Email is great for keeping in touch with friends and family and quickly conversing with colleagues but it ’ s not without its pitfalls . Scammers approach Attack.Phishing people via email to encourage them to hand over private or sensitive information about themselves or the company they work for . “ The most prevalent threats we see targeting consumers today are phishing attacks Attack.Phishing predominantly via email , where scammers try to trick Attack.Phishing people into sharing private information or access to money , ” Jessica Brookes , director of EMEA consumer at McAfee , told the Press Association . “ The first thing you should know about phishing Attack.Phishing is that it almost always involves a form of ‘ social engineering ’ , in which the scammer tries to manipulate Attack.Phishing you into trusting them for fraudulent purposes , often by pretending to be Attack.Phishing a legitimate person or business . Secondly , if an email doesn ’ t seem legitimate , it probably isn ’ t ; it ’ s always better to be safe than sorry. ” Here are four of the most popular scams circulating today : 1 ) The CEO Scam This scam Attack.Phishing appears as Attack.Phishing an email from a leader in your organisation , asking for highly sensitive information like company accounts or employee salaries . The hackers fake Attack.Phishing the boss ’ s email address so it looks like Attack.Phishing a legitimate internal company email . That ’ s what makes this scam so convincing – the lure is that you want to do your job and please your boss . But keep this scam in mind if you receive an email asking for confidential or highly sensitive information , and ask the apparent sender directly whether the request is real , before responding . 2 ) The Lucky Email How fortunate ! You ’ ve won a free gift , an exclusive service , or a great deal on a trip abroad . Just remember , whatever “ limited time offer ” you ’ re being sold , it ’ s probably a phishing scam Attack.Phishing designed to get you to give up your credit card number or identity information . The lure here is something free or exciting at what appears to be little or no cost to you . 3 ) The Urgent Email Attachment Phishing emails that try to trick Attack.Phishing you into downloading a dangerous attachment that can potentially infect your computer and steal your private information have been around for a long time . This is because they work . You ’ ve probably received emails asking you to download attachments confirming a package delivery , trip itinerary or prize . They might urge you to “ respond immediately ” . The lure Attack.Phishing here is offering you something you want , and invoking a sense of urgency to get you to click . 4 ) The Romance Scam This one can happen completely online , over the phone , or in person once initial contact is established . But the romance scam always starts with someone supposedly looking for love . The scammer often poses as Attack.Phishing a friend-of-a-friend via email and contacts you directly . But what starts as the promise of love or partnership , often leads to requests for money or pricey gifts . The scammer will sometimes spin a hardship story , saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch . The lure here is simple – love and acceptance . Brookes added : “ It is everyone ’ s responsibility to be aware and educate each other – we need to share knowledge and collaborate to protect ourselves against the current threats we face as people living in a connected world . ”

If there ’ s one thing that can be counted on to happen every year around tax season — besides the ongoing tax preparation service commercials — it ’ s fraud . Whether it ’ s selling Attack.Databreach W2 forms online or sending Attack.Phishing malicious emails that look like Attack.Phishing they are from the IRS , cybercriminals tend to keep themselves busy this time of year . Rick Holland , VP of strategy at Digital Shadows , joined this week ’ s Hacker Tracker to highlight how cybercriminals are utilizing the dark web to support their tax fraud campaigns . Earlier this year , the Treasury Inspector General for Tax Administration reported that there was a reduction in the number of fraudulent tax returns identified between 2013 and 2015 . On the other hand , around that same time the IRS released data showing that phishing Attack.Phishing and malware incidents in the 2016 tax season increased by 400 percent . Noting that the number of identified fraudulent returns was not indicative of the overall levels of tax fraud occurring , Digital Shadows set out to reconcile two very different perspectives on the same problem . In response , the external digital risk management team recently released its research assessing dark web and criminal chatter related to tax fraud so far this year . As of February , the number of mentions in 2017 so far was already over 40 percent of the 2016 total . Rick Holland , VP of strategy at Digital Shadows , explained that cybercriminals are often using the dark web marketplaces to sell Attack.Databreach W2s for as little as $ 4 , which include a victim ’ s full information that can then be used for whatever campaign the cybercriminal is going to run . In fact , he noted that often cybercriminals capitalize on phishing Attack.Phishing and malware schemes during this time by using the term “ tax refund ” in an email subject of a message that looks like Attack.Phishing it ’ s from the IRS . However , those malicious emails are actually just delivering malware to a computer for other purposes , maybe to participate in a botnet or something similar . “ Sometimes it ’ s easy to think of the personal fraud that ’ s being committed , and certainly that is happening , but I think it ’ s important to remember that it goes much broader as far as what the adversaries are doing , ” Holland said . At the end of the day , fraudsters are doing everything they can increase the likelihood of their social engineering being successful . What ’ s Next In Tax Fraud Holland stressed how important it is for both consumers and businesses to under that there are differences in the types of cyber campaigns criminals perpetrate during tax season and that the threat of fraud can be much more encompassing during this time of year . Cybercriminals aren ’ t always going to go after credit card information , because they don ’ t have to . With increased sophistication and social engineering tactics , these criminals are not limited to relying on payment data alone to make money .

Amazon buyers are being targeted by clever scammers that either set up independent seller accounts or hijack those of already established , well-reputed sellers , then offer pricy items at unbeatable prices . In an example offered by Comparitech ’ s Lee Munson , the item in question is a big LCD TV that is usually sold at around £2,300 , but the scammer offers it at almost half the price for a “ used – like new ” item . But when the potential victim tries to buy it , Amazon throws up an error , saying that there was a problem with the item in the order . A determined buyer will try to contact the seller through Amazon ’ s in-house messaging system , but the seller will push to move the conversation off it by offering a contact email address . Munson ’ s email exchange with the scammer shows that the latter insists that by contacting them directly the problem has been solved , and that an order confirmation will be sent to the buyers ’ email address . The order confirmation looks like Attack.Phishing it came from Attack.Phishing Amazon ( it appears to come from Attack.Phishing the auto-confirm @ amazon-payments-support.co.uk email address ) , but was in fact sent Attack.Phishing by the scammer . The order instructs Attack.Phishing the user to pay via direct bank transfer , to a private bank account – seemingly through Amazon Payments , but actually not . Once the victims make the payment in the way they have been instructed , it ’ s game over . They have parted with their money , and Amazon won ’ t refund them as the payment hasn ’ t been effected through their payment system . “ Payment within the Amazon.co.uk site is the only authorised and recognised form of payment for items sold by Sellers on Amazon.co.uk . Every customer who orders on Amazon.co.uk is covered by our A-to-z guarantee ; however items paid for outside of the Amazon.co.uk Marketplace aren ’ t eligible for protection , ” the company noted , and advised customers to report this type of sellers to them . But even that is not enough to stop these scammers , and they set up new accounts almost immediately after old ones have been blocked , as evidenced in this post on a Kindle Help Forum . Obviously , Amazon must find a way to spot these schemes and take these accounts down much sooner

If you get Attack.Phishing a Google Doc link in your inbox today , scrutinize it carefully before you click—even if it looks like Attack.Phishing it comes from Attack.Phishing someone you trust . A nasty phishing scam Attack.Phishing that impersonates Attack.Phishing a Google Docs request has swept the internet today , including a decent chunk of media companies . You 've heard `` think before you click '' a million times , but it really could save you from a whole lot of hassle . Google has taken steps to neutralize this particular phish Attack.Phishing . The company said in a statement that it has `` disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . '' But when it comes to phishing defense Attack.Phishing there 's always an element of cat and mouse . Large-scale phishing attacks Attack.Phishing and those impersonating Attack.Phishing popular services like Google log-in pages regularly stalk the internet . `` The importance of this phish Attack.Phishing is not how it spread , but rather how it didn ’ t use malware or fake websites tricking Attack.Phishing users to give up their passwords , '' says Aaron Higbee , chief technology officer at the phishing research and defense company PhishMe , which analyzed data from the fake Google Docs campaign. `` This phish Attack.Phishing worked because it tricked Attack.Phishing the user into granting permissions to a third-party application . This is the future of phishing Attack.Phishing , and every security technology vendor is ill-equipped to deal with it . '' Similar Google Docs scams Attack.Phishing in particular have been circulating Attack.Phishing since at least 2014 , but that does n't make them any easier to spot , in part because they seem so authentic . Phishers can use real Google accounts and develop third-party plugins that can interact with Google services , so they can lure Attack.Phishing victims in through the most perfect-looking Google web pages of all : Genuine ones .

DocuSign , a major provider of electronic signature technology , acknowledged today that a series of recent malware phishing attacks Attack.Phishing targeting its customers and users was the result of a data breach Attack.Databreach at one of its computer systems . The company stresses that the data stolen Attack.Databreach was limited to customer and user email addresses , but the incident is especially dangerous because it allows attackers to target users who may already be expecting to click on links in emails from DocuSign . San Francisco-based DocuSign warned on May 9 that it was tracking Attack.Phishing a malicious email campaign where the subject line reads , “ Completed : docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature. ” The missives contained a link to a downloadable Microsoft Word document that harbored malware . The company said at the time that the messages were not associated with DocuSign , and that they were sent from Attack.Phishing a malicious third-party using DocuSign branding in the headers and body of the email . But in an update late Monday , DocuSign confirmed that this malicious third party was able to send Attack.Phishing the messages to customers and users because it had broken in and stolen Attack.Databreach DocuSign ’ s list of customers and users . “ As part of our ongoing investigation , today we confirmed that a malicious third party had gained temporary access Attack.Databreach to a separate , non-core system that allows us to communicate service-related announcements to users via email , ” DocuSign wrote in an alert posted to its site . “ A complete forensic analysis has confirmed that only email addresses were accessed Attack.Databreach ; no names , physical addresses , passwords , social security numbers , credit card data or other information was accessed Attack.Databreach . No content or any customer documents sent through DocuSign ’ s eSignature system was accessed Attack.Databreach ; and DocuSign ’ s core eSignature service , envelopes and customer documents and data remain secure. ” The company is asking people to forward any suspicious emails related to DocuSign to spam @ docusign.com , and then to delete the missives . “ They may appear suspicious because you don ’ t recognize the sender , weren ’ t expecting a document to sign , contain misspellings ( like “ docusgn.com ” without an ‘ i ’ or @ docus.com ) , contain an attachment , or direct you to a link that starts with anything other than https : //www.docusign.com or https : //www.docusign.net , ” reads the advisory . If you have reason to expect a DocuSign document via email , don ’ t respond to an email that looks like Attack.Phishing it ’ s from DocuSign by clicking a link in the message . When in doubt , access your documents directly by visiting docusign.com , and entering the unique security code included at the bottom of every legitimate DocuSign email . DocuSign says it will never ask recipients to open a PDF , Office document or ZIP file in an email . DocuSign was already a perennial target for phishers and malware writers , but this incident is likely to intensify attacks against its users and customers . DocuSign says it has more than 100 million users , and it seems all but certain that the criminals who stole Attack.Databreach the company ’ s customer email list are going to be putting it to nefarious use for some time to come .

It ’ s still the first week of 2017 , and we ’ ve already had a WhatsApp scam Attack.Phishing warning from a keen Naked Security reader . This one tries to draw you in by claiming you ’ ll get free Wi-Fi service , promising to keep you connected even if you don ’ t have 3G airtime or a Wi-Fi connection of your own . It sounds too good to be true , and that ’ s because it is ! Here ’ s what the message looks like : The suffix .ML visible in the link above stands for Mali , which started giving away domain names for free a few years ago . ( It ’ s not the only country to do this , but it claims to have been the first African nation to do so . ) The use of a free domain isn ’ t always a reliable indicator of a scam , not least because even mainstream-looking .COM domains can be had for a dollar these days , but you don ’ t need the link to make you suspicious in this case . There ’ s a lot that ’ s visually wrong with this message , such as the inconsistent spellings Whatsapp and whatsapp , both of which are incorrect ; the poor spacing and punctuation ; and the rather casually confused way that Wifi ( which is , in fact , properly written Wi-Fi ) and 3G are mixed into the story . Nevertheless , scams propagated on social media services ofter pass the “ why not try it ? ” test , because they generally come from people you know and communicate with regularly . Spelling mistakes , shortened URLs , casual language and other inconsistencies might very well seem suspicious in an email claiming to be Attack.Phishing an official message from a well-known brand… …but not in what looks like Attack.Phishing a quick message from a friend . You can probably imagine what happens if you click through : you enter the murky world of bait-and-switch Attack.Phishing . That ’ s where you are drawn in with the promise of something that sounds both useful and interesting , but quickly find that there are a few hoops to jump through first . As with many scams of this sort , where you end up and what you have to do to “ qualify ” may differ from what we saw and are reporting here . That ’ s because cloud-based scams of this sort , where the content isn ’ t delivered in the original message but via a series of web URLs , can vary their form over time . Crooks can tailor Attack.Phishing the content they serve up Attack.Phishing in just the same way that legitimate sites do , based on many factors such as : where you are ; what browser you are using ; what time of day it is ; what operating system or device you have ; which ISP you ’ ve used to connect ; whether you ’ ve visited before ; and much more . We encountered two rather different bait-and-switch campaigns Attack.Phishing – we ’ re guessing that the crooks were using the device type to choose how to hit us up . When we used an ( old ) iPhone , we quickly ended up with a chance to win a brand new iPhone for free : When we clicked through , we found out how this scam is spread . Instead of using malware to push out messages furtively behind your back , the crooks use you as their propagation vector by telling you send the message to eight other recipients on WhatsApp : When we used an ( old ) Android device , the crooks were even pushier , insisting that we forward the scam Attack.Phishing to fifteen new recipients first : Cheekily , the buttons marked [ About ] , [ FAQ ] and [ Blog ] take you to genuine WhatsApp pages , thus adding a veneer of legitimacy . We didn ’ t invite anyone , of course , but a little bit of digging revealed the page that we ’ d have ended up on if we ’ d done what the crooks wanted : Amusingly , if cyberscamming can ever be considered funny , the [ App2 ] button downloaded an Android Package ( APK ) file , while the [ App3 ] link took us to a free app on Apple ’ s App Store . No devices exist that can run Android and iOS apps side-by-side – it ’ s one or the other , or neither , but never both – so we couldn ’ t have complied with the demands of the crooks even if we ’ d wanted to . The crooks had rigged up the buttons to redirect through various affiliate programmes , which are online marketing services where you get paid some sort of referral fee for generating clicks to , or downloads from , someone else ’ s site . In fact , this page refuses to let you use the [ FINISH ] button at first , popping up a message to warn you very ungrammatically that You have not installed All Apps in your mobile . For what it ’ s worth , the Android app was what seems to be the official front-end to an alternative Android app store aimed at the Indian market ; the iOS software was a shopping app for a popular Chinese web service . When it comes to freebies , special deals and other innocent-sounding web offers , especially when they are apparently recommended by your friends , it ’ s easy to fall into the “ no harm in taking a look ” trap . After all , this scam Attack.Phishing doesn ’ t actually try to trigger any exploits to implant malware on your phone , or trick Attack.Phishing you into installing malware , so it ’ s easy to think of it as mostly harmless . But it ’ s a scam nevertheless , and even if all you do is to take a look , you ’ re taking part in something with potentially harmful side-effects on the community around you , from bombarding your friends with unwanted messages to helping crooks to earn affiliate revenues fraudulently .