SCAM OF THE WEEK: An Early Tax Reminder From the IRS
The US Internal Revenue Service (IRS) recently held the eighth annual Security Summit. The IRS concluded the summit with a reminder to stay alert during the upcoming tax season. Specifically, they warned taxpayers and tax professionals to watch for phishing and smishing scams.
SCAM OF THE WEEK: Post-Shopping Scams
Have you finished your holiday shopping yet? Because cybercriminals are just getting started. There are thousands of shopping-themed scams this time of year, but those scams don’t end when your cart is empty. Cybercriminals continue to target shoppers with urgent phishing emails about their recent purchases.
SCAM OF THE WEEK: Unbottling the Soda Phish
A recent phishing scam discovered by INKY researchers is an example of how well-known name brands can be used to deceive unsuspecting users. This scam begins with a seemingly harmless email from an employee at PepsiCo requesting a quote to purchase something your organization is selling and includes a malicious file attachment disguised as a Request for Quote (RFQ). An RFQ is a simple way for an organization to ask different suppliers how much they would charge for a specific good or service.
SCAM OF THE WEEK: Job Offer or Digital Danger?
Recently, cybercriminal groups in Vietnam have been targeting individuals by sharing fake job postings. According to WithSecure experts, these groups are primarily targeting the digital marketing sector and Facebook business accounts. These fake job postings are used to spread known malware such as DarkGate and Ducktail.
In this scam, cybercriminals use LinkedIn messenger to send you a link to a fake job description.
SCAM OF THE WEEK: Scams Related to the Israel-Hamas War
The recent Israel-Hamas war has made headlines worldwide. As usual, cybercriminals have been quick to take advantage of the dreadful news. Cybercriminals often use high-profile news events for disinformation campaigns, which include false information designed to intentionally mislead you.
SCAM OF THE WEEK: This LastPass Scam Is So Last Year
Last year, the popular password manager LastPass was the victim of a data breach. Because of this, cybercriminals have access to the names, email addresses, and phone numbers of LastPass’s customers. Since the breach, cybercriminals have been using LastPass’s data breach in various cyberattacks
SCAM OF THE WEEK: Smishy Package Failed to Deliver
Recently, cybercriminals have been impersonating postal services around the world through SMS phishing (smishing) scams. These postal services include the US Postal Service, UK Royal Mail, Correos in Spain, and Poste Italiane in Italy.
In this scam, cybercriminals send you a text message impersonating the postal service in your country. The text contains a link and says that your package can’t be delivered until you provide additional information. If you tap the link, you’ll be taken to a spoofed postal service website that prompts you to enter your credit card details so your package can be delivered. If you enter your credit card details, cybercriminals could steal your money or personal information.
SCAM OF THE WEEK: Bet on Cybercriminals
MGM Resorts International is an American hospitality and entertainment organization. This past week, MGM made headlines with the news of a cyberattack costing over 52 million dollars in lost revenue. Nearly all of MGM’s hotels, casinos, and ATMs went offline. This massive attack started with a simple social engineering scam.
SCAM OF THE WEEK: Watch Out for .us Domains
The Interisle Consulting Group has published a report that cybercriminals have been using over 20,000 .us top-level domains in phishing attacks. A top-level domain is the final section of a domain name, such as “.com” in “knowbe4[.]com”.
SCAM OF THE WEEK: Scan Here to Get Phished
A QR code is a scannable image that leads to a specific website. More and more businesses are using QR codes. For example, some restaurants use QR codes instead of physical menus. As QR codes become more popular, cybercriminals are also using them for their malicious purposes.
SCAM OF THE WEEK: Duolingo Data Leak
Duolingo is a popular online language learning platform that allows users to learn languages and earn certifications. Recently, Duolingo was involved in a data leak, in which cybercriminals stole the names and email addresses stored on the platform. That means 2.6 million users have been impacted by this data leak.
In the coming months, we expect to see an influx of cybercriminals using phishing scams to try to take advantage of Duolingo’s data leak.
SCAM OF THE WEEK: X Marks the Spot for Cybercrime
The social media platform Twitter recently announced that the platform would be renamed and rebranded as “X”. As a result, the monthly subscription for a blue verification checkmark will be renamed from "Twitter Blue" to "X Premium.” Cybercriminals view major platform changes like these as an opportunity to try to exploit uncertainty and steal your sensitive information.
SCAM OF THE WEEK: Active Scams on Inactive Accounts
Recently, Google announced a change to its inactive account policies. Starting in December 2023, accounts that have been inactive for two or more years will start to get deleted. While this policy is meant to enhance security, cybercriminals could use this news for their phishing scams.
SCAM OF THE WEEK: This Barbie Is a Cybercriminal
This past weekend, the Barbie movie grossed over $350 million at the US box office. With so many people invested in seeing this summer blockbuster, theaters are selling out of tickets quickly. Unfortunately, cybercriminals are taking advantage of this scarcity by posting scam links to see the Barbie movie.
SCAM OF THE WEEK: Watch Out for .zip Domains
Recently, .zip top-level domains have become available for public purchase. A top-level domain is the final section of a domain name. So, in knowbe4[dot]com, “.com” is the top-level domain. Unsurprisingly, cybercriminals have begun purchasing and using .zip domains for their own malicious purposes.
SCAM OF THE WEEK: You’ve Been Served by a Cybercriminal
Recently, the Better Business Bureau issued a warning that cybercriminals have been posing as process servers. Process servers are people who deliver legal documents. Cybercriminals are impersonating them to try to steal your sensitive information.
In this scam, cybercriminals will call from a restricted number and impersonate a process server. They’ll claim that there is a lawsuit against you over unpaid bills and that you’ll have more legal troubles if you don’t act quickly.
SCAM OF THE WEEK: Phishing with Images
Cybercriminals use images in phishing emails to impersonate real organizations. By using images like official logos and promotional materials, cybercriminals hope to trick you into thinking the email is legitimate.
In a recent scam, cybercriminals have been spoofing Delta Airlines to try to steal sensitive information. The body of the email consists of one large image. The image includes Delta's logo, a photograph of one of their planes, and an image of a gift card. The email has a message promising a gift card if you act fast and click the image. After clicking the image, you’ll be redirected to a malicious website with a login page. If you enter your login credentials, cybercriminals will have access to your sensitive information.
SCAM OF THE WEEK: Call 800-Cybercriminal
Recently, cybercriminals have taken advantage of Soda PDF, a PDF viewing service. Using Soda PDF, cybercriminals are sending malicious PDF files to try to trick you into sharing your phone number and payment information. Because Soda PDF is a legitimate service, this scam can be hard to recognize. So, it's important to learn how to protect yourself and others.
SCAM OF THE WEEK: Getting Chummy with Pretexting
Now more than ever, cybercriminals are using a tactic known as pretexting to catch you off guard. Pretexting is when a cybercriminal impersonates a real person and asks you for help with a fake scenario. They often carry on a conversation with you and use public information to convince you that they are who they claim to be.
Scam of the Week: Permission to Hack
Recently, malware researchers discovered a trojan app on the Google Play Store. Trojans are apps or software that appear legitimate but are actually malicious. Thousands of users downloaded this app before knowing it was malicious. So, it’s important to learn how to spot malicious apps.
In this scam, cybercriminals uploaded a malicious screen recording app on the Google Play Store. At first glance, the app appeared to be legitimate, but it actually contained malware designed to steal your information. If you download this app, you’ll be prompted to accept permissions that align with what the app claims to do. However, if you accept these permissions, you’ll grant cybercriminals access to your personal information, such as your location, text messages, and more.