dcsimg

Fake Elder Scrolls Online developers go phishing on PlayStation

A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via Playstation messaging. This particular phishing attempt is notable for ramping up the pressure on recipients—a classic social engineering technique taken to the extreme. A terms of service violation? In MMORPG land, the scammers take a theoretically plausible deadline, crunch it into … [Read more...]

Business Email Compromise Discussed on NPR’s Morning Edition

Earlier this week, I heard an interesting interview on NPR’s Morning Edition with a recent victim of Business Email Compromise (BEC), a growing threat that uses social engineering to exploit human nature in order to divert massive amounts of money to cybercriminals. Recent Business Email Compromise Trends show Evolving Tactics First, let’s start with a little background information. In … [Read more...]

Web skimmer phishes credit card data via rogue payment service platform

Heading into the holiday shopping season, we have been tracking increased activity from a threat group registering domains for skimming and phishing campaigns. While most of the campaigns implemented a web skimmer in the typical fashion—grabbing and exfiltrating data from a merchant’s checkout page to an attacker-controlled server—a new attack scheme has emerged that tricks users into … [Read more...]

Microsoft is the most frequently impersonated brand in phishing scams

With hundreds of millions of phishing emails sent each day, we are all familiar with dodgy messages supposedly from a service we use telling us that we need to urgently address some “suspicious activity”.  In fact, we probably receive more phony security alerts than real ones. It’s getting to the point where many of us see an email from our most trusted brands and assume that it’s a scam.  This is … [Read more...]

How to identify and respond to cyber threats

“How can we avoid cyber attacks?” That’s the question every organisation is asking as the threat of cyber crime continues to spiral.  It’s easy to point to solutions like anti-malware software or encrypting sensitive information, but as we explain in this blog, things are rarely that simple.  That’s because threats come in many forms, and it takes a holistic approach to deal with them … [Read more...]

Labs report finds cyberthreats against healthcare increasing while security circles the drain

The team at Malwarebytes Labs is at it again, this time with a special edition of our quarterly CTNT report—Cybercrime tactics and techniques: the 2019 state of healthcare. Over the last year, we gathered global data from our product telemetry, honeypots, threat intelligence, and research efforts, focusing on the top threat categories and families that plagued the medical industry, as well as the … [Read more...]

Recent Business Email Compromise (BEC) Scams are Reminder to Educate Users

Online scams are nothing new. But as email has evolved and improved, so have scammers and the messages they send. Nefarious emails, attachments and links now appear sophisticated and look legitimate, sometimes tricking even the most meticulous user. Billions Lost to Business Email Compromise Over the last three years, organizations all over the world have lost a collective $26B to a very specific … [Read more...]

Help prevent disaster donation scams from causing more misery

It’s a sad day when we have to warn people about medical charity scams, or tax fakeouts, or even have a week dedicated to foiling charity fraud—but here we are. With so many natural disasters occurring, from wildfires in California to tornadoes in Dallas, disaster donation scams remain a top resource for scammers looking for free cash. Unfortunately, disaster donation scams are nothing new. Back … [Read more...]

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomware remains a dominant threat facing … [Read more...]