After the FCC (Federal Communications Commission) made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing attacks. SMS phishing, otherwise known as smishing or robotexts (FCC’s own terminology), is a form of phishing that attempts to trick people into handing over their personally identifiable information (PII) and/or money using SMS instead of email, which standard phishing usually starts. The FCC has noted that scammers use various lures to trick someone into r ..read more

It pays to be careful where cold calls from someone claiming to work for your bank are concerned. Scam callers are impersonating bank staff, with suggestions of dubious payments made to your account. One unfortunate individual has already lost around $1,000 to this slice of telephone-banking based fraud. With a little press intervention they were lucky enough to get it back. Sadly most people don’t get that far. What’s happening, and how can you avoid it? An unauthorised payment: A scammer’s steps to success This attack has several steps. Here’s how it plays out: The scam begins with a call f ..read more

Together with the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. The threat actors convince investors to download fraudulent mobile apps with the promise of huge opportunities and even larger gains. And this new type of fraud turns out to be very profitable indeed, for the criminals at least—the FBI has identified 244 victims and estimates the approximate loss associated with this activity to ..read more

A new phishing campaign targeting PayPal users aims to get extensive data from potential victims. The data it’s after includes government documents like passport, as well as selfie photos. In a nutshell, it’s an extensive form of information theft, the likes of which could result in someone’s identity being fully stolen and their financial and other online accounts being taken over. PayPal phishing sites are a dime a dozen due to the number of people and companies using it as another form of payment method. However, what’s notable about this campaign is that all the phishing pages are hosted o ..read more

Restaurants and other eating establishments are being targeted by extortionists who post fake reviews online and then offer to remove them in exchange for a gift card. The possibility has always existed to leave poor reviews on Google Maps and elsewhere. However, seeing fraudsters get organised and issue extortion threats alongside the review is a new development. According to the New York Times, businesses are being “deluged” with the poor reviews. Extortion threats are then mailed to the business owners, apologising for the actions but insisting that $75 Google Play gift cards be purchased i ..read more

Verified Twitter accounts are once again under attack from fraudsters, with the latest phish attempt serving up bogus suspension notices. Hijacking verified accounts on any platform is a big win for fraudsters. It gives credibility to their scams, especially when the accounts have large followings. This has been a particularly popular tactic to promote NFTs and other crypto-centric scams. Most recently, we saw hijacked verified accounts pushing messages claiming other verified users had been flagged for spamming. In that instance, compromised accounts were made to look like members of Twitter ..read more

The FBI has warned businesses of an uptick in reports of criminals applying for remote work using deepfake and stolen PII (personally identifiable information). A deepfake is essentially created or modified media (image, video, or audio), often with the help of artificial intelligence (AI) and machine learning (ML). Deepfake creations are designed to appear and sound as authentic as possible. Because of this, they’re difficult to spot unless you know what to look for. Years of data breaches made millions of Americans’ identities available for anyone with ill intent to gather and use for person ..read more

The FTC (Federal Trade Commission) has warned the LGBTQ+ community about extortionists posing as potential romantic partners on Grindr and Feeld. The scammers send their targets explicit photos and then ask for them to reciprocate. If they do, targets are then blackmailed into paying a ransom, usually in the form of gift cards, or risk having these photos leaked to family, friends, and employers. And that’s not all, the scammers are also looking to out people, unless they pay a ransom. According to the FTC: “Other scammers threaten people who are “closeted” or not yet fully “out” as LGBTQ+. T ..read more

Europol has coordinated a joint operation to arrest members of a cybercrime gang and effectively dismantle their campaigns that netted million in Euros. This operation also led the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie) to nine arrests, 24 house searches, and the seizure of firearms, ammunition, jewelry, electronic devices, cash, and cryptocurrency. The group was involved in fraud, money laundering, phishing, and scams. According to a Europol press release, the group’s modus operandi started with an email, text message, or private message containing a ..read more

A phishing campaign is using voicemail notification messages to go after victims’ Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a new voicemail and that you can listen to the message by clicking on the attachment. To add credibility, the name of the attachment starts with a music note character like f.e. ♫ to make it look like a sound clip. In reality, it is an HTML file with obfuscated javascript embedded. The javascript uses the windows.location.replace met ..read more