Security News

Another "Package delivery notification" scam. Delivery scams often entice you by telling you what cool "Item" is on its way, such as a mobile phone that someone is sending you as a gift.

A report released Wednesday by fraud prevention company Bolster looks at some of the most popular scams seen during the first quarter of 2020. As the coronavirus took hold, around 30 percent of the confirmed phishing and counterfeit pages were related to COVID-19.

We believe we are less likely than others are to fall for phishing scams, thereby underestimating our own exposure to risk, a cybersecurity study has found. Half of the subjects were asked how likely they were to take the requested action while the other half was asked how likely another, specifically, "Someone like them," would do so.

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient's Windows license will be suspended unless they call an "MS Support" number to reinstate the license, but the number goes to a phony tech support scam that tries to trick callers into giving fraudsters direct access to their PCs. The fraudulent message tries to seem more official by listing what are supposed to be the recipient's IP address and MAC address.

Threat actors are using a combination of scams to obtain as well as buy and sell credentials for U.S. taxpayers to steal appropriations from the COVID-19 relief package as well as 2020 tax refunds, new research has found. The package includes $1,200 in individual taxpayer payments to those who qualified, representing a new opportunity for fraud alongside the usual tax-season campaigns that threat actors typically employ.

BEC attacks are targeted at businesses that do a lot of invoicing or wire transfers, with the goal of scamming them using social engineering into sending money to attackers. BEC attacks can use malware to gain access to computers used by invoice approvers and other financial decision-makers and use their credentials to wire themselves money, as well as harvest other kinds of personal information for use in other scams.

Riddle: What do you get when you cross the COVID-19 quarantine with bored kids, heart-melting online ads for floppy-eared spaniel puppies, and online ordering? The Better Business Bureau last week raised the alarm on what it says is a spike in online puppy scams it's seeing now that the pandemic has so many people stuck at home, wistfully imagining that it's the perfect time to train and bond with a little fluff ball.

A new report from Kaspersky found that cybercriminals are using the increase in delivery demand to push convincing phishing emails into thousands of inboxes. "The spikes in demand are causing in-transit times to stretch out. As a result, customers are getting used to receiving apologetic messages from couriers linking to updated shipping statuses. Recently, we have observed a number of fake sites and emails supposedly from delivery services exploiting the coronavirus topic," Kaspersky Lab anti-spam analyst Tatyana Shcherbakova wrote in a blog post.

You may have heard that today's phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. You probably didn't know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account - data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

In the past, most of these sextortion emails were sent in high numbers with links to Bitcoin sites, specific URLs, and other details that raised a red flag with security filters. That's why many sextortion emails have switched to using QR codes, which many filters can't detect.