Security News

We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!

Successful COVID-19-themed fraud attempts perpetrated in the US, since the beginning of the year resulted in a little over $13 million losses, the Federal Trade Commission has shared. Despite repeated alerts from a variety of sources - the FBI, the FTC, the FCC - US citizens continue to fall for COVID-19-themed scams.

Email security biz Mimecast has warned of a flight refund scam doing the rounds amid a general uptick in coronavirus-related online crime. It works by offering a fake flight refund form via email.

Now, the FBI is warning that threat actors are taking advantage of efforts to procure PPE and critical equipment such as ventilators with new business email compromise and other scams aimed at defrauding those seeking the supplies. These so-called "Advance-fee schemes" are among several new fraud campaigns the feds have observed, alongside more typical BEC scams.

When is ICANN going to do something about the explosion of scammy domains spawned by the COVID-19 pandemic? We can't, the overseers of the internet said last Tuesday, throwing its hands in the air and telling domain registrars that they can - and should.

We've seen a recent surge of concern about sextortion emails over the last few days. A sextortion or porn scam email is where cybercriminals email you out of the blue to claim that they've implanted malware on your computer, and have therefore been able to keep tabs on your online activity.

While this move by the government was lauded by many, cybersecurity experts noticed that almost immediately, cybercriminals kickstarted efforts to either steal the money coming to people or set up scams using potential stimulus checks as ways to steal people's information. A number of cybersecurity experts said the scams will resemble the typical IRS and tax season scams that have become increasingly common over the past decade.

The agency that oversees online addresses on Tuesday called for those issuing website addresses to vigilantly thwart cyber scams exploiting coronavirus fears. The Internet Corporation for Assigned Names and Numbers took the unusual step of firing off a letter to "Registrars" entrusted with the business of issuing website names around the world.

A type of fraud targeting those in charge of performing legitimate funds transfers for a company, BEC scams aim to trick unsuspecting victims into sending money to the attackers. In BEC attacks, the victim typically receives an email apparently arriving from a company they normally conduct business with, requesting payments be made to a new account, or demanding a change in the standard payment operations.

Bona fide IRS agents wouldn't do any of those things, IRS Commissioner Chuck Rettig said. Taxpayers who don't have their refunds direct-deposited should beware of what the IRS and its Criminal Investigation Division say is a wave of new and evolving phishing schemes that target them in particular.