Nigerian scamsters have changed tactics as they target Indian people online , security experts have warned . The fraudsters are no longer relying on phishing emails about lotteries and charity as bait Attack.Phishing , but are duping Attack.Phishing people on the pretext of partnering with MNCs ( multinational companies ) , investing in herbal seed businesses and channelising foreign funds . According to security agencies , there is a complete shift in the modus operandi of these Nigerian web gangs . A senior Delhi Police Crime Branch officer said : 'The scamsters lure Attack.Phishing gullible targets via social networking sites such as Facebook . 'They then pose as Attack.Phishing diplomats or MNC executives and entice Attack.Phishing their targets to invest in a global venture , which actually does not exist . 'Interestingly , all dealings are done at high-secured areas such as airport and five-star hotels to give an impression of being high-flyers and avoid the risk of getting into trouble . ' 'There is no fixed narrative . Depending upon the profile of the target , the gang traps them . In the herbal seeds scam , the victim is approached online as a representative of an overseas pharmaceutical firm looking to source herbal seeds from local farmers through an agent . They promise the victim huge returns if they pay the agent upfront for the seeds . Then they disappear with the money , ' said Uttar Pradesh Special Task Force 's additional superintendent of police Triveni Singh . One of the latest victims is Meerut 's Varun Thapar , who lost Rs 3 lakh to a Nigerian gang . Thapar went to meet the gang members at a five star hotel in Mumbai and Delhi . He told Mail Today : 'The gang members contact through their international number or makes a WhatsApp call . The gang sounds so professional that it is difficult to make out that they are fraud . ' I was trapped after getting a friend request from a Manchester-based female executive . I was given seed sample in Mumbai and later duped at a five-star hotel in Delhi . The trap was so perfect that I could not sense any foul play . ' During investigation , it was found that all the numbers used for communication were taken on fake identities . Police claim the gangs have developed a new trick Attack.Phishing , where they pose as Attack.Phishing diplomat or MNC executive and work in nexus with a local youth who helps them with logistics .

The Indiana Department of Revenue ( DOR ) and the Internal Revenue Service ( IRS ) are warning folks of fraudulent emails impersonating Attack.Phishing either revenue agency and encouraging individuals to open files corrupted with malware . These scam emails use tax transcripts as bait Attack.Phishing to entice Attack.Phishing users to open the attachments . The scam is particularly problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This software is complex and may take several months to remove . This well-known malware , known as Emotet , generally poses as Attack.Phishing specific banks or financial institutions to trick Attack.Phishing individuals into opening infected documents . It has been described as one of the most costly and destructive malware to date . Emotet is known to constantly evolve , and in the past few weeks has masqueraded as Attack.Phishing the IRS , pretending to be Attack.Phishing “ IRS Online. ” The scam email includes an attachment labeled Attack.Phishing “ Tax Account Transcript ” or something similar , with the subject line often including “ tax transcript. ” Both DOR and IRS have several tips to help individuals and businesses not fall prey to email scams : Remember , DOR and the IRS do not contact customers via email to share sensitive documents such as a tax transcript . Use security software to protect against malware and viruses , and be sure it ’ s up-to-date . Never open emails , attachments or click on links when you ’ re not sure of the source . If an individual is using a personal computer and receives Attack.Phishing an email claiming to be Attack.Phishing the IRS , it is recommended to delete or forward the email to phishing @ irs.gov orto investigations @ dor.in.gov Business receiving these emails should also be sure to contact the company ’ s technology professionals .

The Internal Revenue Service today warned the public of a tax transcript scheme via a surge of fraudulent emails impersonating Attack.Phishing the IRS . The emails offer Attack.Phishing tax transcripts , or the summary of a tax return , as bait Attack.Phishing to entice Attack.Phishing users to open documents containing malware . The scam email carries an attachment labeled “ Tax Account Transcript ” or something similar , and the subject line uses some variation of the phrase “ tax transcript. ” The IRS said the scam Attack.Phishing is especially problematic for businesses whose employees might open the malware because it can spread throughout the network and potentially take months to successfully remove . Known as Emotet , the well-known malware generally poses as Attack.Phishing specific banks and financial institutions in its effort to trick Attack.Phishing people into opening infected documents . However , in the past few weeks , the scam Attack.Phishing has been masquerading as Attack.Phishing the IRS , pretending to be Attack.Phishing from “ IRS Online. ” The United States Computer Emergency Readiness Team ( US-CERT ) issued a warning in July about earlier versions of the Emotet in Alert ( TA18-201A ) Emotet Malware . US-CERT has labeled the Emotet Malware “ among the most costly and destructive malware affecting state , local , tribal , and territorial ( SLTT ) governments , and the private and public sectors. ” The IRS reminds taxpayers it does not send unsolicited emails to the public , nor would it email a sensitive document such as a tax transcript . Taxpayers should not open the email or the attachment . If using a personal computer , delete or forward the scam email to phishing @ irs.gov . If seen while using an employer ’ s computer , notify the company ’ s technology professionals .

One needs to be always aware of Tax Scams , including tax refund scams , which are carried out by scamsters who pretend to be Attack.Phishing from the IRS of USA , HMRC of UK , CRA of Canada , Income Tax Department of India and such . Scamsters contact Attack.Phishing you via fake emails , phone calls , recorded message , SMS , etc , and either scare you with the possibility of some legal action or entice Attack.Phishing you with a tax refund ! Every tax season , Tax Scams start doing the rounds . Emails , Phone calls , or recorded messages by cybercriminals impersonating Attack.Phishing authentic tax agents have become an order of the day and continue to remain a major threat to taxpayers . The scam artists use sinister designs that threaten police arrest , deportation , and even license revocation . With the increases in its popularity , fraudsters are also busy finding more ways to increase efficiency . Earlier , the major targets were elderly people and immigrant population . Slowly , the focus has shifted to methods that rely on auto-dialers , robocalling , and voice mail messages to hit as many taxpayers as possible . The story begins with an automated call . It plays a recorded message warning you that it ’ s “ the final notice ” from the tax agency such as the Internal Revenue Service , Indian Income Tax Department , HM Revenue and Customs , or the Tax department of your country . Or it could begin with an email . In any case , the recorded voice or email purports to be Attack.Phishing from tax inspector and goes on to specify about the course of action , the agency is likely to follow against you like , planning a lawsuit against you , and if you don ’ t return this call , you could land up in jail , soon . Attacks , such as these use fear as bait Attack.Phishing or the lure Attack.Phishing of a tax refund on the other hand . They rely on social engineering tactics . One such message tells recipients that there ’ s a pending law enforcement action against them as they have evaded tax . It is mainly used to target U.S. taxpayers . The scam pretends to contain information about a subpoena . It could contain a web link which it wants you to click . The link could take you to a fraudulent website . Or the email could include an attachment . The file is a “ document file ” that Microsoft Word opens in Protected View . It contains an instruction to Enable Editing . If the Enable Editing button is clicked , malicious Macros in the ‘ document ’ downloads a malware . So one needs to always exercise utmost caution in either of the cases .

Phishing Attack.Phishing takes place when a fraudster tricks Attack.Phishing an individual into sharing sensitive information ( account numbers , Social Security numbers , login credentials , etc . ) by way of fraudulent emails , texts , or counterfeit websites . Phishing Attack.Phishing can also enable a scammer to gain access to a computer or network so that they can install malware , such as ransomware , on a victim 's computer . Phishers are able to achieve this by spoofing Attack.Phishing the familiar , trusted logos of established , legitimate companies . Or , they may pose as Attack.Phishing a friend or family member and are often successful in completely deluding Attack.Phishing their targets . In carrying out attacks , Dark Caracal uses trojanized WhatsApp and Facebook apps to try to lure Attack.Phishing users into clicking malicious links and downloading Android malware , called Pallas , which can collect vast amounts of data . Dark Caracal targets include governments , military organizations , utilities , financial institutions , manufacturing companies and defense contractors . Stealth Mango ( Android ) and Tangelo ( iOS ) , discovered by Lookout Security Intelligence , are surveillanceware tools that target government officials , diplomats , activists and military personnel , specifically in Pakistan , Afghanistan , Iraq , India and the UAE . According to Lookout Security , “ data from U.S. , Australian , and German officials and military have been swept up in the campaign we believe is being run by members in the Pakistani military. ” Fake eFax email deceives Attack.Phishing email recipients by telling them they have received ‘ a new eFax ’ and that they need to click on a link button in the email to retrieve the document . The link goes to a phishing page . This is not a new attack , but has recently been spotted in emails again . Email filtering company , Mailguard , has picked up Attack.Phishing a fake E-Toll notification containing an infected .doc file . According to Mailguard , the file contains a malicious macro that will download malware to the victim ’ s computer . The notification also includes the logos of Microsoft Office and Mailguard in order to appear Attack.Phishing authentic . It even goes as far as to claim that , “ this document is protected by MailGuard '' . DHL branding was mimicked Attack.Phishing and fake shipping notifications were sent out Attack.Phishing , asking recipients to download an attached file that contained highly destructive trojan malware . “ MEWKit Attack.Phishing ” is a phishing attack Attack.Phishing that directly steals Ethereum from users of MyEtherWallet . Using MyEtherWallet as bait Attack.Phishing , it attempts to trick Attack.Phishing Ethereum investors into logging in to the bogus , cloned version of the website in order to steal their credentials . Gmail ’ s new Confidential Mode may invite link-baiting phishing attacks Attack.Phishing . According to analysis by ComputerWorld , “ Confidential Mode works by storing your email in a secure space on Google servers in the cloud . When both sender and recipient use Gmail , the email appears normal . But recipients who do not use Gmail get a link for viewing the email in a browser . The messages you send or receive via Confidential Mode are not actually email . The link is an email , but the message is an email-looking page on the internet that ’ s password-protected . Emails containing the link can , in fact , be forwarded , but only the intended recipient can successfully open the link . When someone gets one of these forwarded mails , they ’ re prompted for their Google login username and password to determine whether or not they ’ re the intended recipient . This is problematic , because it invites link-baiting phishing attacks Attack.Phishing , which could con people into revealing their login information . ” A phishing campaign Attack.Phishing targeting Apple users seeks to dupe Attack.Phishing victims into updating their profiles in preparation for the EU ’ s General Data Protection Regulation ( GDPR ) policies , which go into effect on May 25 . This is just one of many scams exploiting the coming implementation of GDPR policies .

The Indiana Department of Revenue and the Internal Revenue Service is warning individuals and businesses about emails that use tax transcripts as bait Attack.Phishing to entice Attack.Phishing users to open attachments . These scams are problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This well-known malware , known as Emotet , generally poses as Attack.Phishing specific banks or financial institutions to trick Attack.Phishing individuals into opening infected documents . It ’ s been described as one of the most costly and destructive malware to date . Both the DOR and IRS have several tips to help individuals and businesses stay clear of these scams : - The DOR and IRS do not contact customers via email to share sensitive documents such as a tax transcript - Use security software to protect against malware and viruses , and make sure it ’ s up-to-date - Never open emails , attachments , or click on links when you ’ re not sure of the source If you receive Attack.Phishing an email claiming to be Attack.Phishing the IRS , delete it or forward the email to phishing @ irs.gov < mailto : phishing @ irs.gov > . If the email claims to be Attack.Phishing from the DOR forward it to investigations @ dor.in.gov < mailto : investigations @ dor.in.gov > . Emotet is known to constantly evolve , and in the past few weeks has masqueraded as Attack.Phishing the IRS , pretending to be Attack.Phishing “ IRS Online ” . The scam email includes an attachment , with the subject line often including “ tax transcript ” .

Criminals are attempting to trick Attack.Phishing consumers into handing over passwords and credit card details by taking advantage of the flood of emails being sent out Attack.Phishing ahead of new European privacy legislation . The European Union 's new General Data Protection Regulation ( GDPR ) come into force on 25 May and the policy is designed to give consumers more control over their online data . As a result , in the run-up to it , organisations are sending out Attack.Phishing messages to customers to gain their consent for remaining on their mailing lists . With so many of these messages being sent out Attack.Phishing , it was perhaps only a matter of time before opportunistic cybercriminals looked to take advantage of the deluge of messages about GDPR and privacy policies arriving in people 's inboxes . A GDPR-related phishing scam Attack.Phishing uncovered by researchers at cyber security firm Redscan is doing just this in an effort to steal data with emails claiming to be Attack.Phishing from Airbnb . The attackers appear to be Attack.Phishing targeting business email addresses , which suggests the messages are sent Attack.Phishing to emails scraped from the web . The phishing message addresses the user as an Airbnb host and claims Attack.Phishing they 're not able to accept new bookings or send Attack.Phishing messages to prospective guests until a new privacy policy is accepted . `` This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies , like Airbnb in order to protect European citizens and companies , '' the message says , and the recipient is urged Attack.Phishing to click a link to accept the new privacy policy . Those who click the link are asked to enter their personal information , including account credentials and payment card information . If the user enters these , they 're handing the data straight into the hands of criminals who can use it for theft , identity fraud , selling on the dark web and more . `` The irony wo n't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to steal Attack.Databreach people 's data , '' said Mark Nicholls , Director of Cyber Security at Redscan . `` Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action , whether that 's clicking a link or divulging personal data . It 's a textbook phishing campaign Attack.Phishing in terms of opportunistic timing and having a believable call to action '' . Airbnb is sending messages to users about GDPR , but the messages contain far more detail and do n't ask the users to enter any credentials , merely agree to the new Terms of Service . While the phishing messages might look legitimate at first glance , it 's worth noting they do n't use the right domain - the fake messages come from Attack.Phishing ' @ mail.airbnb.work ' as opposed to ' @ airbnb.com ' . Redscan has warned that attackers are likely to use GDPR as bait Attack.Phishing for other phishing scams Attack.Phishing , with messages claiming to be Attack.Phishing from other well-known companies . `` As we get closer to the GDPR implementation deadline , I think we can expect to see a lot a lot more of these types of phishing scams Attack.Phishing over the next few weeks , that 's for sure , '' said Nicholls , who warned attackers could attempt to use the ploy to deliver malware in future . `` In the case of the Airbnb scam email , hackers were attempting to harvest Attack.Databreach credentials . Attack vectors do vary however and it 's possible that other attacks may attempt to infect hosts with keyloggers or ransomware , for example . '' he said . Airbnb said those behind the attacks have n't accessed Attack.Databreach user details in order to send Attack.Phishing emails and that users who receive Attack.Phishing a suspicious message claiming to be Attack.Phishing from Airbnb should send it to their safety team . `` These emails are a brazen attempt at using our trusted brand to try and steal Attack.Databreach user 's details , and have nothing to do with Airbnb . We 'd encourage anyone who has received Attack.Phishing a suspicious looking email to report it to our Trust and Safety team on report.phishing @ airbnb.com , who will fully investigate , '' an Airbnb spokesperson told ZDNet . Airbnb also provided information on how to spot a fake email to help users to determine if a message is genuine or not .