dcsimg

Europol: Ransomware remains top threat in IOCTA report

The European Union Agency for Law Enforcement Cooperation, or Europol, just released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms of prevalence and financial … [Read more...]

How to get your Equifax money and stay safe doing it

Following the enormous data breach of Equifax in 2017—in which roughly 147 million Americans’ suffered the loss of their Social Security numbers, addresses, credit card and driver’s license information, birthdates, and more—the company has agreed to a settlement with the US Federal Trade Commission, in which it will pay at least $650 million. Much of that settlement—up to $425 million—is … [Read more...]

A look inside the FBI’s 2018 IC3 online crime report

The FBI’s Internet Crime Complaint Center have released their annual Crime Report, with the most recent release focusing on 2018. While the contents may not surprise, it definitely cements some of the bigger threats to consumers and businesses—and not all of them are particularly high tech. Sometimes less is most definitely more. What is the Internet Crime Complaint Center? Good question. For … [Read more...]

100 channels and nothing on, except TV Licensing phishes

We’ve seen a lot of people referencing fake TV Licensing emails they’ve received over the last few days. The majority so far appear to be fake refund notices, asking potential victims to log in to a phony TV License website and provide payment details for refunds. It’s definitely keeping customer support busy: Click to enlarge Many of the URLs we’ve looked at are down now, but not all, so … [Read more...]

HMRC phish swipes email login, payment details

It’s not tax season in the UK, but that hasn’t deterred scammers from sending out mail looking to swipe both card details and email logins in one fell swoop. The email, which claims UKGOV has issued a tax refund to the tune of 542.94 GBP, arrives under the following title, which is spectacularly poorly formatted: [RCPT-07010144] processed your automatic payment is available – … [Read more...]

The many faces of omnichannel fraud

The rise of new technologies, social networks, and other means of online communication have brought about compelling changes in industries across the board. For example, in retail, organizations use digital tools such as websites, email, and apps to reach out to their current and potential clients, anticipate their needs, and fully tailor their business strategies around making the user shopping … [Read more...]

Green card scams: preying on the desperate

Thanks to @nullcookies for providing leads. Most online scams depend on two things for success: a broken or otherwise onerous process to deal with a legitimate entity, and a desperate target population. With immigration, there are many, many burdensome processes to navigate, and most applicants involved are at least somewhat desperate due to costs and lengthy time expenditures. The result is an … [Read more...]

Social engineering attacks: What makes you susceptible?

We now live in a world where holding the door open for someone balancing a tray of steaming hot coffee—she can’t seem to get her access card out to place it near the reader—is something we need to think twice about. Courtesy isn’t dead, mind you, but in this case, you’d almost wish it were. Because the door opens to a restricted facility. Do you let her in? If she really can’t reach … [Read more...]

5 cybersecurity questions retailers must ask to protect their businesses

The Target breach in 2013 may not be the biggest retail breach in history, but for many retailers, it was their watershed moment. Point-of-sale (PoS) terminals were compromised for more than two weeks. 40 million card details and 70 million records of personal information swiped—part of which was “backlist,” historical transaction information dating back to more or less a decade ago. … [Read more...]

A week in security (February 19 – February 25)

Last week on Malwarebytes Labs, we gave readers a primer on encryption, took a stab at that Deepfakes tool Internet users seem to be interested in, and started a new series that talks about GDPR. We also looked at a drive-by download campaign that starts in booby-trapped Chinese websites that drop malware via different exploits. This malware is a DDoS bot called Avzhan, which we then studied in … [Read more...]