Security News

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim's information," Menlo Security researcher Ashwin Vamshi said.

Two days is all it took for Interpol to recover more than $40 million worth of stolen funds in a recent business email compromise heist, the international cop shop said this week. Interpol was called in after an unidentified Singaporean commodity biz filed a police report on July 23 claiming it had been scammed out of $42.3 million four days earlier.

INTERPOL said it devised a "Global stop-payment mechanism" that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise scam. The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024.

Highlighting growth of phishing and digital scams targeting United States citizens, Bolster released a research that identified 24 separate nation-state threat actor groups attempting to exploit rising political tensions across the US to interfere with the 2024 presidential election. "We know the frequency of phishing attacks is increasing, as hackers utilize AI to execute more scams than ever before. In fact, phishing scams are being hosted in the US at a rate of nearly double, compared to 2023. The trend is only accelerating. In May alone, we logged a daily average of more than 45K malicious phishing sites," said Abhilash Garimella, VP of Research at Bolster.

The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million. [...]

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. The cybersecurity company is tracking the "Crafty" phishing and downloader campaign under the name OneDrive Pastejacking.

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign. The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter installer via a website impersonating an unnamed German entity.

Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. In cases where some of these accounts attempted to target minors, Meta said it reported them to the National Center for Missing and Exploited Children.

The attackers create phishing emails and fraudulent duplicate websites to steal usernames and passwords from hotel staff. Booking.com suggests using MFA to prevent such attacks, but it isn't enough.

Australia's Competition and Consumer Commission has warned that scammers are targeting scam victims with fake offers to help them recover from scams. The Commission today warned that scammers are targeting victims of scams with schemes that solicit an up-front fee to recover money lost in past scams.