Security News

A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data - even going so far as to ask for social security numbers and uploaded photos of their passports. Some parts of the phishing email make strange use of exclamation points - For instance, the top of the email says "PayPal Notifications Center !" and the phishing link button reads, "Secure and update my account now !".

Valentine's Day will give rise to romance scams, often directed toward people who use dating sites and apps. Victims of such scams sometimes avoid reporting them out of shame, embarrassment, or humiliation, according to the FBI. As such, the criminals can make a clean getaway.

Sadly, cybercrooks love a crisis, because it gives them a believable reason to contact you with a phishing scam. Of course, if you put in your email address or your password and click through, you'll be submitting the filled-in web form to the crooks.

Crooks almost certainly can't get hold of a server name that ends with, say, paypal DOT com, but can create any number of subdomains that start with paypal DOT and end with some unrelated domain. The suspicious-looking right-hand end of a full domain name often ends up invisible on a mobile phone because it won't fit in the address bar.

A non-profit community housing collective has been swindled out of more than $1.2 million in a business email compromise campaign. Red Kite Community Housing, a coop housing association in High Wycombe, U.K. announced in a recent website notice that £932,000 of the money paid into its coffers by tenant-owners was transferred to cybercrooks thanks to a convincing domain-spoofing effort.

Nearly five years after the high-profile Ashley Madison data breach, hundreds of impacted website users are being targeted by a new extortion attack this past week. Victims are receiving emails threatening to expose their Ashley Madison accounts - along with other embarrassing data - to family and friends on social media and via email, unless they pay a Bitcoin ransom.

What's the difference between a real job and the horde of fake ones found on the internet? It's even more basic than the fact that one is fake - fake jobs are suspiciously easy to get interviews for.

More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart. While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."

That IT exec's name is Hicham Kabbaj, and on Friday, he pleaded guilty to one count of wire fraud for having set up a shell company and billing his employer for firewalls and services that "Interactive Systems" never actually installed. Once Company-1 paid up, Kabbaj would slide the cash on over to his own bank account - a scam that netted him a cool $6 million.

Have you ever received items by courier from people overseas? A free MacBook Pro for just $1! As we mentioned above, scams like this aren't miles away from real life, because emails from courier companies that document unexpected import and delivery charges are not unusual.