Security News

'Tis the season for scammers to use SMS messages to deliver malicious links straight to your phone. Jacinta Tobin explained the spike in malicious text messages in a blog post on Proofpoint's site.

Are these hacking services as abundant as rumored, or is the dark web full of scammers that are merely waiting to snatch the money of aspiring spies? Analysts at SOS Intelligence have searched the dark web for providers of SS7 exploitation services and found 84 unique onion domains claiming to offer them.

Crypto-thieves are buying Google Ads to target victims with fake wallets, which steal credentials and drain balances. Clicking on the malicious Google Ad takes the user to a malicious site doctored to look like the Phantom wallet site, Check Point noted.

Players in the Squid Game cryptocurrency market have been eliminated - at least their investment has - by what cryptocurrency watchers have called a classic "Rug-pull" scam. When SQUID tokens were first released last week, they were valued at a paltry $0.01 but promised entry into a game with the same premise as the Squid Game series from Netflix - players in desperate financial straits compete in a ruthless, deadly series of games for a shot at winning millions.

Remote access security strategy under scrutiny as hybrid/remote working persistsA report by Menlo Security highlights growing concerns about securing users as the trend for hybrid and remote working is set to remain. In a recent report, Allianz Global Corporate & Specialty analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.

Email security solutions have trouble detecting BEC scam emails because they are targeted toward specific recipients, generally don't include malicious attachments or links, and often begin with innocuous requests. Intended targets, on the other hand, often fail to spot that these emails have spoofed senders / use spoofed email addresses, or don't find the various email addresses / domains the scammers use suspect.

We've been warning about fake courier scams on Naked Security for many years, even before the coronavirus pandemic increased our collective reliance on home deliveries. The scammer then pretends to be the courier company handling the "Delivery", correctly identifying the item, its value and its made-up shipping code.

Call spoofing, which refers to the process of changing the caller ID to any number other than the actual calling number, is a tactic that has lately been on the rise. The growing sophistication of call spoofing tactics.

"The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social-engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," according to Intel 471. In February, Intel 471 came across a threat actor on a popular Russian-language cybercrime forum who was seeking a team of native English speakers for the social engineering elements of BEC attacks, after obtaining access to custom Microsoft Office 365 domains.

Image: George Kedenburg III. Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges. BEC scammers use various tactics to compromise or impersonate their targets' business email accounts, allowing them to redirect pending or future payments to bank accounts they control.