SCAM OF THE WEEK: PayPal Payment Ploy
Recently, cybercriminals have taken advantage of PayPal, the popular international online payment platform. Cybercriminals are spoofing PayPal in order to try and steal your personal or financial information.
In this scam, cybercriminals send you a phishing email saying that one of your PayPal payments didn’t process and that you need to act fast. The email contains a phone number allegedly from PayPal, prompting you to call. This phone call appears legitimate, but it’s actually from cybercriminals spoofing PayPal. If you call this number, cybercriminals can trick you into giving away your personal or financial information.
SCAM OF THE WEEK: Linktree Link Scam
Linktree is a landing page service where businesses and individuals can list multiple links on one page. This service is often used on social media for quick and easy access to multiple webpages. However, cybercriminals can also use Linktree to host malicious links to try to steal your personal information.
In a recent scam, you get a notification that a file has been shared with you by someone you know, but it’s actually a cybercriminal in disguise.
SCAM OF THE WEEK: AI Phishbait
Artificial intelligence (AI) has become increasingly popular in the past year. Many people have started using AI chatbots like ChatGPT or Google Bard. Unfortunately, cybercriminals are taking advantage of AI’s popularity to steal your information.
In a recent scam, cybercriminals created fake Facebook ads for free downloads of AI products. If you click one of these ads, you’ll be prompted to download a fake file. Once you download the file, malware will be activated on your device. Cybercriminals can use this malware to steal sensitive information, such as your credit card numbers and passwords.
Interview with a Cybercriminal
Recently, Google’s Threat Analysis Group (TAG) published a report about a new tactic that cybercriminals are using in spear phishing attacks. Spear phishing is when cybercriminals send targeted emails impersonating someone you trust to try to steal your sensitive information. Now, cybercriminals are impersonating media outlets and luring you in with a fake interview.
This attack starts with an email impersonating a trusted media outlet. In the email, the cybercriminals ask to interview you and prompt you to click a link with the interview questions. If you click this link, you’ll be redirected to a malicious website with a login prompt. Unfortunately, any login credentials that you enter will be sent directly to the cybercriminals. Then, they'll be able to access your account for their own malicious goals.
SCAM OF THE WEEK: Real Products, Fake Payments
Recently, the US FBI has issued a warning about business email compromise (BEC) attacks by cybercriminals, who are trying to steal physical goods. BEC is when cybercriminals spoof business email accounts and impersonate executives to try and steal information, money, or products from an organization.
In this recent BEC scam, cybercriminals start this attack by sending you phishing emails spoofing the domains of legitimate organizations, pretending to be employees of the organization. In these emails, cybercriminals will ask to buy your business’ products, trying to trick you into thinking they’re making a legitimate business purchase order.
SCAM OF THE WEEK: New Alert! Cybercriminal at Your Door
Ring is a popular brand of security cameras designed for home safety. Unfortunately, Ring customers were the latest victims of a phishing attack. Cybercriminals sent phishing emails spoofed as Ring to try and steal customers’ sensitive information.
Cybercriminals start this attack by sending you a phishing email with an HTML file attached. The email looks like it’s from Ring, and it instructs you to open the file to update your Ring membership. If you click this file, you’ll be redirected to a malicious website that spoofs Ring’s login page. This website prompts you to enter sensitive information, such as your credit card number and social security number. If you enter your information, you’ll be redirected to Ring’s legitimate website, making the email look more real.
SCAM OF THE WEEK: Hiding Behind Namecheap
The web hosting company Namecheap was the latest victim of a combined hacking and phishing attack. In this attack, cybercriminals hacked into SendGrid, Namecheap’s email service. Then, they used SendGrid to impersonate businesses by hacking into their email services.
To start the scam, cybercriminals sent emails with links that led to fake websites. These websites looked real and were even hosted by Namecheap’s web hosting service. If you were to visit these websites, you'd be asked for your personal information, payment details, and login credentials. Unfortunately, cybercriminals could then use this information for their own malicious purposes.
SCAM OF THE WEEK: Is ChatGPT Your Next Financial Advisor?
ChatGPT, an artificial intelligence (AI) chatbot created by OpenAI, has risen in popularity since its release last year. Now, cybercriminals are using ChatGPT’s popularity to lure you into phishing scams. In one of these scams, cybercriminals try to trick you with a fake new ChatGPT feature.
The scam starts with a phishing email informing you that ChatGPT has a new feature to help you invest in the stock market. If you click the link in the email, you’ll be taken to a spoofed ChatGPT website and prompted to enter your contact information. Then, a representative will call you and request that you submit a payment to open your investment account. Unfortunately, if you submit a payment, that money won't help you invest in the stock market. Instead, cybercriminals will steal it to invest in their own malicious pursuits.