SCAM OF THE WEEK: Duolingo Data Leak
Duolingo is a popular online language learning platform that allows users to learn languages and earn certifications. Recently, Duolingo was involved in a data leak, in which cybercriminals stole the names and email addresses stored on the platform. That means 2.6 million users have been impacted by this data leak.
In the coming months, we expect to see an influx of cybercriminals using phishing scams to try to take advantage of Duolingo’s data leak.
SCAM OF THE WEEK: This Barbie Is a Cybercriminal
This past weekend, the Barbie movie grossed over $350 million at the US box office. With so many people invested in seeing this summer blockbuster, theaters are selling out of tickets quickly. Unfortunately, cybercriminals are taking advantage of this scarcity by posting scam links to see the Barbie movie.
SCAM OF THE WEEK: Watch Out for .zip Domains
Recently, .zip top-level domains have become available for public purchase. A top-level domain is the final section of a domain name. So, in knowbe4[dot]com, “.com” is the top-level domain. Unsurprisingly, cybercriminals have begun purchasing and using .zip domains for their own malicious purposes.
SCAM OF THE WEEK: Phishing with Images
Cybercriminals use images in phishing emails to impersonate real organizations. By using images like official logos and promotional materials, cybercriminals hope to trick you into thinking the email is legitimate.
In a recent scam, cybercriminals have been spoofing Delta Airlines to try to steal sensitive information. The body of the email consists of one large image. The image includes Delta's logo, a photograph of one of their planes, and an image of a gift card. The email has a message promising a gift card if you act fast and click the image. After clicking the image, you’ll be redirected to a malicious website with a login page. If you enter your login credentials, cybercriminals will have access to your sensitive information.
SCAM OF THE WEEK: Call 800-Cybercriminal
Recently, cybercriminals have taken advantage of Soda PDF, a PDF viewing service. Using Soda PDF, cybercriminals are sending malicious PDF files to try to trick you into sharing your phone number and payment information. Because Soda PDF is a legitimate service, this scam can be hard to recognize. So, it's important to learn how to protect yourself and others.
SCAM OF THE WEEK: Getting Chummy with Pretexting
Now more than ever, cybercriminals are using a tactic known as pretexting to catch you off guard. Pretexting is when a cybercriminal impersonates a real person and asks you for help with a fake scenario. They often carry on a conversation with you and use public information to convince you that they are who they claim to be.
SCAM OF THE WEEK: Summer Phishing Trips
It’s summertime in the northern hemisphere, so you know what that means: phishing trips! Recently, statistics from Check Point Research showed an increase in vacation-themed website domains. Of the domains found, an estimated one in every 83 was malicious or suspicious. Cybercriminals use phishing scams to direct you to these dangerous domains.
Scam of the Week: Permission to Hack
Recently, malware researchers discovered a trojan app on the Google Play Store. Trojans are apps or software that appear legitimate but are actually malicious. Thousands of users downloaded this app before knowing it was malicious. So, it’s important to learn how to spot malicious apps.
In this scam, cybercriminals uploaded a malicious screen recording app on the Google Play Store. At first glance, the app appeared to be legitimate, but it actually contained malware designed to steal your information. If you download this app, you’ll be prompted to accept permissions that align with what the app claims to do. However, if you accept these permissions, you’ll grant cybercriminals access to your personal information, such as your location, text messages, and more.
SCAM OF THE WEEK: Linktree Link Scam
Linktree is a landing page service where businesses and individuals can list multiple links on one page. This service is often used on social media for quick and easy access to multiple webpages. However, cybercriminals can also use Linktree to host malicious links to try to steal your personal information.
In a recent scam, you get a notification that a file has been shared with you by someone you know, but it’s actually a cybercriminal in disguise.
SCAM OF THE WEEK: AI Phishbait
Artificial intelligence (AI) has become increasingly popular in the past year. Many people have started using AI chatbots like ChatGPT or Google Bard. Unfortunately, cybercriminals are taking advantage of AI’s popularity to steal your information.
In a recent scam, cybercriminals created fake Facebook ads for free downloads of AI products. If you click one of these ads, you’ll be prompted to download a fake file. Once you download the file, malware will be activated on your device. Cybercriminals can use this malware to steal sensitive information, such as your credit card numbers and passwords.
Interview with a Cybercriminal
Recently, Google’s Threat Analysis Group (TAG) published a report about a new tactic that cybercriminals are using in spear phishing attacks. Spear phishing is when cybercriminals send targeted emails impersonating someone you trust to try to steal your sensitive information. Now, cybercriminals are impersonating media outlets and luring you in with a fake interview.
This attack starts with an email impersonating a trusted media outlet. In the email, the cybercriminals ask to interview you and prompt you to click a link with the interview questions. If you click this link, you’ll be redirected to a malicious website with a login prompt. Unfortunately, any login credentials that you enter will be sent directly to the cybercriminals. Then, they'll be able to access your account for their own malicious goals.
SCAM OF THE WEEK: Real Products, Fake Payments
Recently, the US FBI has issued a warning about business email compromise (BEC) attacks by cybercriminals, who are trying to steal physical goods. BEC is when cybercriminals spoof business email accounts and impersonate executives to try and steal information, money, or products from an organization.
In this recent BEC scam, cybercriminals start this attack by sending you phishing emails spoofing the domains of legitimate organizations, pretending to be employees of the organization. In these emails, cybercriminals will ask to buy your business’ products, trying to trick you into thinking they’re making a legitimate business purchase order.
SCAM OF THE WEEK: New Alert! Cybercriminal at Your Door
Ring is a popular brand of security cameras designed for home safety. Unfortunately, Ring customers were the latest victims of a phishing attack. Cybercriminals sent phishing emails spoofed as Ring to try and steal customers’ sensitive information.
Cybercriminals start this attack by sending you a phishing email with an HTML file attached. The email looks like it’s from Ring, and it instructs you to open the file to update your Ring membership. If you click this file, you’ll be redirected to a malicious website that spoofs Ring’s login page. This website prompts you to enter sensitive information, such as your credit card number and social security number. If you enter your information, you’ll be redirected to Ring’s legitimate website, making the email look more real.
SCAM OF THE WEEK: Hiding Behind Namecheap
The web hosting company Namecheap was the latest victim of a combined hacking and phishing attack. In this attack, cybercriminals hacked into SendGrid, Namecheap’s email service. Then, they used SendGrid to impersonate businesses by hacking into their email services.
To start the scam, cybercriminals sent emails with links that led to fake websites. These websites looked real and were even hosted by Namecheap’s web hosting service. If you were to visit these websites, you'd be asked for your personal information, payment details, and login credentials. Unfortunately, cybercriminals could then use this information for their own malicious purposes.
SCAM OF THE WEEK: Is ChatGPT Your Next Financial Advisor?
ChatGPT, an artificial intelligence (AI) chatbot created by OpenAI, has risen in popularity since its release last year. Now, cybercriminals are using ChatGPT’s popularity to lure you into phishing scams. In one of these scams, cybercriminals try to trick you with a fake new ChatGPT feature.
The scam starts with a phishing email informing you that ChatGPT has a new feature to help you invest in the stock market. If you click the link in the email, you’ll be taken to a spoofed ChatGPT website and prompted to enter your contact information. Then, a representative will call you and request that you submit a payment to open your investment account. Unfortunately, if you submit a payment, that money won't help you invest in the stock market. Instead, cybercriminals will steal it to invest in their own malicious pursuits.