Scam of the Week: These Crypto Ads are a Real Drain
Have you seen online ads stating you can make tons of money with cryptocurrency? Be careful –many of these ads are scams. Social engineers want to make you think you can get rich quickly. But they are trying to trick you into providing personal information.
Scam of the Week: Ransoming Businesses Is a Successful Business
On Christmas Eve, cybercriminals targeted three hospitals in Germany using Lockbit 3.0 ransomware. Ransomware is a type of malicious software that infects computers and networks. It holds data and other sensitive information “hostage” in exchange for payment. If you refuse to meet their payment demands, the cybercriminals could destroy the files. Or they could make them available to the public, resulting in data theft and leaks of sensitive information.
SCAM OF THE WEEK: An Early Tax Reminder From the IRS
The US Internal Revenue Service (IRS) recently held the eighth annual Security Summit. The IRS concluded the summit with a reminder to stay alert during the upcoming tax season. Specifically, they warned taxpayers and tax professionals to watch for phishing and smishing scams.
SCAM OF THE WEEK: Disney+ Phishing Deal
Callback phishing is when a phishing email directs you to call a number instead of clicking on a link. These emails are often fake notifications that encourage you to make a call to correct an error. A recent scam impersonating the popular streaming service Disney+ is a great example of this tactic.
SCAM OF THE WEEK: Post-Shopping Scams
Have you finished your holiday shopping yet? Because cybercriminals are just getting started. There are thousands of shopping-themed scams this time of year, but those scams don’t end when your cart is empty. Cybercriminals continue to target shoppers with urgent phishing emails about their recent purchases.
SCAM OF THE WEEK: Unbottling the Soda Phish
A recent phishing scam discovered by INKY researchers is an example of how well-known name brands can be used to deceive unsuspecting users. This scam begins with a seemingly harmless email from an employee at PepsiCo requesting a quote to purchase something your organization is selling and includes a malicious file attachment disguised as a Request for Quote (RFQ). An RFQ is a simple way for an organization to ask different suppliers how much they would charge for a specific good or service.
SCAM OF THE WEEK: Amazon’s Not-So-Real Alerts
Have you noticed any suspicious PDF attachments in your Microsoft Outlook recently? There has been a surge in phishing emails with PDF attachments sent to Outlook users over the last several months. Many of these emails are Amazon-themed phishing scams that are focused on targeting Outlook users in North America, Southern Europe, and Asia.
SCAM OF THE WEEK: Scams Related to the Israel-Hamas War
The recent Israel-Hamas war has made headlines worldwide. As usual, cybercriminals have been quick to take advantage of the dreadful news. Cybercriminals often use high-profile news events for disinformation campaigns, which include false information designed to intentionally mislead you.
SCAM OF THE WEEK: This LastPass Scam Is So Last Year
Last year, the popular password manager LastPass was the victim of a data breach. Because of this, cybercriminals have access to the names, email addresses, and phone numbers of LastPass’s customers. Since the breach, cybercriminals have been using LastPass’s data breach in various cyberattacks
SCAM OF THE WEEK: Smishy Package Failed to Deliver
Recently, cybercriminals have been impersonating postal services around the world through SMS phishing (smishing) scams. These postal services include the US Postal Service, UK Royal Mail, Correos in Spain, and Poste Italiane in Italy.
In this scam, cybercriminals send you a text message impersonating the postal service in your country. The text contains a link and says that your package can’t be delivered until you provide additional information. If you tap the link, you’ll be taken to a spoofed postal service website that prompts you to enter your credit card details so your package can be delivered. If you enter your credit card details, cybercriminals could steal your money or personal information.
SCAM OF THE WEEK: Watch Out for .us Domains
The Interisle Consulting Group has published a report that cybercriminals have been using over 20,000 .us top-level domains in phishing attacks. A top-level domain is the final section of a domain name, such as “.com” in “knowbe4[.]com”.
SCAM OF THE WEEK: Scan Here to Get Phished
A QR code is a scannable image that leads to a specific website. More and more businesses are using QR codes. For example, some restaurants use QR codes instead of physical menus. As QR codes become more popular, cybercriminals are also using them for their malicious purposes.
Data Loss Disasters Come in Many Forms
Data loss disasters come in many forms, ranging from full-scale natural calamities to cyberattacks and even simple human errors. Disasters can bring businesses to a grinding halt. Apart from financial and reputational damage, failing to protect valuable data can also result in expensive lawsuits.
5 Ways to Combine Compliance & Cybersecurity Best Practices to Improve Outcomes
Compliance and security are equally crucial for the seamless operation of your business. Although security is a prime component of compliance, compliance is not the same as security. Both are interconnected but still different.
While compliance helps your business meet industry or government regulations, security protects the integrity of your business and its sensitive data.
SCAM OF THE WEEK: Duolingo Data Leak
Duolingo is a popular online language learning platform that allows users to learn languages and earn certifications. Recently, Duolingo was involved in a data leak, in which cybercriminals stole the names and email addresses stored on the platform. That means 2.6 million users have been impacted by this data leak.
In the coming months, we expect to see an influx of cybercriminals using phishing scams to try to take advantage of Duolingo’s data leak.
8 Elements of a Business Impact Analysis for Compliance
A compliance program helps businesses like yours minimize risk and increase business efficiencies. It also ensures that your business complies with relevant laws and industry regulations.
An essential element of an effective compliance program is Business Impact Analysis (BIA). It measures the impact of a disruption (due to an accident, disaster, etc.) on critical business operations.
SCAM OF THE WEEK: X Marks the Spot for Cybercrime
The social media platform Twitter recently announced that the platform would be renamed and rebranded as “X”. As a result, the monthly subscription for a blue verification checkmark will be renamed from "Twitter Blue" to "X Premium.” Cybercriminals view major platform changes like these as an opportunity to try to exploit uncertainty and steal your sensitive information.
SCAM OF THE WEEK: Active Scams on Inactive Accounts
Recently, Google announced a change to its inactive account policies. Starting in December 2023, accounts that have been inactive for two or more years will start to get deleted. While this policy is meant to enhance security, cybercriminals could use this news for their phishing scams.
SCAM OF THE WEEK: This Barbie Is a Cybercriminal
This past weekend, the Barbie movie grossed over $350 million at the US box office. With so many people invested in seeing this summer blockbuster, theaters are selling out of tickets quickly. Unfortunately, cybercriminals are taking advantage of this scarcity by posting scam links to see the Barbie movie.
SCAM OF THE WEEK: Watch Out for .zip Domains
Recently, .zip top-level domains have become available for public purchase. A top-level domain is the final section of a domain name. So, in knowbe4[dot]com, “.com” is the top-level domain. Unsurprisingly, cybercriminals have begun purchasing and using .zip domains for their own malicious purposes.