HackDig : Dig high-quality web security articles for hackers

A week in security (May 25 – 31)

Last week on Malwarebytes Labs, we published our most recent episode of our podcast Lock and Code, providing an in-depth discussion on web browser privacy, looked at the membership bump for the Coalition against Stalkerware, and dug into EDR solutions. We also looked at twists added to the threat scene by Maze Ransomware. Other cybersecurity news Breac
Publish At:2020-06-01 13:35 | Read:275 | Comments:0 | Tags:A week in security awis cybrsecurity fake fake news fraud ma

Fake “Corona Antivirus” distributes BlackNET remote administration tool

Scammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a number of spam campaigns using COVID-19 as a lure to trick people into installing a variety of malware, but especially data stealers. As more of us work from home, the need to secure your computer, especially if you are connecting to your company̵
Publish At:2020-03-23 17:03 | Read:583 | Comments:0 | Tags:Social engineering Threat analysis antivirus botnet coronavi

Advanced phishing tactics used to steal PayPal credentials

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa
Publish At:2016-06-14 19:15 | Read:3898 | Comments:0 | Tags:Cybercrime Social engineering fake JavaScript PayPal phish P

Tech Support Impostors Part II: Where are They Now?

Last October, our own Jerome Segura uncovered a tech support scam trading on Malwarebytes’ good name. So half a year later, what happened to the perpetrators? Still scamming, apparently, and now with a snazzy new website! Rather than coding a website from scratch and possibly making mistakes, they seem to have lifted assets from the Malwarebytes websi
Publish At:2016-05-13 19:50 | Read:9334 | Comments:0 | Tags:Cybercrime Social engineering fake scam tech support tech su

“BMW Lottery Department” 419 Spam

Good news, oh lucky winner! You’ve won a car, laptop, and a frankly terrifying amount of money after being entered in a prize draw. Well, that’s what the senders of the below missive want you to think, should you open it up in your mailbox. Titled “Dear Lucky Winner” and sent from the so-called “BMW Lottery Department”, th
Publish At:2016-04-12 05:15 | Read:3602 | Comments:0 | Tags:Cybercrime Social engineering 419 BMW email fake mail money

Steer clear of this latest fake iPhone discount news

More than a week after the FBI has decided to drop that case against Apple, it appears that the controversy surrounding all of this continues to keep us riveted to the news. Usually, people go to their favourite online publications; what shady actors behind equally shady news sites do, though, are the opposite. Users with UK IP addresses shouldn’t be s
Publish At:2016-04-06 03:15 | Read:3885 | Comments:0 | Tags:Cybercrime Social engineering Apple fake fake news gamificat

“Your Recent Purchase with your Apple ID”…

Apple fans should steer clear of a convincing phishing mail doing the rounds, with the sender address popping up in a 419 scam not so long ago. Here’s the mail in question: It’s a fake tax receipt which states that a purchase has been made for “Rain Radar, Remove Ads”. If you didn’t make this purchase, you should visit the link
Publish At:2016-03-17 10:55 | Read:5566 | Comments:0 | Tags:Phishing app Apple email fake phish phishing

Google Docs? Check One More Time…

If you go looking for Google Docs related URLs on your travels, you may run into the following site (registered through an “Offshore anonymous hosting company” in Panama): googledocs(dot)info Despite the name, you won’t find your documents sitting in a pile waiting to be edited. Indeed, you’ll currently see this: If we had a magical
Publish At:2016-03-04 15:05 | Read:4730 | Comments:0 | Tags:Fraud/Scam Alert fake Google phish

The Amazon Survey Phish: Back for Round 2

We’ve seen another run of Amazon themed spam doing the rounds, and they may well already be dropping into your mailbox. Here’s the email in question: The text is identical to the last one we took a look at (notice also the open red padlock, which is a new Gmail feature). As before, the link uses a redirect to send potential victims to an imitati
Publish At:2016-02-26 20:20 | Read:4040 | Comments:0 | Tags:Fraud/Scam Alert amazon email fake phish phishing scam

Avoid this “Casino Online Promotion” 419 Scam

Remember the time when you won a ridiculous amount of money from a Casino you’d never heard of, much less visited? Me neither, but as it turns out it doesn’t really matter when dealing with the wacky world of email spam – where winnings are often plentiful despite not actually taking part: Going by the wonderfully informative title of R
Publish At:2016-02-23 20:00 | Read:4296 | Comments:0 | Tags:Fraud/Scam Alert 419 fake lottery scam scammers

The Phishy Accountant: Something Doesn’t Add Up

We’ve recently come across a phish aimed at people working in / related to accounting firms, sent from a compromised accountant’s email address leading to a fake Google Docs page. The email reads as follows: Subject Important - For your review Hello, I've shared some files with you on Google Drive. Please, click on the E-Document to downlo
Publish At:2016-02-20 01:35 | Read:4347 | Comments:0 | Tags:Phishing cpa fake phish phishing scam

Gate To Nuclear EK Uses Fake CloudFlare DDoS Check

There has been a lot of talk about Nuclear EK recently, following Sucuri’s discovery about a large number of WordPress sites getting compromised to redirect to the exploit infrastructure. Here is another interesting spin: a Nuclear EK gate using a decoy CloudFlare DDoS check page while instead loading a malicious redirection that ultimately triggers th
Publish At:2016-02-08 18:15 | Read:3756 | Comments:0 | Tags:ExploitKits EK exploit fake Nuclear wordpress Cloud DDOS

A weather app with a twist

Recently, a weather app caught our attention by doing something far worse than predicting rain all the time. It installed all the ingredients for a false Blue Screen Of Death (BSOD) with a number to call for assistance. WeatherWizard As the app is bearing the same name as one comic book “super villain” this might have been a warning that there was something
Publish At:2016-02-04 05:45 | Read:4509 | Comments:0 | Tags:Fraud/Scam Alert bsod fake scam tech support scam

Tech Support Scammers Lure Users With Fake Norton Warnings, Turn Out To Be Symantec Reseller

Fraudulent tech support companies are well-known for taking advantage of unsavvy computer users by reeling them in with scare tactics and charging large amounts of money for bogus services. In many cases, these crooks sell free security products (or straight up pirate them) for hundreds of dollars more than their actual retail price. Security vendors may not
Publish At:2016-01-20 22:10 | Read:4409 | Comments:0 | Tags:Fraud/Scam Alert fake scam TechSupportScams

Clickjacking Campaign Plays on European Cookie Law

We’ve spotted an advertising campaign that tricks users into clicking on what looks like a notification alert that actually hides a legitimate advert, therefore abusing both the advertiser and the ad network hosting the ad (Google Ads Services). The rogue actors behind this fraudulent activity are cleverly leveraging a European law on the use of cookie
Publish At:2016-01-08 02:45 | Read:3735 | Comments:0 | Tags:Fraud/Scam Alert ads adverts fake fraud Google


Share high-quality web security related articles with you:)


Tag Cloud