Security News

As the digital wolves dress in sheep's tax forms, Microsoft has thrown a spotlight on a crafty 2024 phishing expedition, unraveled in January, that preys on the unsuspecting herd of early tax filers. The malicious email campaign, purporting to be employees' tax returns, contained an attachment that, when clicked, directs the user to a phony website that looks like a blurred spreadsheet, with a download documents button marked "Confidentials to users[dot]name[at] contoso[dot]com."

The U.S. Federal Trade Commission warned today that scammers are impersonating its employees to steal thousands of dollars from Americans. FTC says its staff has received numerous reports from consumers who have fallen victim to scams in which fraudsters exploited the identities of agency personnel to coerce them into transferring or wiring money.

Scammers on Airbnb are faking technical issues and citing higher fees to get users to a spoofed Tripadvisor website and steal their money. Malwarebytes researchers came across the Airbnb scam when trying to book an apartment through the platform.

A deepfake video conference call paired with social engineering tricks has led to the theft of over US$25 million from a multinational firm, the South China Morning Post has reported. They have been later quelled by a group video conference to which the employee was invited.

Cryptocurrency scammers are abusing a legitimate Twitter "Feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. On X, formerly and more widely known as Twitter, a post's URL consists of the account name of the person who tweeted it and a status ID, as shown below. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even high-profile accounts.

Cryptocurrency scammers are abusing a legitimate X "Feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. On X, formerly Twitter, a post's URL consists of the account name of the person who tweeted it and a status ID, as shown below. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even high-profile accounts.

Interpol on Tuesday revealed the results of what it's dubbed Operation HAECHI IV - a six-month effort that saw 34 nations cooperate, with funding from South Korea. The majority - about three quarters - of the crime investigated by the op was business email compromise, e-commerce fraud, and investment fraud.

The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the...

Human trafficking for the purposes of populating cyber scam call centers is expanding beyond southeast Asia, where the crime was previously isolated. The latest five-month operation discovered that victims from Malaysia were being trafficked to work in Peruvian call centers and Ugandan victims were being trafficked to Dubai for the same reason, only to be diverted to Thailand and then Myanmar.

A Los Angeles man has been jailed after pulling off SIM-swap attacks on victims, hijacking social media accounts, committing fraud with Zelle payments, and impersonating Apple support. Amir Hossein Golshan, 25, described in court documents as a "Serial cybercriminal and scammer," was sentenced to eight years in prison by a California federal court on Monday, and ordered to pay $1,218,526 in restitution.