Security News

The V in vishing stands for voice, and it's a way of referring to scams that arrive by telephone in the form of voice calls, rather than as electronic messages. We can't tell whether this is just one group of crooks who are focusing on both vishing and the UK at the moment, or if it's a broader global trend, but we are experiencing unwanted vishing calls at a much greater rate than any time in the past few years.

The Sharepoint link you're expected to click to access the One Note file does look suspicious because there's no clear connection between the sender's company and the location of the One Note lure. It's only at this stage that the crooks present their call-to-action link - the click that they didn't want to put directly ino the original email, where it would have stood out more obviously as a phishing scam.

A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals. It is said the crew used combinations of stolen personal information, spoofed phone numbers, fake email accounts, and even voice-altering software to contact bank staff and con them into handing over control of accounts by posing as legit customers.

Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. While previous phishing messages leveraging Instagram as a lure have been sent via email, the attackers in this campaign send the phishing messages on Instagram's platform itself.

Even though the blue text of the link itself looks like a URL, it isn't actually the URL that you will visit if you click it. Your email address is embedded in the link in the email that you click on, so the phishing page can fill in the email field as you would probably expect.

Authorities in Maryland have issued an advisory about an apparent email phishing scam targeting firearms dealers in the state. Maryland State Police said it was issued after the Maryland State Police Licensing Division was notified Tuesday about emails received by at least two firearms dealers.

Online shopping is the most prevalent type of scam with people losing nearly $14 million to date, according to FTC data. Americans have reported 152,129 coronavirus-related fraud cases to the Federal Trade Commission since the start of 2020, according to data analyzed by Atlas VPN. FTC data further revealed that Americans have lost more than $98 million to COVID-19 and stimulus check scams.

Among consumers reporting being targeted with digital COVID-19 schemes globally, 27% said they were hit with pandemic-themed phishing scams. "From the impacts of phishing and other well documented COVID-19 scams like unemployment fraud, it's clear that fraudsters have the data and increasing opportunities to create synthetic identities and utilize stolen identities," said Shai Cohen, senior vice president of Global Fraud & Identity Solutions at TransUnion.

Twitter has said that around 130 accounts were targeted by miscreants this week as high-profile individuals and businesses had their accounts hijacked to promote a Bitcoin scam. The estimate comes days after the social media biz admitted the blitz - which snared the accounts of Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber and former President Barack Obama - was the result of "Coordinated social engineering".

The Twittersphere went into overdrive on Wednesday as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam. The attackers simultaneously compromised Twitter accounts of Bill Gates, Elon Musk, Barack Obama, Jeff Bezos, Joe Biden, Mike Bloomberg, Apple, Uber, as well as those of cryptocurrency exchanges Binance, Coinbase, KuCoin and Gemini, the CoinDesk news site and other top crypto accounts.