Security News

Oh! No! The wannabe wizard that went to school with a trainee Sith. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

The US Securities and Exchange Commission has issued numerous warnings over the years about fraudsters attempting to adopt the identity of SEC officials, including by phone call spoofing. Call spoofing is where a scammer calls you up on your landline or mobile phone, claims to be from organisation X, and then reassures you by saying, "If you don't believe me, check the number I'm calling from."

'Tis the season for scammers to use SMS messages to deliver malicious links straight to your phone. Jacinta Tobin explained the spike in malicious text messages in a blog post on Proofpoint's site.

Are these hacking services as abundant as rumored, or is the dark web full of scammers that are merely waiting to snatch the money of aspiring spies? Analysts at SOS Intelligence have searched the dark web for providers of SS7 exploitation services and found 84 unique onion domains claiming to offer them.

Crypto-thieves are buying Google Ads to target victims with fake wallets, which steal credentials and drain balances. Clicking on the malicious Google Ad takes the user to a malicious site doctored to look like the Phantom wallet site, Check Point noted.

Players in the Squid Game cryptocurrency market have been eliminated - at least their investment has - by what cryptocurrency watchers have called a classic "Rug-pull" scam. When SQUID tokens were first released last week, they were valued at a paltry $0.01 but promised entry into a game with the same premise as the Squid Game series from Netflix - players in desperate financial straits compete in a ruthless, deadly series of games for a shot at winning millions.

Remote access security strategy under scrutiny as hybrid/remote working persistsA report by Menlo Security highlights growing concerns about securing users as the trend for hybrid and remote working is set to remain. In a recent report, Allianz Global Corporate & Specialty analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.

Email security solutions have trouble detecting BEC scam emails because they are targeted toward specific recipients, generally don't include malicious attachments or links, and often begin with innocuous requests. Intended targets, on the other hand, often fail to spot that these emails have spoofed senders / use spoofed email addresses, or don't find the various email addresses / domains the scammers use suspect.

We've been warning about fake courier scams on Naked Security for many years, even before the coronavirus pandemic increased our collective reliance on home deliveries. The scammer then pretends to be the courier company handling the "Delivery", correctly identifying the item, its value and its made-up shipping code.

Call spoofing, which refers to the process of changing the caller ID to any number other than the actual calling number, is a tactic that has lately been on the rise. The growing sophistication of call spoofing tactics.