Fake “ mods ” for Minecraft , the wildly popular pixelated sandbox game for kids , have turned up in Google Play . Mods , short for modifications , are add-ons for games that change the functionality or add additional levels or features . There are many , many legitimate mods out there for all kinds of games , including Minecraft . But in this case , a bevy rogue apps offer more sinister changes . Android gamers that fall for them will find themselves bombarded with aggressive ads and scam activity , according to ESET . ESET said that players have been exposed to 87 fake mods , and up to 990,000 users have installed them . These fall into two buckets : Ad-displaying downloaders ( there are so far 14 of these that ESET has uncovered , with 80,000 installs and counting ) , and fake apps redirecting users to scam websites ( 73 apps and 910,000 installs ) . The downloaders are for now merely plying unfortunate users with in-your-face ads . But that could easily change . “ Since [ this ] is able to download any sort of additional malware to the victim ’ s device , there is no reason to believe malware authors would stop at only displaying unwanted ads , ” researchers noted . “ Seeing they can lure Attack.Phishing thousands of users into installing their deceptive applications , more dangerous threats distributed under similar disguise might be the next logical step. ” As for the latter , “ once launched , the apps display a screen with a download button , ” ESET researchers said . “ Clicking the button does not download any mods ; instead , it redirects the user to a website opened in a browser and displays all kinds of obtrusive content. ” In terms of how to tell the mod from the con , reviews are , as usual , a handy barometer : The downloader versions for instance are spamming victims with ads , so poor reviews are the norm . Mobile security products should also detect the malicious apps prior to download . This isn ’ t the first time the bad guys have targeted Minecraft—it is , after all , a pop culture phenomenon for elementary school kids and tweens . In 2015 , ESET researchers discovered more than 30 fake applications in Google Play , which pretended to be Attack.Phishing cheats for the popular world-building-with-pixels game . And in 2014 , a trojanized version of the Android Minecraft PE app was found being sold at half the official price through third party Russian app stores . To clean a device of the downloaders , ESET said that users must first deactivate device administrator rights for both the app and the downloaded module ( found under Settings - > Security - > Device administrators ) . Then , users can uninstall the apps by going to Settings - > Application Manager . For the scam app , victims can just uninstall the app in Settings - > Application Manager .

If you sell items online , beware scammers who are hacking into websites and taking over real users ' accounts . Casundra Venable told FOX59 she has sold on eBay for five years with no problems , but recently she fell victim to a scam . Venable was selling a Samsung phone with accessories on the website . Her sale closed , she received a $ 227 payment , and then a message that she thought was from the buyer . `` Thanks so much for ( an ) interesting auction . It was hard to choose the present for my friend . I think my friend will love this , '' Venable said , reading the message . The writer sent her supposed friend 's address , and Venable sent the package to that address . A few days later , she received a message from eBay saying the buyer had not received the package . It was then that she realized the message had been a fake . `` I thought , you know , 'How stupid ( was I ) for doing it ? '' Venable said . Venable said she was on the lookout for scams , but only those that come from people outside the eBay website . She assumed that because the message came through a real account , it was legitimate . It turns out , the scammer hacked into a real user 's account and used it to find a closing sale , then pretended to be Attack.Phishing the buyer . `` If they ask you to send it somewhere besides their registered address , say no , '' Venable said . FOX59 spoke with the Better Business Bureau 's Tim Maniscalo , who said that while he had not heard of this specific type of eBay scam , it did n't surprise him . `` Well over 50 percent of the scams ( we see ) now are perpetrated in some way , shape , or form through the internet , '' Maniscalo said . Venable tried to get her package back , but she could not get it from the warehouse in Brooklyn , New York where it ended up . `` ( A man on the phone ) said it ’ s off to the country of Georgia , '' Venable said . An eBay spokesperson confirmed this scam to FOX59 , saying a hacker was involved . The company also sent an alert to Venable , but it was too late . The spokesperson sent this statement : `` This incident was a scam and was the result of an unauthorized takeover of another user ’ s account . Unfortunately , scam artists will gain access Attack.Databreach to eBay member accounts through phishing emails in order to defraud other members . Criminals often exploit well-known , trusted brand names like eBay to attract Attack.Phishing consumers and then lure Attack.Phishing them into fraudulent transactions . We always encourage all our shoppers to be cautious and vigilant when executing a transaction on eBay . Members can prevent account takeovers from occurring by having frequent virus and spyware scans done on their account , regularly updating their passwords , and confirming a message was sent by eBay by checking their “ My Messages ” within their eBay account . ''

Biggest case involved woman who lost HK $ 119,000 in 24 hours after being conned into buying more than 50 points cards for online games . A woman who lost HK $ 119,000 in 24 hours was among almost 250 people duped out Attack.Phishing of about HK $ 1.9 million ( US $ 242,000 ) in a WhatsApp scam Attack.Phishing in Hong Kong this year , police said on Wednesday . According to police , swindlers pretended to be Attack.Phishing friends of WhatsApp users and invented different excuses to lure Attack.Phishing them into revealing their account verification codes . The con men then accessed the accounts with the codes and , posing as Attack.Phishing the users , sent Attack.Phishing text messages to deceive Attack.Phishing the account holders ’ contacts . Mohammed said genuine account holders were unable to use WhatsApp at least 12 hours after their accounts were hijacked . “ All the scam victims were asked to buy MyCard points cards for online games , ” he said . MyCard is a digital payment platform . Users can buy credit to spend on the platform from convenience stores across the city , Mohammed said . After getting passwords for the cards , scammers sold them online . Police said the age range of the victims was between 17 and 72 and losses went from a few hundred dollars to thousands . No arrests had been made . The Post reported in February that officers believed fraudsters from Taiwan were behind the scam because the points cards they requested were used for the Taiwanese versions of online games . Police advised residents to safeguard their personal data and verify the identity of those who contact them . If in doubt , people should call the Anti-Scam Helpline at 18222 . In the first three months of this year , there were 270 reports of deception through instant messaging platforms , accounting for HK $ 2.6 million in losses . That exceeds the figure for the whole of last year , when there were 266 cases , in which scammers bagged HK $ 2.1 million .

Last week , the Internal Revenue Service ( IRS ) issued a new warning to employers , urging them to stay alert as reports of compromised W-2 records started to climb . This newest advisory aligns with the agency 's plan to delay refunds for those filing their returns early in order to combat identity theft and fraud . The IRS also informed employers the W-2 scam has moved beyond corporations , expanding to include schools , tribal organizations , and nonprofits . In a statement , IRS Commissioner , John Koskinen , said the scams - sometimes known as Business Email Compromise (BEC) attacks Attack.Phishing - are some of the most dangerous email scams the agency has seen in a long time . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . `` It can result in the large-scale theft of sensitive data Attack.Databreach that criminals can use to commit various crimes , including filing fraudulent tax returns . We need everyone ’ s help to turn the tide against this scheme , '' Koskinen said . In 2016 , at least 145 organizations fell victim to BEC scams Attack.Phishing , exposing tens of thousands of employees to tax fraud and identity theft . Salted Hash kept track of some of the high-profile cases , and Databreaches.net tracked everything , resulting in a massive list of documented successful attacks . As of February 5 , 23 organizations have disclosed BEC-related data breaches Attack.Databreach publicly , each one resulting in compromised W-2 data . The confirmed BEC victims include ten school systems , a software development firm , a utility company in Pennsylvania , at least one restaurant in Indianapolis , and businesses operating within the healthcare , finance , manufacturing , and energy sectors . Distribution International emailed employees that their W-2 data was compromised Attack.Databreach on January 27 . Their notification expands the number of affected taxpayers to more than 30,000 . The scammers spoofed Attack.Phishing an email and pretended to be Attack.Phishing one of the company 's owners . W-2 records for all companies and all employees were compromised Attack.Databreach . Salted Hash reached out to Sky Climber 's CFO , Jeff Caswell , for more information . Also , the College of Southern Idaho has reported an incident that could impact 3,000 employees . According to Public Information Officer Doug Maughan , the W-2 records affected belong to seasonal and auxiliary staff . Palomar College disclosed an attack Attack.Databreach on January 30 , which affected employee W-2 records . The school did n't say the incident Attack.Databreach was the result of a BEC attack Attack.Phishing , but Salted Hash is listing it anyway due to the timing of the attack and the information targeted . Finally today , the West Michigan Whitecaps - a Class A minor league baseball team affiliated with the Detroit Tigers - said staff W-2 records were compromised after someone posing as Attack.Phishing a manager requested them . In 2016 , the criminals behind the BEC attacks Attack.Phishing mostly focused on payroll and tax records . This year though , the IRS says that in addition to the usual records request , the scammers are now following-up and requesting wire transfers . `` Although not tax related , the wire transfer scam is being coupled with the W-2 scam email , and some companies have lost both employees ’ W-2s and thousands of dollars due to wire transfers , '' the IRS explained in their warning . `` Employers should consider creating an internal policy , if one is lacking , on the distribution of employee W-2 information and conducting wire transfers . '' BEC attacks Attack.Phishing are essentially Phishing scams Attack.Phishing , or Spear Phishing Attack.Phishing since the criminals have a specific target . They 're effective too , exploiting the trust relationships that exist within the corporate environment . In a majority of the reported cases from 2016 , the attackers forged Attack.Phishing an email and pretended to be Attack.Phishing the victim organization 's top executive , or someone with direct authority . Often it is the CEO or CFO , but any high-level manager will work .

Last week , the Internal Revenue Service ( IRS ) issued a new warning to employers , urging them to stay alert as reports of compromised W-2 records started to climb . This newest advisory aligns with the agency 's plan to delay refunds for those filing their returns early in order to combat identity theft and fraud . The IRS also informed employers the W-2 scam has moved beyond corporations , expanding to include schools , tribal organizations , and nonprofits . In a statement , IRS Commissioner , John Koskinen , said the scams - sometimes known as Business Email Compromise (BEC) attacks Attack.Phishing - are some of the most dangerous email scams the agency has seen in a long time . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . `` It can result in the large-scale theft of sensitive data Attack.Databreach that criminals can use to commit various crimes , including filing fraudulent tax returns . We need everyone ’ s help to turn the tide against this scheme , '' Koskinen said . In 2016 , at least 145 organizations fell victim to BEC scams Attack.Phishing , exposing tens of thousands of employees to tax fraud and identity theft . Salted Hash kept track of some of the high-profile cases , and Databreaches.net tracked everything , resulting in a massive list of documented successful attacks . As of February 5 , 23 organizations have disclosed BEC-related data breaches Attack.Databreach publicly , each one resulting in compromised W-2 data . The confirmed BEC victims include ten school systems , a software development firm , a utility company in Pennsylvania , at least one restaurant in Indianapolis , and businesses operating within the healthcare , finance , manufacturing , and energy sectors . Distribution International emailed employees that their W-2 data was compromised Attack.Databreach on January 27 . Their notification expands the number of affected taxpayers to more than 30,000 . The scammers spoofed Attack.Phishing an email and pretended to be Attack.Phishing one of the company 's owners . W-2 records for all companies and all employees were compromised Attack.Databreach . Salted Hash reached out to Sky Climber 's CFO , Jeff Caswell , for more information . Also , the College of Southern Idaho has reported an incident that could impact 3,000 employees . According to Public Information Officer Doug Maughan , the W-2 records affected belong to seasonal and auxiliary staff . Palomar College disclosed an attack Attack.Databreach on January 30 , which affected employee W-2 records . The school did n't say the incident Attack.Databreach was the result of a BEC attack Attack.Phishing , but Salted Hash is listing it anyway due to the timing of the attack and the information targeted . Finally today , the West Michigan Whitecaps - a Class A minor league baseball team affiliated with the Detroit Tigers - said staff W-2 records were compromised after someone posing as Attack.Phishing a manager requested them . In 2016 , the criminals behind the BEC attacks Attack.Phishing mostly focused on payroll and tax records . This year though , the IRS says that in addition to the usual records request , the scammers are now following-up and requesting wire transfers . `` Although not tax related , the wire transfer scam is being coupled with the W-2 scam email , and some companies have lost both employees ’ W-2s and thousands of dollars due to wire transfers , '' the IRS explained in their warning . `` Employers should consider creating an internal policy , if one is lacking , on the distribution of employee W-2 information and conducting wire transfers . '' BEC attacks Attack.Phishing are essentially Phishing scams Attack.Phishing , or Spear Phishing Attack.Phishing since the criminals have a specific target . They 're effective too , exploiting the trust relationships that exist within the corporate environment . In a majority of the reported cases from 2016 , the attackers forged Attack.Phishing an email and pretended to be Attack.Phishing the victim organization 's top executive , or someone with direct authority . Often it is the CEO or CFO , but any high-level manager will work .