dcsimg

Sophisticated phishing: a roundup of noteworthy campaigns

Phishing is a problem nearly as old as the Internet. Yet, criminals continue to reach into their bag of phishing tricks in 2019 because, in a nutshell, it just works. Dialing into the human psyche and capitalizing on emotions such as fear, anxiety, or plain laziness, phishing attacks are successful because they take aim at our weaknesses and exploit them—in much the same way an exploit kit takes … [Read more...]

Sextortion Bitcoin scam makes unwelcome return

Heads up: a particularly nasty sextortion Bitcoin scam from at least the middle of 2018 is making the rounds once again. The scam involves making use of old breach dumps, then emailing someone from the list and reminding them of their old password. When something lands in your mailbox with “Hey, remember this?” it’s a surefire way to focus the reader’s attention. Pressure is then applied to … [Read more...]

Movie stream ebooks gun for John Wick 3 on Kindle store

We discovered a novel spam campaign over the weekend, targeting fans of John Wick on the Amazon Kindle store. The scam itself involves paying for what appears to be the upcoming third movie, turns into a bogus ebook, and goes on to hyperlink potential victims to a collection of third-party websites. How does this begin? With a dog, a grieving assassin, and a pencil. Actually, it begins with me … [Read more...]

Sly criminals package ransomware with malicious ransom note

Ransomware continues to show signs of evolution. From a simple screen locker to a highly-sophisticated data locker, ransomware has now become a mainstream name, even if (historically), it has been around far longer than we want to look back. Although the criminals behind ransomware campaigns are observed to be refining their approaches—from the “spray and pray” tactic to something akin to wide … [Read more...]

Has two-factor authentication been defeated? A spotlight on 2FA’s latest challenge

Multiple news reports about the defeat of two-factor authentication (2FA) have been making rounds lately. In November 2018, our friends at ESET discovered a purported Android battery utility tool called “Optimization Android” from a third-party app store. This app was designed to steal money from a user’s PayPal account without relying on stolen credentials. It operates by modifying a device’s … [Read more...]

Social Security Number scammers are at it again

The Federal Trade Commission (FTC) once again sounded the alarm in mid-December about the latest Social Security Number (SSN) scam that continues to affect thousands of Americans. While most of us were only able to read about this type of scam in the past, the FTC now has an audio recording of an SSN scam robocall, which they released two weeks after the warning. Play the audio below and … [Read more...]

This online quiz is now confirmed to be a phishing scam

Ah, online quizzes. Many of us know that they can be somewhat dodgy and nonsense, really—but that doesn’t stop us from clicking the “Start quiz” button anyway. Besides, you have time to kill, and there are only three questions to answer, right? The right kind of wrong Phishing attacks don’t always start in your email inboxes anymore. Whether you’re on a desktop, laptop, tablet, or smartphone, … [Read more...]

Flurry of new Mac malware drops in December

Last week, we wrote about a new piece of malware called DarthMiner. It turns out there was more to be seen, as not just one but two additional pieces of malware had been spotted. The first was identified by Microsoft’s John Lambert and analyzed by Objective-See’s Patrick Wardle, and the second was found by Malwarebytes’ Adam Thomas. A Word document with a malicious macro Lambert … [Read more...]

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Click to enlarge The mail reads as follows: Hello, Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person … [Read more...]

Spoofed addresses and anonymous sending: new Gmail bugs make for easy pickings

Tim Cotten, a software developer from Washington, DC, was responding to a request for help from a female colleague last week, who believed that her Gmail account has been hacked, when he discovered something phishy. The evidence presented was several emails in her Sent folder, purportedly sent by her to herself. Cotten was stunned when, upon initial diagnosis, he found that those sent emails … [Read more...]