's newsletter service in order to click [Send] on an unauthorised email campaign.

Security company GreatHorn shared some of the latest ways cybercriminals are trying to take your money. Here's how to avoid them.