Security News

Do. It. Romance scams cost victims at least $1.3 billion in 2022, according to the US Federal Trade Commission's latest numbers. The most common lie that scammers told their marks is that they, or someone close to them, is sick, hurt or in jail, according to more than 8,000 romance scams reported to the FTC that cost consumers' money.

Ahad Shams, the co-founder of Web3 metaverse gaming engine startup Webaverse, discovered in late November 2022 that someone had stolen $4 million of his cryptocurrency - during a real world interaction. What made this case different is that the scammers stole the funds from a newly created Trust Wallet account when Shams and a Webaverse colleague met in the lobby of a Rome hotel.

The victim will need to pay in that 20% themselves - indeed, they'd jolly well better pay in quickly, the scammers claim, given that the "Authorities" are now involved and looking for their share. Once you realise you've been scammed, whether the scammers pull the plug on you, or you pull the plug on them, you may "Co-incidentally" be contacted by someone who sympathises with your plight, and who knows just the thing for you to try next.

This picture comes from the Ukraine Cyber Police, who raided a fraudulent call centre just before New Year, where they say the three founders of the scam, plus 37 "Staff", were busted for allegedly operating a large-scale banking fraud. Typically, the scammers try to convince you that your bank account is under attack from fraudsters, and patiently offer to help you "Secure" your account and "Recover" lost or at-risk funds.

Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei. The most notable aspect about the operation is the steps taken by the threat actors to bypass steps taken by users to prevent scam calls, using a new pay-as-you-go U.K. phone number for each wave so as to render phone number-based blocking ineffective.

If you follow this advice, you might jump to the dangerous conclusion that the site must surely know your real password, and must therefore be genuine, given that it seems to know that you put in the wrong password. Of course, the crooks can safely pretend you got your password wrong the first time, even if you didn't.

OneCoin appeared to be what's known as a pyramid scheme, or MLM system, short for multi-level marketing, where the people who buy in at the start earn commission for bringing in the next wave of "Investors", who in turn earn commission from bringing in the third wave, and so on. OneCoin falsely claimed that the value of OneCoin was based on market supply and demand, when in fact, the value of the cryptocurrency was simply set by OneCoin itself.

In this Help Net Security video, Ronnie Tokazowski, Principal Threat Advisor at Cofense, offers insight into the world's most lucrative cybercrime - business email compromise. The Cofense team recently purchased $500 worth of trackable gift cards to intentionally give to scammers in the hopes of discovering what happens once scammers receive these funds, engaging with 54 live BEC attacks over 5 weeks.

A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets' computers easier, Guardio researchers have discovered. By abusing the fully-featured 14-day trial option for that hosted cloud service, scammers are already taking advantage of the platform at no cost, but the vulnerability could have allowed them to remove an alert that can break the illusion the scammers are trying to create.

At which point the crooks immediately try to use the combination of username + password + one-time code they just got hold of, in the hope of logging in quickly enough to get into your account before you realise there's anything phishy going on. As a result, social media users are understandably concerned about protecting their accounts in general, whether they're specifically concerned about Twitter or not: Lure you to a real page with a facebook.com URL. The account is fake, set up entirely for this particular scam campaign, but the link that shows up in the email you receive does indeed lead to facebook.com, making it less likely to attract suspicion, either from you or from your spam filter.