SCAM OF THE WEEK: You’ve Been Served by a Cybercriminal
Recently, the Better Business Bureau issued a warning that cybercriminals have been posing as process servers. Process servers are people who deliver legal documents. Cybercriminals are impersonating them to try to steal your sensitive information.
In this scam, cybercriminals will call from a restricted number and impersonate a process server. They’ll claim that there is a lawsuit against you over unpaid bills and that you’ll have more legal troubles if you don’t act quickly.
SCAM OF THE WEEK: Phishing with Images
Cybercriminals use images in phishing emails to impersonate real organizations. By using images like official logos and promotional materials, cybercriminals hope to trick you into thinking the email is legitimate.
In a recent scam, cybercriminals have been spoofing Delta Airlines to try to steal sensitive information. The body of the email consists of one large image. The image includes Delta's logo, a photograph of one of their planes, and an image of a gift card. The email has a message promising a gift card if you act fast and click the image. After clicking the image, you’ll be redirected to a malicious website with a login page. If you enter your login credentials, cybercriminals will have access to your sensitive information.
SCAM OF THE WEEK: Call 800-Cybercriminal
Recently, cybercriminals have taken advantage of Soda PDF, a PDF viewing service. Using Soda PDF, cybercriminals are sending malicious PDF files to try to trick you into sharing your phone number and payment information. Because Soda PDF is a legitimate service, this scam can be hard to recognize. So, it's important to learn how to protect yourself and others.
SCAM OF THE WEEK: Getting Chummy with Pretexting
Now more than ever, cybercriminals are using a tactic known as pretexting to catch you off guard. Pretexting is when a cybercriminal impersonates a real person and asks you for help with a fake scenario. They often carry on a conversation with you and use public information to convince you that they are who they claim to be.
SCAM OF THE WEEK: Summer Phishing Trips
It’s summertime in the northern hemisphere, so you know what that means: phishing trips! Recently, statistics from Check Point Research showed an increase in vacation-themed website domains. Of the domains found, an estimated one in every 83 was malicious or suspicious. Cybercriminals use phishing scams to direct you to these dangerous domains.
Scam of the Week: Permission to Hack
Recently, malware researchers discovered a trojan app on the Google Play Store. Trojans are apps or software that appear legitimate but are actually malicious. Thousands of users downloaded this app before knowing it was malicious. So, it’s important to learn how to spot malicious apps.
In this scam, cybercriminals uploaded a malicious screen recording app on the Google Play Store. At first glance, the app appeared to be legitimate, but it actually contained malware designed to steal your information. If you download this app, you’ll be prompted to accept permissions that align with what the app claims to do. However, if you accept these permissions, you’ll grant cybercriminals access to your personal information, such as your location, text messages, and more.
SCAM OF THE WEEK: PayPal Payment Ploy
Recently, cybercriminals have taken advantage of PayPal, the popular international online payment platform. Cybercriminals are spoofing PayPal in order to try and steal your personal or financial information.
In this scam, cybercriminals send you a phishing email saying that one of your PayPal payments didn’t process and that you need to act fast. The email contains a phone number allegedly from PayPal, prompting you to call. This phone call appears legitimate, but it’s actually from cybercriminals spoofing PayPal. If you call this number, cybercriminals can trick you into giving away your personal or financial information.
SCAM OF THE WEEK: Linktree Link Scam
Linktree is a landing page service where businesses and individuals can list multiple links on one page. This service is often used on social media for quick and easy access to multiple webpages. However, cybercriminals can also use Linktree to host malicious links to try to steal your personal information.
In a recent scam, you get a notification that a file has been shared with you by someone you know, but it’s actually a cybercriminal in disguise.
Interview with a Cybercriminal
Recently, Google’s Threat Analysis Group (TAG) published a report about a new tactic that cybercriminals are using in spear phishing attacks. Spear phishing is when cybercriminals send targeted emails impersonating someone you trust to try to steal your sensitive information. Now, cybercriminals are impersonating media outlets and luring you in with a fake interview.
This attack starts with an email impersonating a trusted media outlet. In the email, the cybercriminals ask to interview you and prompt you to click a link with the interview questions. If you click this link, you’ll be redirected to a malicious website with a login prompt. Unfortunately, any login credentials that you enter will be sent directly to the cybercriminals. Then, they'll be able to access your account for their own malicious goals.
SCAM OF THE WEEK: Real Products, Fake Payments
Recently, the US FBI has issued a warning about business email compromise (BEC) attacks by cybercriminals, who are trying to steal physical goods. BEC is when cybercriminals spoof business email accounts and impersonate executives to try and steal information, money, or products from an organization.
In this recent BEC scam, cybercriminals start this attack by sending you phishing emails spoofing the domains of legitimate organizations, pretending to be employees of the organization. In these emails, cybercriminals will ask to buy your business’ products, trying to trick you into thinking they’re making a legitimate business purchase order.
SCAM OF THE WEEK: New Alert! Cybercriminal at Your Door
Ring is a popular brand of security cameras designed for home safety. Unfortunately, Ring customers were the latest victims of a phishing attack. Cybercriminals sent phishing emails spoofed as Ring to try and steal customers’ sensitive information.
Cybercriminals start this attack by sending you a phishing email with an HTML file attached. The email looks like it’s from Ring, and it instructs you to open the file to update your Ring membership. If you click this file, you’ll be redirected to a malicious website that spoofs Ring’s login page. This website prompts you to enter sensitive information, such as your credit card number and social security number. If you enter your information, you’ll be redirected to Ring’s legitimate website, making the email look more real.
SCAM OF THE WEEK: Hiding Behind Namecheap
The web hosting company Namecheap was the latest victim of a combined hacking and phishing attack. In this attack, cybercriminals hacked into SendGrid, Namecheap’s email service. Then, they used SendGrid to impersonate businesses by hacking into their email services.
To start the scam, cybercriminals sent emails with links that led to fake websites. These websites looked real and were even hosted by Namecheap’s web hosting service. If you were to visit these websites, you'd be asked for your personal information, payment details, and login credentials. Unfortunately, cybercriminals could then use this information for their own malicious purposes.
SCAM OF THE WEEK: Is ChatGPT Your Next Financial Advisor?
ChatGPT, an artificial intelligence (AI) chatbot created by OpenAI, has risen in popularity since its release last year. Now, cybercriminals are using ChatGPT’s popularity to lure you into phishing scams. In one of these scams, cybercriminals try to trick you with a fake new ChatGPT feature.
The scam starts with a phishing email informing you that ChatGPT has a new feature to help you invest in the stock market. If you click the link in the email, you’ll be taken to a spoofed ChatGPT website and prompted to enter your contact information. Then, a representative will call you and request that you submit a payment to open your investment account. Unfortunately, if you submit a payment, that money won't help you invest in the stock market. Instead, cybercriminals will steal it to invest in their own malicious pursuits.