HackDig : Dig high-quality web security articles

Coronavirus phishing: “Welcome back to the office…”

As offices start to slowly open back up, the theoretically post-pandemic world is changing its threat landscape once again, and that includes the likely inclusion of coronavirus phishing attempts. With the move to remote work, attackers switched up their tactics. Personal devices and home networks became hot targets. Organizations struggled with securing dev
Publish At:2021-06-03 10:55 | Read:152 | Comments:0 | Tags:Scams CIO coronavirus covid-19 covid-19 scams email fake pan

Royal Mail phish deploys evasion tricks to avoid analysis

Royal Mail phish scams are still in circulation, slowly upgrading their capabilities with evasion tools deployed in far more sophisticated malware attacks. Often, the quality of sites we see varies greatly. Many fake Royal Mail pages are cookie-cutter efforts existing on borrowed time. The operators know their scam is a case of here today, gone tomorrow.
Publish At:2021-05-19 14:14 | Read:204 | Comments:0 | Tags:Scams bypass delivery parcel phish phishing post office rdp

What is Smishing? The 101 guide

Smishing is a valuable tool in the scammer’s armoury. You’ve likely run into it, even if you didn’t know that is its name. It doesn’t arrive by email or social media direct message, instead choosing a route directly aimed at what may be your most personal device: the mobile phone. So, what is Smishing? We’re glad you asked. D
Publish At:2021-04-29 16:29 | Read:300 | Comments:0 | Tags:Mobile fake phish phishing scam smish smishing sms text

Bitcoin scammers phish for wallet recovery codes on Twitter

We’re no strangers to the Twitter customer support DM slide scam. This is where someone watches an organisation perform customer support on Twitter, and injects themselves into the conversation at opportune moments hoping potential victims don’t notice. This is aided by imitation accounts modelled to look like the genuine organisation’s account.
Publish At:2021-04-28 16:59 | Read:390 | Comments:0 | Tags:Social engineering bitcoin cryptocoin NFT phish phishing rec

The human impact of a Royal Mail phishing scam

Last week, we looked at a Royal Mail themed scam which has very quickly become the weapon of choice for phishers. It’s pretty much everywhere at this point. Even one of my relatives with a semi-mystical ability to never experience a scam ever, received a fake SMS at the weekend. The problem with common attacks is we grow complacent, or assume it isn’t rea
Publish At:2021-03-23 16:54 | Read:447 | Comments:0 | Tags:Scams account bank banking phish phishing royal mail scam sm

Resident Evil 8 just the latest game plagued by fake demos and early access scams

There’s been a number of scams targeting fans of major upcoming video game releases over the last week or two. Why is this happening, and what can you do to ensure both you and your children avoid such fakeouts? Preview power: the 80s and 90s Back in the 80s, games reviews were only really found in dedicated gaming magazines like ZZap!64 or Amstrad Act
Publish At:2021-03-20 07:00 | Read:607 | Comments:0 | Tags:Scams Beta biomutant consoles cyberpunk 2077 early access fa

Royal Mail scam says your parcel is waiting for delivery

Expecting a delivery? Watch out for phishing attempts warning of held packages and bogus shipping fees. This Royal Mail delivery scam begins with a text message out of the blue, claiming: Your Royal Mail parcel is waiting for delivery. Please confirm the settlement amount of 2.99 GBP via:Uk(dot)royalmail-bill(dot)com Lots of folks may assume this text
Publish At:2021-03-15 17:48 | Read:538 | Comments:0 | Tags:Scams delivery fake package parcel phish phishing royal mail

Defending online anonymity and speech with Eva Galperin: Lock and Code S02E03

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we talk to Eva Galperin, director of cybersecurity for Electronic Frontier Foundation, about the importance of protecting online anonymity and speech. In January, the New York Times exposed a public harassment campaign likely waged by one woman ag
Publish At:2021-03-01 14:30 | Read:508 | Comments:0 | Tags:Podcast APT CDA 230 EFF Electronic Frontier Foundation Eva G

What Google learned from 1 billion evil email scams

Google and researchers at Stanford University have released an in-depth study analysing 5 months of phishing / malware mails sent globally. “Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk” looked at more than a billion mails. The results were then fed into a presentation at the Internet Measurement
Publish At:2021-02-10 22:00 | Read:679 | Comments:0 | Tags:Privacy gmail Google mail malware phish phishing presentatio

“Is it you in the video?” – don’t fall for this Messenger scam

byPaul DucklinIf you’ve ever wondered why cybercriminals are interested in your IM passwords……well, it’s not just so they can sneak into your account and snoop through your personal data with a view to abusing it themselves or selling it on to someone else who will.Access to your account also gives crooks a level of trusted access to
Publish At:2020-12-17 22:07 | Read:745 | Comments:0 | Tags:Facebook Phishing Messenger phish Scam

Get a head start on defending against tax scams

It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news. Between 2013 and 2016, Hitesh Patel ran a particularly sophisticated operation.
Publish At:2020-12-08 17:30 | Read:697 | Comments:0 | Tags:Social engineering 2fa HMRC money laundering phish phishing

November spam roundup: Stalkers, property tips, porn, stern words and PayPal

Today we’re rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatever’s lurking in your mailbox. A full house of spam Whether by accident or design, y
Publish At:2020-11-30 10:36 | Read:620 | Comments:0 | Tags:Cybercrime Social engineering email mail phish phishing roun

Fake COVID-19 survey hides ransomware in Canadian university attack

This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero. In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of Brit
Publish At:2020-10-28 14:47 | Read:868 | Comments:0 | Tags:Cybercrime Social engineering phish phishing ransomware UBC

Keeping ransomware cash away from your business

A ransomware gang has made headlines for donating a big chunk of stolen funds to two charities. Two separate donations given to Children International and The Water Project rang tills to the tune of $10,000 each. Their reason was that they’re targeting “only large profitable corporations, we think it’s fair that some of the money they’ve paid will go to char
Publish At:2020-10-27 15:23 | Read:1120 | Comments:0 | Tags:Cybercrime Malware bitcoin charities charity donations illeg

Silent Librarian APT right on schedule for 20/21 academic year

A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities via spear phishing campaigns since schools and universities went back. We were initially tipped off by one of our customers, and were able to identify a new active campaign from this APT group. Based off a number of intended victims, we can tell that Sil
Publish At:2020-10-14 11:29 | Read:899 | Comments:0 | Tags:Malwarebytes news APT cobalt dickens phish phishing silent l