Security News

Cybersecurity firm Forcepoint reports that it has found a number of new phishing and malware scams circulating around the internet with a common theme: They all aim to capitalize on coronavirus and COVID-19 fears. The tactics being used in this current wave of COVID-19 phishing and malware are nothing new: Phishing attempts are seeking to steal email passwords, fake ads are selling scam products, and traditional malware droppers are being found in infected word documents.

Research from the Better Business Bureau, the FINRA Investor Education Foundation, and the Stanford Center on Longevity found that people are more likely to lose money to a scam when they are socially or physically isolated from others, if they are actively engaging online, and if they are financially vulnerable. "According to our research, social isolation is a key risk factor for susceptibility to scams, as is financial vulnerability," said Melissa Lanning Trumpower, executive director of the BBB Institute for Marketplace Trust, BBB's foundation that conducted the research.

The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings. Since at least 2007, Web Listings Inc. has been sending snail mail letters to domain registrants around the world.

British police are saying coronavirus-related fraud reports have spiked by 400 per cent over the past six weeks as the COVID-19 illness continues its inexorable march through humanity. Although absolute numbers of reports are low, perhaps kept that way because the public now knows Action Fraud is largely useless, the National Fraud Intelligence Bureau said there were a total of 200 reports of coronavirus scams made to them since 1 February.

Twenty-four individuals were arrested for laundering funds illegally obtained via business email compromise, romance, and retirement account scams targeting victims across the United States. The large-scale fraud operation facilitated by the arrested individuals has caused losses of more than $30 million, the Department of Justice has revealed.

Hackers are getting hacked via trojanized hacking toolsSomeone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed. SECURE Magazine: RSAC 2020 special issue releasedRSA Conference, the world's leading information security conference and exposition, concluded its 29th annual event in San Francisco.

Scam robocalls and phishing emails disguised as banks continue to trick consumers to put their personal information at risk, and tax season is no exception. These tactics are particularly effective due to tax payers concerns of misfiling their taxes or accidentally running into trouble with groups like the IRS. McAfee researchers recently uncovered an example of an illegitimate IRS site created to scam unsuspecting consumers.

The menace of Business Email Compromise is often overshadowed by ransomware but it's something small and medium-sized businesses shouldn't lose sight of. Bang on cue, the FBI Internet Crime Complaint Center has alerted US businesses to ongoing attacks targeting organisations using Microsoft Office 365 and Google G Suite.

With the Western world conducting a considerable chunk of its day-to-day life online, with the help of computers, mobile phones and email, they are open to a variety of coronavirus-related cyber scams and schemes. Then there are the phishers and malware peddlers: since the very beginning of Covid-19's surge in Wuhan, they've been tricking users with fake email notifications and fake alerts impersonating local authorities, the US Centers for Disease Control and Prevention, and the World Health Organization to deliver malware or to steal email credentials.

For anyone who is a Stripe user - even if they haven't logged in for a while - the email seems pretty genuine. OK, the button didn't head to a Stripe domain, but the link didn't look particularly out of place, either - it was an HTTPS link to a regular-looking.com domain.