Article Summary:
Scams targeting consumers are increasing in complexity and volume, with scammers using generative AI and other technologies to create convincing fraud opportunities.
Despite a decrease in individual scam reports, the total money lost has increased, indicating scammers are using more effective and costly scams.…
Tag: SCAM
Ransomware, a phenomenon now very well known, serves one ultimate and obvious purpose:
Monetary gain for the cybercriminal(s).However, multiple scenarios are, in fact, possible. Consider any and all of the following:
Closing thoughts
As we’ve seen, ransomware can serve a plethora of purposes; whether it is deployed by a nation-state actor, the more common cybercriminal, or your neighbor disgruntled at your tree hanging over their wall, one thing is for sure: you are, and have been compromised!…
Article Summary:
Google’s new AI-powered ‘Search Generative Experience’ algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.
SEO consultant Lily Ray discovered that Google’s SGE is recommending spammy and malicious sites within its conversational responses.…
Article Summary:
Customers of bankrupt crypto platform BlockFi have been targeted with a convincing phishing email impersonating the platform, resulting in millions being stolen in just five days.
The latest BlockFi phishing campaign is well-made, impersonating the BlockFi team with no typos and quality brand impersonation.…
During the month of Ramadan, Resecurity observed a significant increase in fraudulent activities and scams, coinciding with a surge in retail and online transactions. Middle Eastern enterprises, facing this heightened risk, are urged to bolster consumer protection and reinforce their brand security. Notably, in the Kingdom of Saudi Arabia (KSA), consumer spending topped regional charts, exceeding $16 billion.…
Introduction
Read More In late 2023 and early 2024, the ransomware ecosystem experienced repeated disruption of its most prolific Ransomware-as-a-Service (RaaS) groups at the hands of international Law Enforcement (LE). Alphv’s dark web data leak site was seized, then unseized, then re-seized in a December 2023 law enforcement operation that seemingly failed to deter the group – until AlphV ultimately claimed to disband via an apparent exit scam, immediately following a high-profile attack against Change Healthcare in March 2024.…
[Update] April 8, 2024: “From ALPHV to RansomHub: Change Healthcare”
A new threat actor has emerged in the ransomware landscape, distinguishing themselves by making claims and backing them up with data leaks. In February 2024, RansomHub posted its first victim, the Brazilian company YKP. Since then, they have made 17 additional claims, although their leak site currently lists only 14 victims.…
New and sophisticated tax phishing scams are targeting taxpayers, warns Microsoft. These scams impersonate trusted sources and use urgency tactics to steal personal and financial data.
Taxpayers beware! Phishing scams are on the rise again as tax season heats up. Microsoft Threat Intelligence has issued warnings about new and innovative tactics cybercriminals are using to steal your personal information and financial data.…
Security researchers have warned of a slew of fake obituaries designed to make money for their creators by redirecting visitors to adult entertainment sites and initiating antivirus (AV) popups.
Secureworks claimed in a new blog post that the scammers monitor Google search trends to identify interest in obituaries following a death, and then create fake notices using generative AI (GenAI).…
A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss with the website it was difficult to reproduce the issue. However, by inspecting our server side scanner logs we were able to locate the source of the unwanted behavior — and it turned out to be a remarkably interesting JavaScript injection related to a massive malware campaign that we internally call Sign1.…
Healthcare , Industry Specific , Legislation & Litigation
Lawsuit Claims Change Healthcare Outage Is Pushing Clinic, Others Into Bankruptcy Marianne Kolbasuk McGee (HealthInfoSec) • March 18, 2024
Image: Advanced Obstetrics & Gynecology PC Image: Advanced Obstetrics & Gynecology PCA Mississippi women’s healthcare practice has filed what appears to be the first proposed class action lawsuit so far against UnitedHealth Group that alleges the that disruption in claims processing caused by the cyberattack on the company’s Change Healthcare unit and ongoing IT outage is threatening to push the clinic and other providers into bankruptcy.…
Generative AI exploded in popularity not too long ago but its influence on text and media creation is already undeniable. AI content is becoming ubiquitous on the internet, and this technology is slowly seeping into real life, impacting sectors such as healthcare, finance, agriculture, and education.…
Sextortion scam is defined as the crime of blackmailing victims using their sensitive information to inflict great psychological distress and extort them. Victims not only suffer from immediate financial losses but also immense shock and terror, some to the point of having their daily lives severely impacted.…
Filipino police rescued 875 “workers” – including 504 foreigners – in a raid late last week on a firm that posed as an online gaming company but in reality operated a forced labor camp that housed romance scam operators.
A video of the raid on the Tarlac Pogo firm posted last Thursday shows the nation’s Criminal Investigation and Detection Group (CIDG) entering what appears to be an office housing rows of workers in front of computers.…
Methodology-based scamsTarget-Based ScamsPlatform-Based ScamsOnline
Read More The fraudulent activities take place across online platforms.
Travel
Fake vacation packages which offer hidden fees or non-existent accommodations.
Utility
Impersonating utility companies to demand immediate payment or threaten with service disconnection.
Tricking individuals into unwanted subscriptions or memberships by offering free trials that automatically convert into paid subscriptions.…
The Fingerprint Information Inside the Attacker Environment Variable:
Read More The data encapsulated within this variable is delimited by ‘|’. It undergoes partial concealment through various techniques, including base64 encoding, md5 hashing, and string obfuscation. The attacker employs additional characters to obscure the string, and the data’s order undergoes constant permutation.…
According to a new report, SIM-swapping crimes are rising worldwide, mainly committed by eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards that are embedded using software into devices. As a result, hackers are now attempting to exploit vulnerabilities within this software to brute force their way into victims’ phone accounts to port their mobile numbers to their own devices through brute force. …
Read More The U.S. Department of Justice (DoJ) is recovering $2.3 million worth of cryptocurrency linked to a “pig butchering” fraud scheme that victimized at least 37 people across the United States.
Pig butchering is a social engineering scam where fraudsters contact people (the “Pigs”) on social media and messaging platforms to build trust. …
Taking a cue from ransomware operators, the illicit online drug marketplace known as Incognito Market has initiated a campaign of extortion targeting both its vendors and buyers. Users are being threatened with the exposure of their cryptocurrency transaction histories and chat records unless they pay a fee ranging from $100 to $20,000.…
Read More Authored by ZePeng Chen and Wenfeng Yu
McAfee Mobile Research Team has observed an active scam malware campaign targeting Android users in India. This malware has gone through three stages. The first one is the development stage, from March 2023 to July 2023, during which a couple of applications were created each month.…