Security News
We monitor a range of email addresses related to Naked Security, so we receieve a regular supply of real-world spams and scams. Right now our scam feed is awash with a variety of frauds targeting Instagram, Instagram, and Instagram.
Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining. Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.
A UK-based scammer who preyed on nearly 700 women and conned nine of them out of £20,000, has been sent to prison. Romance scammers, just like fraudsters who talk you into investing in bogus cryptocurrency schemes, trick their victims person-to-person by building up a facade based on trust, behind which the criminals persuade their victims to send money of their own accord.
Blocked from legitimate courts, cybercriminals have set up their own system for settling disputes, handing over ultimate decision-making to senior underground forum administrators who have awarded claims totaling as much as $20 million. A new report from Analyst1 details activities inside these underground systems and found more than 600 requests for mediation on just one Russian-language forum alone, tackling disputes ranging from missing affiliate payments to contract violations.
Oh! No! The wannabe wizard that went to school with a trainee Sith. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.
The US Securities and Exchange Commission has issued numerous warnings over the years about fraudsters attempting to adopt the identity of SEC officials, including by phone call spoofing. Call spoofing is where a scammer calls you up on your landline or mobile phone, claims to be from organisation X, and then reassures you by saying, "If you don't believe me, check the number I'm calling from."
'Tis the season for scammers to use SMS messages to deliver malicious links straight to your phone. Jacinta Tobin explained the spike in malicious text messages in a blog post on Proofpoint's site.
Are these hacking services as abundant as rumored, or is the dark web full of scammers that are merely waiting to snatch the money of aspiring spies? Analysts at SOS Intelligence have searched the dark web for providers of SS7 exploitation services and found 84 unique onion domains claiming to offer them.
Crypto-thieves are buying Google Ads to target victims with fake wallets, which steal credentials and drain balances. Clicking on the malicious Google Ad takes the user to a malicious site doctored to look like the Phantom wallet site, Check Point noted.
Players in the Squid Game cryptocurrency market have been eliminated - at least their investment has - by what cryptocurrency watchers have called a classic "Rug-pull" scam. When SQUID tokens were first released last week, they were valued at a paltry $0.01 but promised entry into a game with the same premise as the Squid Game series from Netflix - players in desperate financial straits compete in a ruthless, deadly series of games for a shot at winning millions.