people into providing bank details to pay for a fake WhatsApp subscription does just that . WhatsApp did once charge a subscription fee of $ 0.99/£0.99 , but stopped the practice in January 2016 . However , the fraudsters behind this latest scam are looking to take advantage of the fact WhatsApp -- which has over a billion users -- did once rely on a subscription service to dupeAttack.Phishingvictims into handing over their banking information . The UK 's fraud and cybercrime centre Action Fraud and the City of London police have issued a warning about the campaign . Emails purporting to beAttack.Phishingfrom 'The WhatsApp Team ' claim that `` your subscription will be ending soon '' and that in order to continue to use the service , you need to update your payment information . Victims are encouraged to sign into a 'customer portal ' with their number and to enter payment information . Naturally , this is a scam -- with spelling errors in the text a huge giveaway -- and all the victims are doing is providing criminals with their financial details . Criminals could use these to simply make purchases or as a basis for further fraud . Scammers have also been known to use text messages in an effort to dupeAttack.Phishingvictims into paying for a fake subscription . Those who receiveAttack.Phishingthe email are urged not to click on any of the links , but to instead report it to the police . Action Fraud also offers advice to those who have already fallen for the scam , telling victims to `` run antivirus software to ensure your device has not been infected with malware '' . Scammers often attempt to lureAttack.Phishingvictims into handing over their credit card information -- or installing malware onto their machines -- often with authentic-looking phishing emails claiming to be fromAttack.Phishingreal companies . Previously , Action Fraud has warned about scammers attempting to stealAttack.Databreachcredentials from university staff with fake emails about a pay rise , while police have also issued a warning about cybercriminals attempting to infect people with banking malware using emails that pretend to beAttack.Phishingfrom a charity .
Cybercriminals prey on naivety , and a new scam campaign that attempts to trickAttack.Phishingpeople into providing bank details to pay for a fake WhatsApp subscription does just that . WhatsApp did once charge a subscription fee of $ 0.99/£0.99 , but stopped the practice in January 2016 . However , the fraudsters behind this latest scam are looking to take advantage of the fact WhatsApp -- which has over a billion users -- did once rely on a subscription service to dupeAttack.Phishingvictims into handing over their banking information . The UK 's fraud and cybercrime centre Action Fraud and the City of London police have issued a warning about the campaign . Emails purporting to beAttack.Phishingfrom 'The WhatsApp Team ' claim that `` your subscription will be ending soon '' and that in order to continue to use the service , you need to update your payment information . Victims are encouraged to sign into a 'customer portal ' with their number and to enter payment information . Naturally , this is a scam -- with spelling errors in the text a huge giveaway -- and all the victims are doing is providing criminals with their financial details . Criminals could use these to simply make purchases or as a basis for further fraud . Scammers have also been known to use text messages in an effort to dupeAttack.Phishingvictims into paying for a fake subscription . Those who receiveAttack.Phishingthe email are urged not to click on any of the links , but to instead report it to the police . Action Fraud also offers advice to those who have already fallen for the scam , telling victims to `` run antivirus software to ensure your device has not been infected with malware '' . Scammers often attempt to lureAttack.Phishingvictims into handing over their credit card information -- or installing malware onto their machines -- often with authentic-looking phishing emails claiming to be fromAttack.Phishingreal companies . Previously , Action Fraud has warned about scammers attempting to stealAttack.Databreachcredentials from university staff with fake emails about a pay rise , while police have also issued a warning about cybercriminals attempting to infect people with banking malware using emails that pretend to beAttack.Phishingfrom a charity .
PhishingAttack.Phishingtakes place when a fraudster tricksAttack.Phishingan individual into sharing sensitive information ( account numbers , Social Security numbers , login credentials , etc . ) by way of fraudulent emails , texts , or counterfeit websites . PhishingAttack.Phishingcan also enable a scammer to gain access to a computer or network so that they can install malware , such as ransomware , on a victim 's computer . Phishers are able to achieve this by spoofingAttack.Phishingthe familiar , trusted logos of established , legitimate companies . Or , they may pose asAttack.Phishinga friend or family member and are often successful in completely deludingAttack.Phishingtheir targets . In carrying out attacks , Dark Caracal uses trojanized WhatsApp and Facebook apps to try to lureAttack.Phishingusers into clicking malicious links and downloading Android malware , called Pallas , which can collect vast amounts of data . Dark Caracal targets include governments , military organizations , utilities , financial institutions , manufacturing companies and defense contractors . Stealth Mango ( Android ) and Tangelo ( iOS ) , discovered by Lookout Security Intelligence , are surveillanceware tools that target government officials , diplomats , activists and military personnel , specifically in Pakistan , Afghanistan , Iraq , India and the UAE . According to Lookout Security , “ data from U.S. , Australian , and German officials and military have been swept up in the campaign we believe is being run by members in the Pakistani military. ” Fake eFax email deceivesAttack.Phishingemail recipients by telling them they have received ‘ a new eFax ’ and that they need to click on a link button in the email to retrieve the document . The link goes to a phishing page . This is not a new attack , but has recently been spotted in emails again . Email filtering company , Mailguard , has picked upAttack.Phishinga fake E-Toll notification containing an infected .doc file . According to Mailguard , the file contains a malicious macro that will download malware to the victim ’ s computer . The notification also includes the logos of Microsoft Office and Mailguard in order to appearAttack.Phishingauthentic . It even goes as far as to claim that , “ this document is protected by MailGuard '' . DHL branding was mimickedAttack.Phishingand fake shipping notifications were sent outAttack.Phishing, asking recipients to download an attached file that contained highly destructive trojan malware . “ MEWKitAttack.Phishing” is a phishing attackAttack.Phishingthat directly steals Ethereum from users of MyEtherWallet . Using MyEtherWallet as baitAttack.Phishing, it attempts to trickAttack.PhishingEthereum investors into logging in to the bogus , cloned version of the website in order to steal their credentials . Gmail ’ s new Confidential Mode may invite link-baiting phishing attacksAttack.Phishing. According to analysis by ComputerWorld , “ Confidential Mode works by storing your email in a secure space on Google servers in the cloud . When both sender and recipient use Gmail , the email appears normal . But recipients who do not use Gmail get a link for viewing the email in a browser . The messages you send or receive via Confidential Mode are not actually email . The link is an email , but the message is an email-looking page on the internet that ’ s password-protected . Emails containing the link can , in fact , be forwarded , but only the intended recipient can successfully open the link . When someone gets one of these forwarded mails , they ’ re prompted for their Google login username and password to determine whether or not they ’ re the intended recipient . This is problematic , because it invites link-baiting phishing attacksAttack.Phishing, which could con people into revealing their login information . ” A phishing campaignAttack.Phishingtargeting Apple users seeks to dupeAttack.Phishingvictims into updating their profiles in preparation for the EU ’ s General Data Protection Regulation ( GDPR ) policies , which go into effect on May 25 . This is just one of many scams exploiting the coming implementation of GDPR policies .
Conmen are taking phishing scamsAttack.Phishingto the next level , targeting Apple users with emails and calls to a fake Apple Care service . While emails are a fairly common way of luringAttack.Phishingvictims , it ’ s not every day that you hear about calls being involved to dupeAttack.Phishingfolks . Ars Technica reports that the attackAttack.Phishingbegins with an email which is designed to look likeAttack.Phishingan official iCloud account warning . It claims a sign-in attempt was blocked on their account since someone tried to use their password . There ’ s a “ Check Activity ” button which opens up a page on a compromised site for a men ’ s salon in South India . The webpage immediately redirectsAttack.Phishingthe victim to another site , followed by another redirection to a fake Apple Support page asking them to contact support since their iPhone has been locked due to illegal activity . If they fall for the baitAttack.Phishing, the site launches a “ scanning ” box which eventually gives way to a pop-up box prompting the victim to call a number . If the email is opened in an iPhone , the number can be called straightaway . iPads and Macs can ’ t do the same , so the system will ask if they want to open it in FaceTime . The publication actually dialed the number and got in touch with someone who described themselves as “ Lance Roger from Apple Care. ” It seems the elaborate scheme is targeting email addresses associated with iCloud . The end game is to trickAttack.PhishingiPhone users into enrolling in a rogue mobile device management service . This allows the attackers to push infected apps onto the victim ’ s device , all the while pretendingAttack.Phishingthis is a part of Apple ’ s security service . The phishing site is still live right now , but both Google and Apple have marked it as deceptive . Ars Technica has additionally passed on the technical details of the scam to an Apple security team member . The company told Engadget that it has resources on its support website to help people tell right from wrong . Everyday iOS users could still easily get fooled though .
On the one hand , it gives them a bit of plausible deniability while reaping the potential spoils of each attack , but if the hackers are n't kept on a tight leash things can turn bad . Karim Baratov , the 22-year-old Canadian hacker who the FBI alleges Russia 's state security agency hired to carry out the Yahoo breach , did n't care much for a low profile . His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars -- the latest an Aston Martin DB9 with the license plate `` MR KARIM . '' But forget those for a moment and consider he was n't very careful in hiding his hacking work . In the domain name records , he listed his home address . “ When you bring in amateurs who don ’ t follow standard protocol , that carries risk , ” said Alex Holden , chief information security officer at Hold Security . At the time , the company notified the FBI but only believed 26 accounts had been targeted . It was n't until mid 2016 that the true enormity of the hack started to become apparent . Security experts say it ’ s possible Baratov or a second hacker hired to help might have bragged online about the hack at some point , tipping off U.S. investigators . And then in August 2016 a database allegedly stolenAttack.Databreachfrom Yahoo was found circulatingAttack.Databreachon the black market . “ Some of the information about this hackAttack.Databreachwas basically leakedAttack.Databreach, ” Holden said . “ That ’ s not a sign of a mature intelligence operation ” . So why did Russia turn to a 22-year-old from Canada ? According to the indictment , Baratov broke into the accounts through spear phishing email attacksAttack.Phishing, which are often designed to dupeAttack.Phishingvictims into handing over password information . However , spear phishingAttack.Phishingonly works best if the emails appear authentic . “ The benefit of having Karim , the Canadian , on the team probably allowed creation of far more believable phishing attacksAttack.Phishingdue to his being a native English speaker , ” said Chester Wisniewski , a research scientist at security firm Sophos , in an email . In addition to Baratov , the Russian agents allegedly hired a 29-year-old Latvian named Aleksey Belan , who pulled off the main hack againstAttack.DatabreachYahoo , and stoleAttack.Databreachthe database involving 500 million user accounts . By outsourcing the operation to Belan , Russia probably wanted to conceal the true motives for the Yahoo breach , Wisniewski said . Prior to Wednesday ’ s indictment , Belan himself was already a wanted man for hacks against U.S. e-commerce companies . “ There is also the ‘ cover ’ of criminal actions to potentially obfuscate the spying that was allegedly the real purpose ” . In response to Wednesday 's criminal indictments by the FBI , the Russian government is denying any involvement , and calling the allegations a distraction . Baratov , who has been arrested in Canada , is also claiming innocence , according to his lawyer . But if the allegations are true , it does show one example of how Russia is harnessing the power of cybercriminals for spying purposes -- and how it can get sloppy
The Russian hacking group blamed for targeting U.S. and European elections has been breaking intoAttack.Databreachemail accounts , not only by trickingAttack.Phishingvictims into giving up passwords , but by stealingAttack.Databreachaccess tokens too . It 's sneaky hack that 's particularly worrisome , because it can circumvent Google 's 2-step verification , according to security firm Trend Micro . The group , known as Fancy Bear or Pawn Storm , has been carrying out the attackAttack.Phishingwith its favored tactic of sending outAttack.Phishingphishing emails , Trend Micro said in a report Tuesday . The attackAttack.Phishingworks by sending outAttack.Phishinga fake email , pretending to beAttack.Phishingfrom Google , with the title “ Your account is in danger. ” An example of a phishing email that Fancy Bear has usedAttack.Phishing. The email claims that Google detected several unexpected sign-in attempts into their account . It then suggests users install a security application called “ Google Defender. ” However , the application is actually a ruse . In reality , the hacking group is trying to dupeAttack.Phishingusers into giving up a special access token for their Google account , Trend Micro said . Victims that fall for the scheme will be redirected to an actual Google page , which can authorize the hacking group 's app to view and manage their email . Users that click “ allow ” will be handing over what ’ s known as an OAuth token . Although the OAuth protocol does n't transfer over any password information , it 's designed to grant third-party applications access to internet accounts through the use of special tokens . In the case of Fancy Bear , the hacking group has leveraged the protocol to buildAttack.Phishingfake applications that can foolAttack.Phishingvictims into handing over account access , Trend Micro said . “ After abusing the screening process for OAuth approvals , ( the group ’ s ) rogue application operatesAttack.Phishinglike every other app accepted by the service provider , ” the security firm said . Even Google 's 2-step verification , which is designed to prevent unwarranted account access , ca n't stop the hack , according to Trend Micro . Google 's 2-step verification works by requiring not only a password , but also a special code sent to a user 's smartphone when logging in . Security experts say it 's an effective way to protect your account . However , the phishing schemeAttack.Phishingfrom Fancy Bear manages to sidestep this security measure , by trickingAttack.Phishingusers into granting access through the fake Google security app . Google , however , said it takes many steps to protect users from such phishing attacksAttack.Phishing. `` In addition , Google detects and reviews potential OAuth abuse and takes down thousands of apps for violating our User Data Policy , such as impersonatingAttack.Phishinga Google app , '' the company said in a statement . `` Note that a real Google app should be directly accessed from a Google site or installed from the Google Play or Apple App stores , '' it added . According to Trend Micro , victims were targeted with this phishing attackAttack.Phishingin 2015 , and 2016 . In addition to Google Defender , Fancy Bear has used other apps under names such as Google Email Protection and Google Scanner . They ’ ve also gone after Yahoo users with apps called Delivery Service and McAfee Email protection . The attackAttack.Phishingattempts to trickAttack.Phishingusers into handing over access to their email through fake Google third-party applications . “ Internet users are urged to never accept OAuth token requests from an unknown party or a service they did not ask for , ” Trend Micro said . Although a password reset can sometimes revoke an OAuth token , it 's best to check what third-party applications are connected to your email account . This can be done by looking at an email account 's security settings , and revoking access where necessary . Fancy Bear is most notorious for its suspected role in hacking the Democratic National Committee last year . However , the group has also been found targeting everything from government ministries , media organizations , along with universities and think tanks , according to Trend Micro .
Cyber Monday is here ! If you avoided the retail stores and skipped their Black Friday deals , do n't worry , you 'll get another chance for major savings today . From clothing to travel to exclusive online-only deals , Cyber Monday still has tons to offer . But just in time for the Cyber Monday shopping rush , watch out for sinister phishing scamsAttack.Phishingthat are making the rounds . With more online shoppers this time around - searching every nook and cranny of the web in search of the best Cyber Monday deals - crooks are again looking to dupeAttack.Phishingunsuspecting bargain hunters . Stop and Think , Did I order this ? One of the most effective tools for a cybercriminal is the phishing scamAttack.Phishing. This is when a scammer poses asAttack.Phishinga trustworthy entity and tries trickingAttack.Phishingyou into clicking on a malicious link . Their ultimate goal , of course , is to stealAttack.Databreachyour sensitive information such as credit card details , usernames and passwords . With this year 's holiday online shopping numbers projected to be the biggest ever , millions of items will be processed and shipped . With this surge in shipping activity , consumer protection groups are warning everyone to watch out for fake delivery notices and package verification scams . For example , if you receiveAttack.Phishingan email from `` Amazon '' saying that you have a pending delivery that needs verification from you , then that is most likely a phishing scamAttack.Phishing. Other email phishing scamsAttack.Phishingmay also pretend to provideAttack.Phishingyou with a link for shipping updates or special discount coupons and offers . Another popular ploy is the phantom order scam . These alarming emails are meant to get you clicking by pretendingAttack.Phishingyou ordered thousands of dollars of merchandise . But before you click that link , look out , these deceitful messages can be extremely convincing . Fake delivery and shipping notifications can look just likeAttack.Phishingthe real thing , using real logos and art from company websites . These cybercriminals will even set upAttack.Phishingfake websites that look likeAttack.Phishingthe real deal to lureAttack.Phishingyou into giving away your personal information and credit card details .
Digital payments have gained popularity among consumers but have also brought in the threat of cyber criminals placing fake e-wallet apps to dupeAttack.Phishingusers . According to cyber security solution firm Kaspersky , no such incidentAttack.Phishinghas been reported yet but the probability of cyber criminals adding fake apps on app stores remains high . “ Digital payment companies ensure that the transactions are safe on their apps . Besides , there are checks like two-factor authentication for ensuring secure transactions for consumers , ” Altaf Halde , Managing Director at Kaspersky Lab , South Asia , told . In such a scenario , cyber criminals could look at trickingAttack.Phishingconsumers into downloading fake apps that look almost likeAttack.Phishingthe genuine one , allowing a backdoor entry into their smartphone . While financial institutions like banks and mobile m-wallet companies take steps to protect customer information , users also need to take precautions as negative experiences could lead to losing trust in digital transactions .