The Federal Trade Commission (FTC) is warning of a new phishing scam reeling in Netflix customers and stealing their payment information. The spotted scam purports to be an email from Netflix.
“Police in Ohio shared a screenshot of a phishing email designed to steal personal information,” said Colleen Tressler, consumer education specialist with the FTC in a post. “The email claims the user’s account is on hold because Netflix is ‘having some trouble with your current billing information’ and invites the user to click on a link to update their payment method.” In reality, the bad actors who sent the email are pocketing that payment information.
Read more about the new Netflix phishing scam on Threatpost.
Emails are going around that may make you think you won a free 2018 BMW 2 Series M240i for the holidays, but the reality is that you just received a scam email that is trying to gather your personal information.
A scam email campaign is underway that states you won a new car through a BMW Lottery. These scam emails will have subject lines similar to “Claim Your Car and Check With your Winning Code”.
This new tech support scam variant was reported in a Google Chrome bug report that states that once a user visits the page, the CPU utilization quickly goes to 100%. This makes it impossible to close the tab, the browser, or properly use the computer until the Chrome process is killed.
US law enforcement authorities are urging Americans to remain calm after a massive spam campaign carrying bomb threats has scared people and caused building evacuations all day across the country. The source of all problems is a spam campaign that got underway today, and which was sent to millions of email inboxes, primarily in the US.
The emails had different subject lines and various text variations, but all carried the same threat. Extortionists threatened to blow up a person’s workplace or building unless the person paid the equivalent of $20,000 in Bitcoin to a specified Bitcoin address.
Read more about the disturbing bomb threat spam campaign on ZDNet.
A fake Volkswagen campaign is making its way across social media platforms, luring in victims with promises of a free Volkswagen car giveaway – but instead redirecting them to third-party ad servers.
Victims are first sent messages via WhatsApp or Facebook, purporting to be from Volkswagen and claiming it will give away up 20 free cars until the end of the year, researchers with Sucuri said. Targets of the scam are instructed to participate in the contest by clicking a link embedded in the message. However, the link attached to the messages sent via social media does not appear to collect personal information – but instead tries to re-direct victims to various advertising networks.
Read more about the Volkswagen scam campaign on Threatpost.
With cyber threats rampant between Black Friday and Christmas, security experts are warning of a wave of business-style email scams hitting inboxes designed to appeal to holiday shoppers.
Attacks involve scam messages purporting to be gift card deals or links to corporate donations. According to researchers at Proofpoint, the style, technique and nature of the email scams follow a pattern of what are known as business email compromise (BEC) scams. Instead of tricking targets with fake invoices, holiday-themed BEC emails entice victims to click on malware laced gift-card offers or to donate to a fake charitable cause along with other corporate coworkers.
Read more about the new holiday-themed BEC scams on ThreatPost.
Multiple apps posing as fitness-tracking tools were caught misusing Apple’s Touch ID feature to steal money from iOS users. The dodgy payment mechanism used by the apps is activated while victims are scanning their fingerprint seemingly for fitness-tracking purposes.
There are many apps that promise to assist users on the way to a healthier lifestyle. The bogus apps were, until recently, available in the Apple App Store. The apps were called “Fitness Balance app” and “Calories Tracker app”, and at first glance appeared to put users on the road to fitness – they could calculate the BMI, track daily calorie intake, or remind users to drink more water. These services, however, came with an unexpectedly hefty price tag, according to Reddit users.
Hundreds of military service members reportedly got caught up in a sextortion scam run by prison inmates using cellphones, according to a release issued by the Naval Criminal Investigative Service (NCIS).
According to the NCIS, South Carolina and North Carolina prison inmates, assisted by outside accomplices, sought out service members through dating sites and social media, then took on false identities, feigned romantic interest, and exchanged photos. Once the inmates had successfully catfished their targets, they would then pose as the father of the fake persona, insisting their child was underage and demanding money from the target.
Read more about the massive sextortion scam on Gizmodo.
Last week, local law enforcement officials in India raided 16 call centers identified by Microsoft as engaging in tech support fraud, pretending to be affiliated with companies including Microsoft, Apple, Google, Dell, and HP. Thirty-nine have been arrested so far.
In a New York Times report, Ajay Pal, senior superintendent of police, said the scammers took money from thousands of primarily American and Canadian victims. Microsoft has received more than 7,000 victim reports from the 16 locations, which are spread over 15 countries.
Read more about the tech support fraud crackdown on DarkReading.
Shopify predicts that online holiday sales in 2018 will be $23 billion greater than in 2017. As the number of online shoppers increases, the appeal for cybercriminals to target them grows as well, leading to the development of new tactics to circumvent antivirus software, beat web filters, and confuse targets into giving up secrets.
It’s easier than ever to fall prey to cyber scams—even the most well-trained can fall for a perfectly executed attack. Hackers move fast—potential victims need to be faster.
Read eight security tips for online shoppers on TechRepublic.