Digital fraudsters have seized upon coronavirus 2019 (COVID-19) as a lure for their new scams and attack campaigns. Together, these malicious operations constitute nothing short of a deluge. Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1 and March 23, 2020—a 667% increase over the 1,188 attacks detected a mo

byPaul DucklinIt’s not like cybercriminals to take advantage of a world event… and this is a rather large world event.Since COVID-19 hit the headlines, we’ve covered a selection of coronavirus-related scams, phishing attacks and malware campaigns in which crooks have adapted existing sextortion emails, mobile malware and password stealing t

Many in the digital security community are coming together to combat malicious actors during the coronavirus disease 2019 (COVID-19) global outbreak. One of the most visible of these new efforts is the COVID-19 CTI League. Made up of approximately 400 volunteers living in approximately 40 countries, the COVID-19 CTI League is working to block attackers from

byPaul DucklinThanks to the team at SophosLabs for sending us the SMS used in this scam.If you’re sitting at home right now, sheltering from the coronavirus pandemic – and there’s a good chance you are – then you are probably either thinking about a home delivery, or waiting for one.In the UK, for example, even people who have no symp

byLisa VaasAs of Tuesday, hijacked Twitter accounts were spewing out hundreds of tweets hawking a dodgy looking face mask/toilet paper/digital forehead thermometer online store, according to Motherboard’s Vice.When Vice’s Joseph Cox searched for the masks site on Tuesday, he found what he called a “heavy stream” of other accounts that

Whenever there are global news headlines that generate a lot of public interest, especially stories that may cause panic, you can bet that cybercriminals will try to leverage the situation to their advantage. Such is the case with the coronavirus (COVID-19) pandemic.Coronavirus scams aboundLast week, the SANS Internet Storm Center reported that fraudulent e-

byLisa VaasA free coronavirus vaccine from the World Health Organization (WHO), for only $4.95 to cover shipping costs?!?Nah, we didn’t think so, either. On Sunday, the US Department of Justice (DOJ) announced that it shut down what it called a wire fraud scheme being carried out by the operators of a site in order to squeeze profit from the confusion

Malicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between March 1 and March 13, 2020. Between March 14 and March 18, 2020, the United Kingdom’s national fraud

The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day. Crooks and nation-state actors continue to exploit the interest of potential victims in the Coronavirus outbreak. In recent weeks, we observed that threat actors are creating thousands of coronavirus-themed webs

A cybercrime gang focused on Business Email Compromise (BEC) has started using coronavirus-themed scam emails in its attacks. While the Coronavirus is spreading worldwide cybercriminals and nation-state actors are launching COVID19-themed attacks on a global scale. Most of the attacks aimed at spreading malware to control victims’ computers and s

Digital fraudsters incorporated a chatbot into their phishing scam for the purpose of helping victims hand over their personal information.In a scam discovered by MalwareHunterTeam and shared with Bleeping Computer, digital attackers targeted Russian users with fake refunds of 159,700 rubles ($2,100) for unused web and phone services.The campaign stood out t

It would be a challenge to find someone who has not heard of the now-infamous “Nigerian Prince scams,” also known as “419 scams” and “advance-fee scams.” The concept itself dates back to the French Revolution, but it has come a long way due to human gullibility. More recently, it has taken to the internet to deceive scores

Facebook has filed a lawsuit against domain registrar Namecheap and its Whoisguard privacy protection service over fraudulent domains Facebook announced this week that it has filed a lawsuit against domain registrar Namecheap and its Whoisguard privacy protection service because it has refused to provide information on a series of fraudulent domains. Frau

byPaul DucklinHere at Naked Security, we receive our fair share of phishing scams.It means we see a good cross-section of the phishes going around, which gives us a way to keep tabs on just how realistic scams are becoming.“Show-and-tell” phishing stories are a handy way to document just how undramatic and unsuspicious, and therefore just how bel

Scammers created a fake website to masquerade as the organizers of Burning Man and to trick people into buying non-existent tickets for the arts event.Kaspersky Lab discovered a fraudulent website that attempted to capitalize on people’s interest in attending the event. The site leveraged the same colors, fonts and design as “burningman.org,̶