Security News

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information. Investigators allege the duo set up phishing websites that mimicked legitimate employee portals belonging to wireless providers, and then emailed and/or called employees at these providers in a bid to trick them into logging in at these fake portals.

UPDATE. Hackers took over President Trump's 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later. "While the hacked page claimed that the threat actors responsible compromised"multiple devices" that gave them "full access" to internal and secret conversations" of "Trump and relatives," there is no evidence that these statements are true, according to the Trump campaign.

Malwarebytes security researchers have identified a new campaign in which tech support scammers are exploiting a cross-site scripting vulnerability and are relying exclusively on links posted on Facebook to reach potential victims. This, they say, suggests that the tech support scammers were regularly changing these links to avoid blacklisting.

Rapper Fontrell Antonio Baines, who goes by the stage name "Nuke Bizzle," made his first appearance in U.S. District Court in downtown Los Angeles on Friday after being charged with fraudulently applying for more than $1.2 million in jobless benefits under the Coronavirus Aid, Relief and Economic Security Act, according to a statement from the U.S. Attorney's Office in the Central District of California. Authorities were tipped off to the scheme after Baines posted a music video on YouTube and Instagram titled "EDD," an apparent reference to the state unemployment agency.

We do a show on Facebook every week in our Naked Security Live video series, where we discuss one of the big security concerns of the week. For those of you who [a] don't use Facebook, [b] had buffering problems while we were live, [c] would like subtitles, or [d] simply want to catch up later, we also upload the recorded videos to our YouTube channel.

Cybercriminals are exploiting a $100 million Facebook grant program designed for small businesses impacted by the pandemic, to phish personal information and take over Facebook accounts. They pointed out that there is in fact, a real CNBC article about coronavirus-related Facebook grants, but the legitimate program is for small businesses, not individuals.

Naked Security Live - here's the recorded version of our latest video. Enjoy.

Sadly what works for legitimate businesses almost always works for cybercriminals too, so there are plenty of crooks still using SMSes for phishing - an attack that's wryly known as smishing. Your phone's operating system will happily recognise when the text in an SMS looks like a URL and automatically make it clickable for you.

A mobile phishing campaign is spreading via text messages purporting to come from an Apple chatbot - and offering "Free trials" of iPhone 12. Clicking the link triggers an interaction - via multiple texts - with a supposed "Apple chatbot."

A man from India has pleaded guilty to his role in a scheme that tried to embezzle about $600,000 from seven people over the age of 65 in the U.S., federal prosecutors say. Chirag Sachdeva, 30, participated in a telemarketing scheme that offered victims computer protection services after misleading them to believe that malware had been detected on their computers, according to a statement from the U.S. attorney's office in Rhode Island.