Security News

Interpol on Monday announced the arrest of three suspected global scammers in Nigeria for using remote access trojans such as Agent Tesla to facilitate malware-enabled cyber fraud. The law enforcement said that the suspects systematically used Agent Tesla to breach business computers and divert financial transactions to bank accounts under their control.

A new wave of cryptocurrency systems dubbed De-Fi, short for decentralised finance, has arisen to fill that transactional void. Instead of depositing your funds with a licensed and regulated bank, and then trading with those funds by choosing from a carefully curated list of transaction types, De-Fi systems let you invest your money with them, in return for access to a "Smart contract" system that allows you trade automatically with other users of the system in a way to suit yourself.

A platform for everyone to seamlessly share their best moments online, Instagram is slowly turning into a mecca for the undesirables-from sexual harassers to crypto "Investors" helping you "Get rich fast." American investor and hedge fund manager, Mark W. Yusko is one such person whose identity is being misused by not one-several Instagram scammers.

Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies - with alluring photos and fake customer testimonials - in order to take advantage of people during the pandemic," Google's CyberCrime Investigation Group manager Albert Shin and senior counsel Mike Trinh said.

Threat actors have new targets in their sites this tax season during the annual barrage of cyber-scams as people file their U.S. income-tax documents. It's common for attackers to target popular tax filing and preparation apps such as Intuit and TurboTax in various cybercriminal campaigns during tax season, a time that's traditionally rife with scams.

As SophosLabs reported last year cybercriminals were nevertheless able to draw iPhone users into their cryptocoin app scams by using Enterprise Provisioning. The technological basis for these scam apps is surprisingly simple: the crooks persuade you, for example on the basis of a friendship carefully cultivated via a dating site, into giving them the same sort of administrative power over your iPhone that is usually reserved for companies managing corporate-owned devices []. Typically, [this means] they can remotely wipe them, unilaterally or on request, block access to company data, enforce specific security settings such as lock codes and lock timeouts.

We monitor a range of email addresses related to Naked Security, so we receieve a regular supply of real-world spams and scams. Right now our scam feed is awash with a variety of frauds targeting Instagram, Instagram, and Instagram.

Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining. Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.

A UK-based scammer who preyed on nearly 700 women and conned nine of them out of £20,000, has been sent to prison. Romance scammers, just like fraudsters who talk you into investing in bogus cryptocurrency schemes, trick their victims person-to-person by building up a facade based on trust, behind which the criminals persuade their victims to send money of their own accord.

Blocked from legitimate courts, cybercriminals have set up their own system for settling disputes, handing over ultimate decision-making to senior underground forum administrators who have awarded claims totaling as much as $20 million. A new report from Analyst1 details activities inside these underground systems and found more than 600 requests for mediation on just one Russian-language forum alone, tackling disputes ranging from missing affiliate payments to contract violations.