Security News
Remote access security strategy under scrutiny as hybrid/remote working persistsA report by Menlo Security highlights growing concerns about securing users as the trend for hybrid and remote working is set to remain. In a recent report, Allianz Global Corporate & Specialty analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.
Email security solutions have trouble detecting BEC scam emails because they are targeted toward specific recipients, generally don't include malicious attachments or links, and often begin with innocuous requests. Intended targets, on the other hand, often fail to spot that these emails have spoofed senders / use spoofed email addresses, or don't find the various email addresses / domains the scammers use suspect.
We've been warning about fake courier scams on Naked Security for many years, even before the coronavirus pandemic increased our collective reliance on home deliveries. The scammer then pretends to be the courier company handling the "Delivery", correctly identifying the item, its value and its made-up shipping code.
Call spoofing, which refers to the process of changing the caller ID to any number other than the actual calling number, is a tactic that has lately been on the rise. The growing sophistication of call spoofing tactics.
"The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social-engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," according to Intel 471. In February, Intel 471 came across a threat actor on a popular Russian-language cybercrime forum who was seeking a team of native English speakers for the social engineering elements of BEC attacks, after obtaining access to custom Microsoft Office 365 domains.
Image: George Kedenburg III. Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges. BEC scammers use various tactics to compromise or impersonate their targets' business email accounts, allowing them to redirect pending or future payments to bank accounts they control.
The problem with copyright infringement notices is that if they're genuine, they can't just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they're received. They've copied a trick that tech support scammers have been using for years, and that some ransomware scammers have recently adopted, namely giving you a toll-free phone number to call for "Help".
Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others. Harrington was charged with Eric Meiggs in November 2019 for targeting the owners of high-value Instagram and Tumblr accounts.
Simply navigating a smartphone camera over the image allows the device's QR translator-built into most mobile phones-to "Read" the code and open a corresponding website. "The problem with QR codes stems from how easy they are to use," they wrote in a report published Tuesday about the growing number of QR code scams.
It's easy to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google. In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information.