Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on June 2, 2025 Permalink | Reply
    Tags: , ghost tap, , , phishing,   

    Ghost Tap Scam Bleeds Millions 

    By Greg Collier

    A new form of credit card fraud, referred to as the “Ghost Tap” scam, has been identified and is currently under investigation by authorities in multiple states. The Knox County (TN) Sheriff’s Office recently issued a public warning regarding this emerging threat. According to their update, the scam involves criminal groups using digital wallet applications to make fraudulent purchases with stolen credit card data. These purchases often take the form of gift cards, which are then sold online to obscure the trail of the original transactions.

    Investigators have linked the operation to organized criminal rings primarily involving foreign nationals, who travel from states with large populations and more intense enforcement to smaller regions they perceive as less guarded. Since August 2024, law enforcement officials have apprehended over ten suspects connected to this scheme in Knox County alone. Authorities believe losses are in the millions due to these fraudulent transactions.

    The process is swift and largely invisible to the average person. Stolen credit card information is stored within a digital wallet, allowing suspects to make contactless purchases without possessing a physical card. This tactic enables them to bypass certain security checks and quickly convert the fraudulent funds into untraceable assets like gift cards. These cards are then resold through various online marketplaces, making it difficult to identify the original source of the funds.

    Officials warn that the Ghost Tap scam often operates in tandem with phishing schemes. Victims may receive text messages claiming there are problems with toll payments, package deliveries, or bank accounts. The messages typically include a link urging the recipient to enter personal or financial information. These tactics are used to collect data that may later be exploited in digital wallet fraud.

    To counteract these threats, the sheriff’s office advises the public to remain skeptical of unsolicited messages requesting sensitive information. They also stress that no legitimate agency will ever demand payment through gift cards or request private data over the phone. Any such contact should be treated as suspicious and reported to the appropriate authorities.

    The local Organized Retail Crime Unit has been central to recent enforcement actions, utilizing new investigative tools to identify suspects as soon as they arrive in the area. Officials hope that raising awareness will help deter future incidents and encourage prompt reporting of suspicious behavior. With digital wallets becoming increasingly common, scams like Ghost Tap represent a growing challenge that demands both public caution and coordinated enforcement.

     

  • Geebo 8:00 am on May 29, 2025 Permalink | Reply
    Tags: , , phishing, ,   

    Fake DMV Texts Are the New Nationwide Scam 

    By Greg Collier

    A new phishing scam is spreading across the country, targeting drivers with fraudulent text messages that appear to come from official motor vehicle departments. These messages claim the recipient has unpaid traffic fines and threaten license suspension or other penalties unless immediate action is taken. In reality, these texts are not from any legitimate agency and are designed to steal personal and financial information.

    In Georgia, the messages reference a nonexistent Department of Motor Vehicles and warn about suspended driving privileges unless payment is made. Officials in that state have clarified that there is no state DMV and that real agencies, like the Department of Driver Services, do not use text messages for these purposes.

    In Illinois, the scam texts include specific legal codes, threatening prosecution and credit score damage. The messages cite fake administrative laws and demand payment through a fraudulent link. State officials have warned that such texts are not a legitimate form of communication for any action involving traffic violations or license status.

    Louisiana drivers have received similar texts claiming they owe fines. The state’s Office of Motor Vehicles confirmed these messages are not legitimate and has issued warnings advising residents not to click on any links. Officials say these scams are part of a broader phishing campaign that could also lead to malware infections or identity theft.

    This wave of fake DMV text messages appears to be the latest version of the toll scam texts that circulated widely earlier this year. In those cases, scammers pretended to represent toll agencies and used a similar strategy of creating urgency to push recipients into making fake payments. The transition to impersonating motor vehicle departments suggests that scammers are adapting their tactics to stay ahead of public awareness.

    These scams exploit common anxieties about driving privileges, legal consequences, and unpaid fines. By mimicking the language and tone of government agencies, the messages aim to pressure individuals into quick action before they have time to verify the source. In each case, the fraudulent messages include links to sites that harvest sensitive data or install harmful software.

    As this scam continues to appear in multiple states, it highlights the importance of being cautious with any unsolicited message, especially those requesting immediate payment or personal information. Motor vehicle agencies generally communicate through secure channels and do not use text messages to issue threats or collect fines. Drivers are encouraged to verify any suspicious message by contacting their local agency directly.

     

  • Geebo 8:00 am on May 8, 2025 Permalink | Reply
    Tags: , , , phishing, ,   

    Google Spoof Scam Exposes Flaws 

    By Greg Collier

    Phishing has evolved far beyond clumsy scams riddled with typos and generic threats. It now wears the mask of legitimacy, often cloaked in branding and technical language convincing enough to fool even savvy users. A recent example of this growing trend involves an especially deceptive attack using Google’s own infrastructure as a weapon.

    Cybercriminals have been exploiting Google Sites and other services to distribute phishing emails that appear to originate from Google’s own domain. In this case, a message disguised as a legal request from law enforcement was sent to users, complete with references to subpoenas and the need to review case materials. The message urged the recipient to click on a link to a Google support page, which in reality led to a page designed to harvest login credentials.

    The trap is insidious. The phishing page is hosted on a subdomain of Google.com, lending a false sense of trust to unsuspecting users. Because the site is built with Google Sites, it carries the appearance of a legitimate Google interface. The attackers further muddy the waters by ensuring the phishing email lands in the same thread as previous legitimate security alerts, increasing the likelihood that users will trust it.

    The deeper issue lies in how Google has allowed this vulnerability to persist. The legacy version of Google Sites, still accessible today, permits anyone to publish content on a Google.com subdomain. This opens the door to abuses like malicious scripts and fake credential portals. Google has been warned about this gap in security, yet the core issues remain unresolved. While some reactive measures have been taken, the architecture still leaves room for repeat abuse.

    This raises a broader concern about corporate responsibility in digital security. Google has positioned itself as a cornerstone of online identity and infrastructure, and with that status comes the obligation to protect its users proactively. Allowing these phishing schemes to exploit the trust associated with the Google name creates not just a security risk, but an erosion of that trust.

    Google’s statement suggests users enable two-factor authentication and passkeys as a defense. While this is sound advice, it shifts the burden onto individuals to compensate for shortcomings in the platform’s safeguards. The more sustainable solution would be for Google to close the loopholes that allow bad actors to operate under its umbrella in the first place.

    As phishing continues to mimic trusted entities more convincingly, users must remain cautious. But the companies whose tools are being weaponized also bear responsibility. Until tech giants like Google take these exploits seriously and move swiftly to harden their platforms, the digital wolves will keep getting in, dressed in ever more convincing sheep’s clothing.

     

  • Geebo 9:01 am on January 3, 2025 Permalink | Reply
    Tags: , FasTrak, phishing, , , ,   

    Toll Scams Sweeping the Nation Again 

    Toll Scams Sweeping the Nation Again

    By Greg Collier

    Across the United States, drivers are increasingly becoming targets of sophisticated toll payment scams. These scams often involve fraudulent text messages or emails claiming unpaid tolls. The messages aim to trick individuals into clicking on malicious links and providing sensitive personal and financial information. Authorities and tolling agencies nationwide are warning drivers to stay vigilant and protect themselves from these fraudulent schemes.

    In California, text scams have surged, falsely claiming to be from FasTrak, the state’s electronic toll collection system. The messages often direct recipients to websites that appear legitimate but are operated by scammers. These websites ask for banking or credit card information, exploiting unsuspecting users. Official tolling agencies in California emphasize that they do not send text messages to individuals without accounts and never request payments through unsolicited links.

    South Florida drivers have also reported similar schemes. Fraudulent messages, often labeled as ‘final reminders’, urge recipients to copy and paste links into their browsers to resolve alleged unpaid tolls. The realistic appearance of these scams, from their professional-looking websites to the urgent tone of their messages, has made them particularly effective. Local transportation officials have reiterated that they do not request payments or account actions via text messages.

    In New York, E-ZPass users have been targeted by messages claiming to be from ‘NY Toll Services’. These messages ask for sensitive information like Social Security numbers and dates of birth, details that legitimate toll services never request. Officials have reminded drivers to only use authorized websites for account management and toll payments.

    The problem isn’t confined to these regions. Similar scams have been reported in Illinois, Pennsylvania, and other parts of the country. These widespread schemes often exploit the increasing reliance on electronic toll collection systems, taking advantage of the convenience and automation that make such systems attractive to drivers.

    The scams share common tactics: a sense of urgency, professional presentation, and the impersonation of trusted entities. Cybersecurity experts urge individuals to exercise caution when receiving unsolicited messages, especially those prompting immediate action. Carefully inspecting sender information, avoiding unfamiliar links, and independently verifying claims by contacting tolling agencies through official channels can go a long way in preventing fraud.

    Those who suspect they have encountered a toll scam are encouraged to report it to federal authorities, including the FBI’s Internet Crime Complaint Center. Additionally, anyone who may have inadvertently shared personal or financial information should take immediate steps to secure their accounts and monitor for suspicious activity.

    As these scams continue to evolve, awareness is the most effective defense. By recognizing the signs of phishing attempts and relying only on official communication channels, drivers can safeguard their information and help curb the impact of these nationwide toll scams.

     

  • Geebo 9:00 am on December 23, 2024 Permalink | Reply
    Tags: , phishing, , , ,   

    Protect Yourself from Holiday Delivery Scams 

    Protect Yourself from Holiday Delivery Scams

    By Greg Collier

    The week leading up to Christmas is a pivotal time for those relying on the U.S. Postal Service (USPS) to send or receive last-minute packages. With millions of pieces of mail being delivered daily during the holiday season, consumers eagerly awaiting their deliveries are often targeted by scammers using deceptive tactics.

    One of the most prevalent schemes during this time is the use of fraudulent text messages designed to appear as legitimate delivery updates from the USPS. These messages often include a web link or phone number, prompting recipients to provide personal or financial information. However, if you haven’t specifically signed up for USPS tracking updates, any unsolicited communication should raise a red flag.

    This type of scam, known as ‘smishing’, involves using text messages to lure individuals into sharing sensitive information such as usernames, passwords, Social Security numbers, or payment details. Fraudsters often impersonate trusted entities like government agencies or financial institutions to make their requests seem credible. Once they obtain this information, it can be sold on the dark web or used for further fraudulent activities.

    Smishing messages are crafted to exploit the recipient’s sense of urgency or curiosity. During the holiday season, when people are keenly tracking their packages, these scams become even more convincing. The U.S. Postal Inspection Service cautions against responding to any unexpected messages, particularly those that request account verification or payment details.

    USPS officials emphasize that the agency does not send unsolicited text messages regarding packages. If you receive such a message, avoid clicking on links, replying, or calling any numbers provided. Instead, independently verify the sender’s legitimacy by visiting the organization’s official website or contacting their customer service using trusted contact information.

    The USPS offers several secure methods for tracking your mail and packages. When you send a package, the receipt includes a tracking number. This number can be entered on the USPS website to check delivery status. Official replies will always include USPS branding, the tracking number, and delivery details.

    Another useful tool is USPS Informed Delivery, which provides an email preview of incoming mail and packages. Signing up for these services ensures you can stay informed without relying on unsolicited notifications.

    Always remember that legitimate organizations, including the USPS, will not request personal or financial information via text message. If you receive a suspicious message, delete it immediately and do not engage with the sender. Enable two-factor authentication for online accounts to add an extra layer of protection, and regularly monitor your financial statements for unauthorized activity.

    During the holiday season, as you wait for your packages to arrive, taking these precautions can help safeguard your personal information. By using the USPS’s official tools and staying alert, you can ensure your holiday deliveries are secure and stress-free.

     

  • Geebo 9:00 am on November 26, 2024 Permalink | Reply
    Tags: , , phishing, ,   

    Beware of the Latest Apple Phishing Scam 

    Beware of the Latest Apple Phishing Scam

    By Greg Collier

    In the ever-evolving landscape of cyber threats, phishing emails remain a persistent and dangerous tactic employed by hackers to steal personal information. The latest target? Apple account holders. A deceptive email claiming to be from Apple Support is making the rounds, aiming to trick recipients into handing over their login credentials and other sensitive data. However, this email isn’t from Apple’s headquarters. It’s a cleverly crafted scam designed to exploit trust and urgency.

    The email is designed to mimic legitimate correspondence from Apple, using familiar formatting and branding to appear authentic. The message claims that your Apple ID has been suspended due to unusual activity or that it’s missing information. It features a blue button labeled ‘Go to Apple ID’, urging you to verify your account to restore access. The sense of urgency is palpable, since it might warn you that failure to act within 24 hours will result in your account being permanently locked.

    While the email may seem convincing at first glance, a closer inspection reveals the hallmarks of a phishing scam. For instance, the sender’s email address doesn’t come from an official Apple domain. Instead, it might originate from a suspicious overseas domain. Additionally, the grammar and phrasing in the email are often awkward or incorrect, a red flag that something is amiss.

    Falling victim to such a scam can have serious consequences. If your Apple account is compromised, scammers could use the payment information stored in your account to purchase expensive Apple products, leaving you with the bill. To avoid such a scenario, it’s critical to scrutinize every email you receive.

    When examining emails, always verify the sender’s address and ensure it matches the official domain of the purported sender. Be wary of any links included in the message, particularly if the email is unexpected or seems suspicious. Legitimate organizations, including Apple, will never ask you to verify sensitive information through an email link. Instead, they’ll direct you to their official website or app to manage your account securely.

    Two-factor authentication (2FA) is another essential tool for protecting your accounts. By requiring a second form of verification, such as a code sent to your phone or another trusted device, 2FA can stop hackers from accessing your account even if they manage to obtain your login credentials.

    By remaining cautious, verifying the authenticity of communications, and enabling robust security measures, you can safeguard your digital identity and prevent scammers from succeeding. Always think twice before clicking, and remember: when in doubt, go directly to the source to verify the legitimacy of any request.

     

  • Geebo 9:02 am on November 19, 2024 Permalink | Reply
    Tags: , , , phishing,   

    New Phishing Scam Uses .GOV Emails 

    New Phishing Scam Uses .GOV Emails

    By Greg Collier

    In an unsettling turn of events, cybercriminals are exploiting trust in government systems to target businesses. Using stolen government email credentials, these criminals send fraudulent emails that appear legitimate, aiming to trick companies into sharing sensitive information. According to federal authorities, this tactic has escalated to a new level of sophistication, with attackers leveraging official-looking communications to gain access to confidential company data.

    Once considered a hallmark of trustworthiness, emails from .gov addresses are no longer a guaranteed sign of authenticity. These addresses are now being sold and misused on dark web forums, enabling criminals to pose as federal agencies. In one case, a known cybercriminal openly advertised their collection of high-quality .gov email credentials, boasting that they could assist buyers in impersonating law enforcement officers, even providing fake subpoena documents to make their ruse more convincing.

    The implications are serious. Businesses that fall for these scams may inadvertently expose customer data, internal documentation, or trade secrets. The fraudulent emails often include urgent requests, claiming an investigation or legal matter requires immediate action. Under the guise of government authority, companies are pressured into complying without verifying the legitimacy of the request.

    The FBI has issued warnings, urging businesses to remain vigilant and adopt stringent cybersecurity practices. Key recommendations include monitoring connections with third-party vendors, maintaining secure backups of critical data, and scrutinizing every aspect of any supposed emergency data request. Special attention should be given to details such as logos, legal references, and formatting, which may reveal subtle inconsistencies.

    One critical piece of advice is if you receive an email from a government address requesting sensitive information, do not respond immediately. Instead, contact the office directly through a verified phone number to confirm the request. Cybercriminals are adept at social engineering, using their knowledge of a company’s operations to craft emails that seem authentic. It’s essential to adopt a ‘trust but verify’ approach, even when the sender appears legitimate.

    The growing prevalence of these attacks highlights the evolving threat landscape. Companies must stay informed, invest in robust security measures, and foster a culture of skepticism toward unexpected or urgent requests. By doing so, they can protect themselves and their customers from falling victim to these sophisticated scams.

     

  • Geebo 8:00 am on July 22, 2024 Permalink | Reply
    Tags: CrowdStrike, , phishing,   

    Scams expected in wake of CrowdStrike crash 

    Scams expected in wake of CrowdStrike crash

    By Greg Collier

    On Friday, a faulty software update from CrowdStrike’s Falcon monitoring platform caused widespread disruptions, affecting 8.5 million Windows devices globally. This incident led to significant interruptions in various services, including online banking and air travel, despite accounting for less than one percent of all Windows machines. The outage was not the result of a cyberattack, but it has sparked serious concerns about opportunistic scams exploiting the chaos.

    In the wake of the outage, both CrowdStrike and several government-affiliated agencies have issued warnings about a surge in phishing and scam activities. Scammers are quick to capitalize on the confusion, using tactics such as malicious domain registrations, phishing emails, and fraudulent phone calls. A notable scam involves a ZIP archive named “crowdstrike-hotfix.zip,” designed to steal data from unsuspecting users.

    Staying safe during this period requires vigilance and caution. Be aware of phishing scams claiming to resolve the outage, and avoid downloading software or opening attachments from unknown sources. When receiving requests for personal information, always verify the sender and never share sensitive details with unverified contacts. It’s crucial to use official channels when seeking assistance. Contact companies directly through their official websites or help desks, and make sure to visit CrowdStrike and Microsoft’s dedicated support pages for accurate information.

    Scammers often create a sense of urgency to prompt hasty actions. Resist the pressure to act quickly and take your time to verify any communication you receive. Reporting scams is essential. In the U.S., report fraud to the Federal Trade Commission.

    Support vulnerable individuals by checking in with elderly friends and family members who might be targeted. Ensure they understand the current scam tactics and know how to stay safe. This collective vigilance can help protect against the wave of scams taking advantage of the current situation.

    Experts advise that the best course of action when uncertain about a communication is to contact businesses directly. This helps avoid falling for scams masquerading as legitimate offers of assistance. Additionally, it’s important not to succumb to pressure and rush into actions that could compromise personal information.

    As the fallout from the CrowdStrike-induced outage continues, maintaining vigilance and adhering to these safety measures will help protect against the wave of scams. Remember, forewarned is forearmed. Stay informed, cautious, and always verify the sources of any communications you receive.

     

  • Geebo 8:00 am on June 4, 2024 Permalink | Reply
    Tags: , , phishing, ,   

    Protect your Facebook account from latest phishing scam 

    By Greg Collier

    Social media scams are constantly evolving, and the latest phishing scheme is a new threat targeting Facebook users. It’s designed to trick you into revealing your login credentials by exploiting your fear of losing access to your account. The Better Business Bureau has issued a warning about this scam, emphasizing the importance of recognizing and avoiding it. Here’s how you can identify this scam and safeguard your account from hackers.

    You might receive an email that seems to be from Facebook, warning about a breach of Community Standards on your page. The message might look like this: “Recently, we discovered a breach of our Community Standards on your page. Your page has been disabled for violating our Terms. If you believe this decision is incorrect, you can request a review and file an appeal at the link below.” The email could also state that if you don’t act within 24 hours, your account will be permanently deleted. The email includes a link that appears to lead to Facebook’s website.

    When faced with such a message, it’s essential to remain calm and scrutinize it closely. You will likely find telltale signs of a scam, such as, typos and grammatical errors in the message, an email sender’s address that doesn’t match Facebook’s official addresses, or you might notice that the link doesn’t actually point to Facebook’s website.

    Another variant of this phishing scam targets business pages, threatening deactivation due to a Terms of Service or Community Standards violation. This message pretends to be from Meta Business Support and asks the administrator to confirm the account by clicking a link, or face permanent deletion. Clicking the link typically leads to a fake but official-looking page that prompts you to fill out a form with your login email, phone number, name, and other details. Once submitted, you are asked to confirm your password, providing scammers the information needed to hijack your account. We have to clear out messages like this from our inbox daily just because we’re a business with a Facebook page.

    There are steps you can take to protect yourself from this scam, such as reading suspicious emails and messages carefully, looking for signs of a scam before taking any action. Remember, fake alerts are common as scammers frequently target social media accounts.

    If you receive a message similar to the one’s mentioned, you should verify its claims by logging into your Facebook account directly to check if there is an actual problem. Do not rely on the information provided in the message to make any decisions.

    Also, even if an alert seems legitimate, use the Facebook app to log in or type the URL into the browser bar yourself. Avoid clicking on links sent via email or messages.

    Lastly, never enter your login information on a third-party website or any page other than the official Facebook website. Do not send your login details via email or Facebook Messenger. If you suspect you’ve entered your credentials on a fake form, change your password immediately.

    By staying informed and cautious, you can protect your Facebook account from phishing scams and other online threats. The Better Business Bureau’s warning serves as a reminder that your security starts with a proactive approach to recognizing and avoiding these scams.

     

  • Geebo 9:05 am on December 15, 2023 Permalink | Reply
    Tags: , , , phishing, ,   

    New scam sends you a bill from Apple 

    New scam sends you a bill from Apple

    By Greg Collier

    Whenever you see a headline that says there’s a new scam, the odds are it’s an old scam in new clothing. It’s just more efficient to say there’s a new scam in the headline in order to better educate the reader. Today’s scam is no different.

    Security experts are saying scammers are sending bills to their victims that appear to look like a bill from Apple Computers. The bill says the recipient is being charged close to $300 for security ‘upgradation’. Upgradation is an English word, however, it is not used in American English. That should be someone’s first clue the bill is fraudulent.

    The bill contains a phone number to call in case the recipient has any questions. Once a victim calls the number, they’re told they’ll be issued a refund if they allow the phony customer service agent to have remote access to the victim’s device. Red flags do not get any redder than this. Once a user allows remote access to their device, bad actors can install malware on to the device, or gain access to your online accounts.

    A similar scam to this one is when victims receive an email that claims someone just made a large purchase on their Amazon account, prompting the victim to call a customer service included in the email.

    In this instance, the scammers are posing as Apple because Apple users have a reputation of being more affluent since Apple devices are more expensive than competitors’ devices. The scammers don’t actually know who owns an Apple device. They send out these email invoices en masse, hoping they snag an Apple using victim. It’s almost certain some Windows and Android users received phony Apple emails too.

    With these email scams, never call the phone number included. Instead, manually check your account from that vendor or service to make sure you haven’t been charged. If you still feel the need to call them, use the customer service number from their website.

     

← Older posts

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel