Scam of the Week: Phony Utility Ads
Search engines, like Google, are so popular that many people use the search feature instead of typing a URL. For instance, people may quickly search for their electricity provider's name to find the online payment portal. And for this week's scam, that's exactly what cybercriminals want you to do. This scam tries to trick you into clicking on a fake ad instead of the billing portal that you’re trying to find. The scammers purchase a variety of fake utility payment advertisements, and you see those ads during your searches. They know that they can trick you more easily if you contact them instead of them reaching out to you.
Scam of the Week: Deepfake Deception
AI scams are becoming more frequent, and they’re also becoming more sophisticated. In a recent scam, cybercriminals demonstrated just how convincing AI fraud can be by faking an entire video call. In fact, the scammers were able to steal over 200 million Hong Kong dollars by emailing an employee and pretending to be their organization’s Chief Financial Officer (CFO).
Scam of the Week: These Crypto Ads are a Real Drain
Have you seen online ads stating you can make tons of money with cryptocurrency? Be careful –many of these ads are scams. Social engineers want to make you think you can get rich quickly. But they are trying to trick you into providing personal information.
Scam of the Week: Ransoming Businesses Is a Successful Business
On Christmas Eve, cybercriminals targeted three hospitals in Germany using Lockbit 3.0 ransomware. Ransomware is a type of malicious software that infects computers and networks. It holds data and other sensitive information “hostage” in exchange for payment. If you refuse to meet their payment demands, the cybercriminals could destroy the files. Or they could make them available to the public, resulting in data theft and leaks of sensitive information.
SCAM OF THE WEEK: An Early Tax Reminder From the IRS
The US Internal Revenue Service (IRS) recently held the eighth annual Security Summit. The IRS concluded the summit with a reminder to stay alert during the upcoming tax season. Specifically, they warned taxpayers and tax professionals to watch for phishing and smishing scams.
SCAM OF THE WEEK: Post-Shopping Scams
Have you finished your holiday shopping yet? Because cybercriminals are just getting started. There are thousands of shopping-themed scams this time of year, but those scams don’t end when your cart is empty. Cybercriminals continue to target shoppers with urgent phishing emails about their recent purchases.
SCAM OF THE WEEK: Unbottling the Soda Phish
A recent phishing scam discovered by INKY researchers is an example of how well-known name brands can be used to deceive unsuspecting users. This scam begins with a seemingly harmless email from an employee at PepsiCo requesting a quote to purchase something your organization is selling and includes a malicious file attachment disguised as a Request for Quote (RFQ). An RFQ is a simple way for an organization to ask different suppliers how much they would charge for a specific good or service.
SCAM OF THE WEEK: Job Offer or Digital Danger?
Recently, cybercriminal groups in Vietnam have been targeting individuals by sharing fake job postings. According to WithSecure experts, these groups are primarily targeting the digital marketing sector and Facebook business accounts. These fake job postings are used to spread known malware such as DarkGate and Ducktail.
In this scam, cybercriminals use LinkedIn messenger to send you a link to a fake job description.
SCAM OF THE WEEK: Scams Related to the Israel-Hamas War
The recent Israel-Hamas war has made headlines worldwide. As usual, cybercriminals have been quick to take advantage of the dreadful news. Cybercriminals often use high-profile news events for disinformation campaigns, which include false information designed to intentionally mislead you.
SCAM OF THE WEEK: This LastPass Scam Is So Last Year
Last year, the popular password manager LastPass was the victim of a data breach. Because of this, cybercriminals have access to the names, email addresses, and phone numbers of LastPass’s customers. Since the breach, cybercriminals have been using LastPass’s data breach in various cyberattacks
SCAM OF THE WEEK: Smishy Package Failed to Deliver
Recently, cybercriminals have been impersonating postal services around the world through SMS phishing (smishing) scams. These postal services include the US Postal Service, UK Royal Mail, Correos in Spain, and Poste Italiane in Italy.
In this scam, cybercriminals send you a text message impersonating the postal service in your country. The text contains a link and says that your package can’t be delivered until you provide additional information. If you tap the link, you’ll be taken to a spoofed postal service website that prompts you to enter your credit card details so your package can be delivered. If you enter your credit card details, cybercriminals could steal your money or personal information.
SCAM OF THE WEEK: Bet on Cybercriminals
MGM Resorts International is an American hospitality and entertainment organization. This past week, MGM made headlines with the news of a cyberattack costing over 52 million dollars in lost revenue. Nearly all of MGM’s hotels, casinos, and ATMs went offline. This massive attack started with a simple social engineering scam.
SCAM OF THE WEEK: Watch Out for .us Domains
The Interisle Consulting Group has published a report that cybercriminals have been using over 20,000 .us top-level domains in phishing attacks. A top-level domain is the final section of a domain name, such as “.com” in “knowbe4[.]com”.
SCAM OF THE WEEK: Scan Here to Get Phished
A QR code is a scannable image that leads to a specific website. More and more businesses are using QR codes. For example, some restaurants use QR codes instead of physical menus. As QR codes become more popular, cybercriminals are also using them for their malicious purposes.
SCAM OF THE WEEK: Duolingo Data Leak
Duolingo is a popular online language learning platform that allows users to learn languages and earn certifications. Recently, Duolingo was involved in a data leak, in which cybercriminals stole the names and email addresses stored on the platform. That means 2.6 million users have been impacted by this data leak.
In the coming months, we expect to see an influx of cybercriminals using phishing scams to try to take advantage of Duolingo’s data leak.
SCAM OF THE WEEK: X Marks the Spot for Cybercrime
The social media platform Twitter recently announced that the platform would be renamed and rebranded as “X”. As a result, the monthly subscription for a blue verification checkmark will be renamed from "Twitter Blue" to "X Premium.” Cybercriminals view major platform changes like these as an opportunity to try to exploit uncertainty and steal your sensitive information.
SCAM OF THE WEEK: Active Scams on Inactive Accounts
Recently, Google announced a change to its inactive account policies. Starting in December 2023, accounts that have been inactive for two or more years will start to get deleted. While this policy is meant to enhance security, cybercriminals could use this news for their phishing scams.
SCAM OF THE WEEK: This Barbie Is a Cybercriminal
This past weekend, the Barbie movie grossed over $350 million at the US box office. With so many people invested in seeing this summer blockbuster, theaters are selling out of tickets quickly. Unfortunately, cybercriminals are taking advantage of this scarcity by posting scam links to see the Barbie movie.
SCAM OF THE WEEK: Watch Out for .zip Domains
Recently, .zip top-level domains have become available for public purchase. A top-level domain is the final section of a domain name. So, in knowbe4[dot]com, “.com” is the top-level domain. Unsurprisingly, cybercriminals have begun purchasing and using .zip domains for their own malicious purposes.
SCAM OF THE WEEK: You’ve Been Served by a Cybercriminal
Recently, the Better Business Bureau issued a warning that cybercriminals have been posing as process servers. Process servers are people who deliver legal documents. Cybercriminals are impersonating them to try to steal your sensitive information.
In this scam, cybercriminals will call from a restricted number and impersonate a process server. They’ll claim that there is a lawsuit against you over unpaid bills and that you’ll have more legal troubles if you don’t act quickly.