Security News

Business email compromise and email account compromise scams are still the most lucrative schemes for cybercriminals: the FBI's Internet Crime Complaint Center has calculated that, in 2019, the average monetary loss per BEC/EAC scam complaint reached $75,000. During the past year, the IC3 received a total of 467,361 cybercrime complaints with reported losses exceeding $3.5 billion, and $1.77 billion of those are the result of BEC/EAC. For comparison, BEC/EAC-associated losses were $1.3 billion in 2018, $676 million in 2017 and $360 million in 2016.

Several cybersecurity companies have spotted campaigns that use coronavirus-themed emails to deliver malware, phishing attempts and scams. The malicious emails warn potential victims about the impact of the coronavirus on the shipping industry.

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data - even going so far as to ask for social security numbers and uploaded photos of their passports. Some parts of the phishing email make strange use of exclamation points - For instance, the top of the email says "PayPal Notifications Center !" and the phishing link button reads, "Secure and update my account now !".

Valentine's Day will give rise to romance scams, often directed toward people who use dating sites and apps. Victims of such scams sometimes avoid reporting them out of shame, embarrassment, or humiliation, according to the FBI. As such, the criminals can make a clean getaway.

Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam. Of course, if you put in your email address or your password and click through, you'll be submitting the filled-in web form to the crooks.

Crooks almost certainly can't get hold of a server name that ends with, say, paypal DOT com, but can create any number of subdomains that start with paypal DOT and end with some unrelated domain. The suspicious-looking right-hand end of a full domain name often ends up invisible on a mobile phone because it won't fit in the address bar.

A non-profit community housing collective has been swindled out of more than $1.2 million in a business email compromise campaign. Red Kite Community Housing, a coop housing association in High Wycombe, U.K. announced in a recent website notice that £932,000 of the money paid into its coffers by tenant-owners was transferred to cybercrooks thanks to a convincing domain-spoofing effort.

Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week. Victims are receiving emails threatening to expose their Ashley Madison accounts - along with other embarrassing data - to family and friends on social media and via email, unless they pay a Bitcoin ransom.

What's the difference between a real job and the horde of fake ones found on the internet? It's even more basic than the fact that one is fake - fake jobs are suspiciously easy to get interviews for.

More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart. While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."