Tagged: phishing Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 9:01 am on January 3, 2025 Permalink | Reply
    Tags: E-ZPass, FasTrak, phishing, , , ,   

    Toll Scams Sweeping the Nation Again 

    Toll Scams Sweeping the Nation Again

    By Greg Collier

    Across the United States, drivers are increasingly becoming targets of sophisticated toll payment scams. These scams often involve fraudulent text messages or emails claiming unpaid tolls. The messages aim to trick individuals into clicking on malicious links and providing sensitive personal and financial information. Authorities and tolling agencies nationwide are warning drivers to stay vigilant and protect themselves from these fraudulent schemes.

    In California, text scams have surged, falsely claiming to be from FasTrak, the state’s electronic toll collection system. The messages often direct recipients to websites that appear legitimate but are operated by scammers. These websites ask for banking or credit card information, exploiting unsuspecting users. Official tolling agencies in California emphasize that they do not send text messages to individuals without accounts and never request payments through unsolicited links.

    South Florida drivers have also reported similar schemes. Fraudulent messages, often labeled as ‘final reminders’, urge recipients to copy and paste links into their browsers to resolve alleged unpaid tolls. The realistic appearance of these scams, from their professional-looking websites to the urgent tone of their messages, has made them particularly effective. Local transportation officials have reiterated that they do not request payments or account actions via text messages.

    In New York, E-ZPass users have been targeted by messages claiming to be from ‘NY Toll Services’. These messages ask for sensitive information like Social Security numbers and dates of birth, details that legitimate toll services never request. Officials have reminded drivers to only use authorized websites for account management and toll payments.

    The problem isn’t confined to these regions. Similar scams have been reported in Illinois, Pennsylvania, and other parts of the country. These widespread schemes often exploit the increasing reliance on electronic toll collection systems, taking advantage of the convenience and automation that make such systems attractive to drivers.

    The scams share common tactics: a sense of urgency, professional presentation, and the impersonation of trusted entities. Cybersecurity experts urge individuals to exercise caution when receiving unsolicited messages, especially those prompting immediate action. Carefully inspecting sender information, avoiding unfamiliar links, and independently verifying claims by contacting tolling agencies through official channels can go a long way in preventing fraud.

    Those who suspect they have encountered a toll scam are encouraged to report it to federal authorities, including the FBI’s Internet Crime Complaint Center. Additionally, anyone who may have inadvertently shared personal or financial information should take immediate steps to secure their accounts and monitor for suspicious activity.

    As these scams continue to evolve, awareness is the most effective defense. By recognizing the signs of phishing attempts and relying only on official communication channels, drivers can safeguard their information and help curb the impact of these nationwide toll scams.

     

  • Geebo 9:00 am on December 23, 2024 Permalink | Reply
    Tags: , phishing, , , ,   

    Protect Yourself from Holiday Delivery Scams 

    Protect Yourself from Holiday Delivery Scams

    By Greg Collier

    The week leading up to Christmas is a pivotal time for those relying on the U.S. Postal Service (USPS) to send or receive last-minute packages. With millions of pieces of mail being delivered daily during the holiday season, consumers eagerly awaiting their deliveries are often targeted by scammers using deceptive tactics.

    One of the most prevalent schemes during this time is the use of fraudulent text messages designed to appear as legitimate delivery updates from the USPS. These messages often include a web link or phone number, prompting recipients to provide personal or financial information. However, if you haven’t specifically signed up for USPS tracking updates, any unsolicited communication should raise a red flag.

    This type of scam, known as ‘smishing’, involves using text messages to lure individuals into sharing sensitive information such as usernames, passwords, Social Security numbers, or payment details. Fraudsters often impersonate trusted entities like government agencies or financial institutions to make their requests seem credible. Once they obtain this information, it can be sold on the dark web or used for further fraudulent activities.

    Smishing messages are crafted to exploit the recipient’s sense of urgency or curiosity. During the holiday season, when people are keenly tracking their packages, these scams become even more convincing. The U.S. Postal Inspection Service cautions against responding to any unexpected messages, particularly those that request account verification or payment details.

    USPS officials emphasize that the agency does not send unsolicited text messages regarding packages. If you receive such a message, avoid clicking on links, replying, or calling any numbers provided. Instead, independently verify the sender’s legitimacy by visiting the organization’s official website or contacting their customer service using trusted contact information.

    The USPS offers several secure methods for tracking your mail and packages. When you send a package, the receipt includes a tracking number. This number can be entered on the USPS website to check delivery status. Official replies will always include USPS branding, the tracking number, and delivery details.

    Another useful tool is USPS Informed Delivery, which provides an email preview of incoming mail and packages. Signing up for these services ensures you can stay informed without relying on unsolicited notifications.

    Always remember that legitimate organizations, including the USPS, will not request personal or financial information via text message. If you receive a suspicious message, delete it immediately and do not engage with the sender. Enable two-factor authentication for online accounts to add an extra layer of protection, and regularly monitor your financial statements for unauthorized activity.

    During the holiday season, as you wait for your packages to arrive, taking these precautions can help safeguard your personal information. By using the USPS’s official tools and staying alert, you can ensure your holiday deliveries are secure and stress-free.

     

  • Geebo 9:00 am on November 26, 2024 Permalink | Reply
    Tags: , , phishing, ,   

    Beware of the Latest Apple Phishing Scam 

    Beware of the Latest Apple Phishing Scam

    By Greg Collier

    In the ever-evolving landscape of cyber threats, phishing emails remain a persistent and dangerous tactic employed by hackers to steal personal information. The latest target? Apple account holders. A deceptive email claiming to be from Apple Support is making the rounds, aiming to trick recipients into handing over their login credentials and other sensitive data. However, this email isn’t from Apple’s headquarters. It’s a cleverly crafted scam designed to exploit trust and urgency.

    The email is designed to mimic legitimate correspondence from Apple, using familiar formatting and branding to appear authentic. The message claims that your Apple ID has been suspended due to unusual activity or that it’s missing information. It features a blue button labeled ‘Go to Apple ID’, urging you to verify your account to restore access. The sense of urgency is palpable, since it might warn you that failure to act within 24 hours will result in your account being permanently locked.

    While the email may seem convincing at first glance, a closer inspection reveals the hallmarks of a phishing scam. For instance, the sender’s email address doesn’t come from an official Apple domain. Instead, it might originate from a suspicious overseas domain. Additionally, the grammar and phrasing in the email are often awkward or incorrect, a red flag that something is amiss.

    Falling victim to such a scam can have serious consequences. If your Apple account is compromised, scammers could use the payment information stored in your account to purchase expensive Apple products, leaving you with the bill. To avoid such a scenario, it’s critical to scrutinize every email you receive.

    When examining emails, always verify the sender’s address and ensure it matches the official domain of the purported sender. Be wary of any links included in the message, particularly if the email is unexpected or seems suspicious. Legitimate organizations, including Apple, will never ask you to verify sensitive information through an email link. Instead, they’ll direct you to their official website or app to manage your account securely.

    Two-factor authentication (2FA) is another essential tool for protecting your accounts. By requiring a second form of verification, such as a code sent to your phone or another trusted device, 2FA can stop hackers from accessing your account even if they manage to obtain your login credentials.

    By remaining cautious, verifying the authenticity of communications, and enabling robust security measures, you can safeguard your digital identity and prevent scammers from succeeding. Always think twice before clicking, and remember: when in doubt, go directly to the source to verify the legitimacy of any request.

     

  • Geebo 9:02 am on November 19, 2024 Permalink | Reply
    Tags: , , , phishing,   

    New Phishing Scam Uses .GOV Emails 

    New Phishing Scam Uses .GOV Emails

    By Greg Collier

    In an unsettling turn of events, cybercriminals are exploiting trust in government systems to target businesses. Using stolen government email credentials, these criminals send fraudulent emails that appear legitimate, aiming to trick companies into sharing sensitive information. According to federal authorities, this tactic has escalated to a new level of sophistication, with attackers leveraging official-looking communications to gain access to confidential company data.

    Once considered a hallmark of trustworthiness, emails from .gov addresses are no longer a guaranteed sign of authenticity. These addresses are now being sold and misused on dark web forums, enabling criminals to pose as federal agencies. In one case, a known cybercriminal openly advertised their collection of high-quality .gov email credentials, boasting that they could assist buyers in impersonating law enforcement officers, even providing fake subpoena documents to make their ruse more convincing.

    The implications are serious. Businesses that fall for these scams may inadvertently expose customer data, internal documentation, or trade secrets. The fraudulent emails often include urgent requests, claiming an investigation or legal matter requires immediate action. Under the guise of government authority, companies are pressured into complying without verifying the legitimacy of the request.

    The FBI has issued warnings, urging businesses to remain vigilant and adopt stringent cybersecurity practices. Key recommendations include monitoring connections with third-party vendors, maintaining secure backups of critical data, and scrutinizing every aspect of any supposed emergency data request. Special attention should be given to details such as logos, legal references, and formatting, which may reveal subtle inconsistencies.

    One critical piece of advice is if you receive an email from a government address requesting sensitive information, do not respond immediately. Instead, contact the office directly through a verified phone number to confirm the request. Cybercriminals are adept at social engineering, using their knowledge of a company’s operations to craft emails that seem authentic. It’s essential to adopt a ‘trust but verify’ approach, even when the sender appears legitimate.

    The growing prevalence of these attacks highlights the evolving threat landscape. Companies must stay informed, invest in robust security measures, and foster a culture of skepticism toward unexpected or urgent requests. By doing so, they can protect themselves and their customers from falling victim to these sophisticated scams.

     

  • Geebo 8:00 am on July 22, 2024 Permalink | Reply
    Tags: CrowdStrike, , phishing,   

    Scams expected in wake of CrowdStrike crash 

    Scams expected in wake of CrowdStrike crash

    By Greg Collier

    On Friday, a faulty software update from CrowdStrike’s Falcon monitoring platform caused widespread disruptions, affecting 8.5 million Windows devices globally. This incident led to significant interruptions in various services, including online banking and air travel, despite accounting for less than one percent of all Windows machines. The outage was not the result of a cyberattack, but it has sparked serious concerns about opportunistic scams exploiting the chaos.

    In the wake of the outage, both CrowdStrike and several government-affiliated agencies have issued warnings about a surge in phishing and scam activities. Scammers are quick to capitalize on the confusion, using tactics such as malicious domain registrations, phishing emails, and fraudulent phone calls. A notable scam involves a ZIP archive named “crowdstrike-hotfix.zip,” designed to steal data from unsuspecting users.

    Staying safe during this period requires vigilance and caution. Be aware of phishing scams claiming to resolve the outage, and avoid downloading software or opening attachments from unknown sources. When receiving requests for personal information, always verify the sender and never share sensitive details with unverified contacts. It’s crucial to use official channels when seeking assistance. Contact companies directly through their official websites or help desks, and make sure to visit CrowdStrike and Microsoft’s dedicated support pages for accurate information.

    Scammers often create a sense of urgency to prompt hasty actions. Resist the pressure to act quickly and take your time to verify any communication you receive. Reporting scams is essential. In the U.S., report fraud to the Federal Trade Commission.

    Support vulnerable individuals by checking in with elderly friends and family members who might be targeted. Ensure they understand the current scam tactics and know how to stay safe. This collective vigilance can help protect against the wave of scams taking advantage of the current situation.

    Experts advise that the best course of action when uncertain about a communication is to contact businesses directly. This helps avoid falling for scams masquerading as legitimate offers of assistance. Additionally, it’s important not to succumb to pressure and rush into actions that could compromise personal information.

    As the fallout from the CrowdStrike-induced outage continues, maintaining vigilance and adhering to these safety measures will help protect against the wave of scams. Remember, forewarned is forearmed. Stay informed, cautious, and always verify the sources of any communications you receive.

     

  • Geebo 8:00 am on June 4, 2024 Permalink | Reply
    Tags: , , phishing, ,   

    Protect your Facebook account from latest phishing scam 

    By Greg Collier

    Social media scams are constantly evolving, and the latest phishing scheme is a new threat targeting Facebook users. It’s designed to trick you into revealing your login credentials by exploiting your fear of losing access to your account. The Better Business Bureau has issued a warning about this scam, emphasizing the importance of recognizing and avoiding it. Here’s how you can identify this scam and safeguard your account from hackers.

    You might receive an email that seems to be from Facebook, warning about a breach of Community Standards on your page. The message might look like this: “Recently, we discovered a breach of our Community Standards on your page. Your page has been disabled for violating our Terms. If you believe this decision is incorrect, you can request a review and file an appeal at the link below.” The email could also state that if you don’t act within 24 hours, your account will be permanently deleted. The email includes a link that appears to lead to Facebook’s website.

    When faced with such a message, it’s essential to remain calm and scrutinize it closely. You will likely find telltale signs of a scam, such as, typos and grammatical errors in the message, an email sender’s address that doesn’t match Facebook’s official addresses, or you might notice that the link doesn’t actually point to Facebook’s website.

    Another variant of this phishing scam targets business pages, threatening deactivation due to a Terms of Service or Community Standards violation. This message pretends to be from Meta Business Support and asks the administrator to confirm the account by clicking a link, or face permanent deletion. Clicking the link typically leads to a fake but official-looking page that prompts you to fill out a form with your login email, phone number, name, and other details. Once submitted, you are asked to confirm your password, providing scammers the information needed to hijack your account. We have to clear out messages like this from our inbox daily just because we’re a business with a Facebook page.

    There are steps you can take to protect yourself from this scam, such as reading suspicious emails and messages carefully, looking for signs of a scam before taking any action. Remember, fake alerts are common as scammers frequently target social media accounts.

    If you receive a message similar to the one’s mentioned, you should verify its claims by logging into your Facebook account directly to check if there is an actual problem. Do not rely on the information provided in the message to make any decisions.

    Also, even if an alert seems legitimate, use the Facebook app to log in or type the URL into the browser bar yourself. Avoid clicking on links sent via email or messages.

    Lastly, never enter your login information on a third-party website or any page other than the official Facebook website. Do not send your login details via email or Facebook Messenger. If you suspect you’ve entered your credentials on a fake form, change your password immediately.

    By staying informed and cautious, you can protect your Facebook account from phishing scams and other online threats. The Better Business Bureau’s warning serves as a reminder that your security starts with a proactive approach to recognizing and avoiding these scams.

     

  • Geebo 9:05 am on December 15, 2023 Permalink | Reply
    Tags: , , , phishing, ,   

    New scam sends you a bill from Apple 

    New scam sends you a bill from Apple

    By Greg Collier

    Whenever you see a headline that says there’s a new scam, the odds are it’s an old scam in new clothing. It’s just more efficient to say there’s a new scam in the headline in order to better educate the reader. Today’s scam is no different.

    Security experts are saying scammers are sending bills to their victims that appear to look like a bill from Apple Computers. The bill says the recipient is being charged close to $300 for security ‘upgradation’. Upgradation is an English word, however, it is not used in American English. That should be someone’s first clue the bill is fraudulent.

    The bill contains a phone number to call in case the recipient has any questions. Once a victim calls the number, they’re told they’ll be issued a refund if they allow the phony customer service agent to have remote access to the victim’s device. Red flags do not get any redder than this. Once a user allows remote access to their device, bad actors can install malware on to the device, or gain access to your online accounts.

    A similar scam to this one is when victims receive an email that claims someone just made a large purchase on their Amazon account, prompting the victim to call a customer service included in the email.

    In this instance, the scammers are posing as Apple because Apple users have a reputation of being more affluent since Apple devices are more expensive than competitors’ devices. The scammers don’t actually know who owns an Apple device. They send out these email invoices en masse, hoping they snag an Apple using victim. It’s almost certain some Windows and Android users received phony Apple emails too.

    With these email scams, never call the phone number included. Instead, manually check your account from that vendor or service to make sure you haven’t been charged. If you still feel the need to call them, use the customer service number from their website.

     

  • Geebo 8:00 am on October 24, 2023 Permalink | Reply
    Tags: , , phishing, ,   

    USPS warns of $2M email scam 

    USPS warns of $2M email scam

    By Greg Collier

    The United States Postal Service (USPS) has had to issue many scam warnings in its recent past. The one you might most be familiar with is the undelivered package scam. This is when scammers send out text messages purporting to be from the USPS. The text messages say the USPS could not deliver the recipient’s package and needs additional information to make the delivery. These text messages often contain a link where the recipient will either be asked for personal or financial information. Now, the USPS is issuing a warning about an email scam they’ve discovered.

    According to the USPS, scammers are sending out emails asking for the recipient’s personal information such as street address and phone number, among other information. The emails look like they’re coming from the USPS, but they’re not. Much like the text messages, the emails also claim that a delivery is trying to be made to the recipient. However, in order to potentially get as much information as possible from the recipient, the scam emails are dangling a large incentive in front of them.

    The emails claim the recipient is receiving a $2 million cashier’s check along with $50,000 in money orders. The email then instructs the recipient to send their personal information to another address. From there, the recipient’s identity could be easily stolen. The USPS hasn’t said if anyone has fallen victim to this scam yet.

    As always, if something sounds too good to be true, it probably is. No one is sending out $2M checks out of the goodness of their hearts. Even if they were, the check would more than likely not be sent through the regular mail. Subsequently, the USPS does not reach out to customers through text, email, or phone call about undeliverable packages. They never ask for personal or payment information, either.

    If you receive an email like this, you’re asked to forward it to spam@uspis.gov before deleting the email.

     

  • Geebo 8:00 am on October 6, 2023 Permalink | Reply
    Tags: phishing, , quishing,   

    New QR code scam could show up in your inbox 

    New QR code scam could show up in your inbox

    By Greg Collier

    First, there was phishing, the emails from scammers that tried to get you to click on malicious links. Then there was smishing where scammers tried to get you to click on malicious links in SMS/text messages. Now, there is a new scam called ‘quishing’, which involves QR codes.

    QR codes are similar to the bar codes that get scanned at the supermarket. Except, in the case of QR codes, they direct you to a website. They’re essentially fancy links. When you scan a QR code with your phone’s camera, a URL will pop up for you to click on. While QR codes are used in many industries, their most common use is for advertising. You might see an ad that contains a QR code that will direct you to a sale on a retail site, for example.

    Scammers are now said to be sending emails containing QR codes. The scam emails are made to look like they’re being sent from well-known brands and companies. The email will ask the recipient to scan the QR code to receive some kind of discount or special offer. What actually happens when the code is scanned, the victim is taken to a website that infects their device with malware. From there, the scammers can potentially access any app you may have on your phone. The QR code could also take you to a website that’s cloned from the brand the scammers are imitating, where a victim will be asked for personal or financial information.

    After scanning a QR code, take a close look at the URL or web address it leads to. Be cautious if it appears to be misspelled, overly complex, or has a suspicious domain.

    If you happen to scan a fraudulent QR code, it’s crucial to promptly update your passwords for any affected accounts to prevent unauthorized access by scammers. Additionally, take immediate measures to enhance the security of your financial accounts. Enabling two-factor authentication (2FA) on these accounts is another effective way to bolster their protection against unauthorized access.

     

  • Geebo 8:00 am on August 11, 2023 Permalink | Reply
    Tags: phishing, , ,   

    New scam targets Venmo users 

    New scam targets Venmo users

    By Greg Collier

    If you use the mobile payment app Venmo, there are already a ton of scams you have to look out for. However, most of them are about whom the user is sending money to. Remember, Venmo is only supposed to be used between friends and family. Most legitimate businesses and organizations do not request payment through Venmo.

    But now there’s a new Venmo scam that’s determined to empty your account. The Ohio Division of Financial Institutions has issued a warning about the latest scam.

    The scam starts when the victim receives a text message that appears to have come from Venmo. The text asks the victim if their Venmo account was used in another part of the country. The message also contains a link to click on if you didn’t make that transaction.

    If the victim clicks on the link, they’re taken to a website that looks like it’s Venmo, but it’s actually a fake website designed to look like it. The fake website asks for the user’s log in credentials, and if they’re entered, the scammers can easily hijack the Venmo account and drain all the funds from it.

    So, how do the scammers know their victim has a Venmo account? In most instances, they don’t know. Scammers will send out these texts randomly while hoping someone will take the bait.

    There are a couple of ways you can protect yourself from this scam. The first is to never click on any links that appear in text messages from people you don’t know personally. Instead, log in to your Venmo account and review it for any potentially fraudulent charges. The other way is to enable two-factor authentication on your account. If your device has a fingerprint reader, it’s recommended to use that as your 2FA method as the fingerprint will be tied to your device, and not something that can be easily duplicated.

    And if Venmo is being used in a scam like this, it’s only a matter of time before it comes to Zelle, PayPal, and Cash App.

     

← Older posts

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel