Security News
Crypto scammers hijacked three YouTube channels to impersonate Elon Musk's SpaceX channel, offering bogus BTC giveaways that earned them nearly USD $150,000 over the course of two days. According to Bleeping Computer and the reports filed in the BitcoinAbuse database, the scammers took over legitimate YouTube accounts and changed the branding to look like that of Elon Musk's rocket company.
Kenenty Hwan Kim admitted in federal court that he had carried out the elaborate schemes, which involved spoofed emails that purported to be internal communications from executives at the target companies. The fake email said that Chance was having issues receiving check payments from Solid Bridge, and then asked Solid Bridge to mail a check to another mailing address instead. Kim provided a mailing address, and Solid Bridge dutifully wrote out a check and mailed it - the address of course turned out to be bogus.
Beyond regular unemployment payouts, benefits are coming with an extra $600 per week for out-of-work Americans during the pandemic, plus the one-time $1,200 payment eligible adults are receiving under the CARES Act. It's pulling off large-scale fraud against multiple state unemployment insurance programs, exploiting the COVID-19 pandemic with fraudulent unemployment and CARES Act claims.
With US unemployment threatening to reach its highest level since the Great Depression, hackers around the globe are using stolen personal information to file fraudulent benefits claims and steal millions of dollars destined for jobless Americans. The Secret Service confirmed to The Register it has received reports of criminal gangs outside the States obtaining personal records and login credentials harvested from other hacked or leaky databases, and using that info to make unemployment claims on behalf of Americans, then pocketing the payouts via money mules.
With US unemployment threatening to reach its highest level since the Great Depression, hackers around the globe are using stolen personal information to file fraudulent benefits claims and steal millions of dollars destined for jobless Americans. The Secret Service confirmed to The Register it has received reports of criminal gangs outside the States obtaining personal records and login credentials harvested from other hacked or leaky databases, and using that info to make unemployment claims on behalf of Americans, then pocketing the payouts via money mules.
It reminded me of a very similar Skype message I'd received a few years ago, one that abused an open redirect in Google Maps, and I wondered if there was another. One answer is to find an open redirect on a legitimate website - a redirection facility that can be abused to bounce users from a trustworthy website to another, less trustworthy one.
Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research.
Did you receive one of those "Porn scam" emails in the past week or so? As you can imagine, once recipients of these emails realise it's all a cruel and criminal hoax, and that some crook is simply preying on their fears, the pressure is off and they can relax.
Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research. These attacks typically take the form of malicious apps, phishing emails, and phony websites.
Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave. Phishing emails are a favorite tactic used by scammers to try to convince people to share account credentials, financial information, and other private data.