Security News

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise scams have been arrested in the city of Lagos, Interpol reported yesterday. "The suspects are alleged to have developed phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations," Interpol said.

The tally may be much higher, though as Group-IB established that the TMT gang targeted around 500,000 organizations from the private and government sector in more than 150 countries. BEC scammers use malware to collect sensitive information like authentication data from browsers, email, and FTP clients.

A Florida man was sentenced to 37 months in prison earlier this week for his involvement in a business account takeover scheme that resulted in more than $9 million in total financial losses. A bank account controlled by Buzyukov was used to transfer funds from the accounts of the victim companies, after being added by an account manager to their records at the financial tech company following a bank account change request in a fraudulent phone call made by an unknown individual.

Aggressive scammers are impersonating the U.S. Internal Revenue Service in e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments. The phishing emails target users of Microsoft's Office 365 platform and have so far reached an estimated number of up to 70,000 mail inboxes according to researchers at email security company Abnormal Security.

A tech-support scammer making random phone calls in the hope of finding a victim called the cyber-crime squad of an Australian police force, which used the happy accident to document the con trick and inform the public on what to watch out for. The call was placed to the Financial and Cybercrime Investigation Branch in the state of South Australia, where the cops serve 1.75 million citizens.

A threat actor specializing in business email compromise attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations. An analysis of the attack revealed that the hackers had sent out phishing emails by leveraging a flaw related to how Rackspace SMTP servers hosted at emailsrvr.com authorize users.

Scammers are leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links. According to reports,, the recent attack stems from Google Drive's legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc.

American voters face an especially pivotal, polarized election this year, and scammers here and abroad are taking notice - posing as fundraisers and pollsters, impersonating candidates and campaigns, and launching fake voter registration drives. It's not votes they're after, but to win a voter's trust, personal information and maybe a bank routing number.

What we noticed on the dark net was almost immediately a series of schemes and fraud schemes perpetrated toward the banks, the small business administration, and the other agencies that were affected by the stimulus money. What they're using as seed data for these particular loan applications is stolen private information, PII data, of individuals on the dark net.

Kurtis Minder, co-founder and CEO of GroupSense, explains why the coronavirus has been big business for bad actors.