Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google.
In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. Here’s how it works: Cybercriminals pay for a sponsored ad on Google pretending to be a major brand. Often, this ad leads people to a fake website. However, in the cases we recently found, the visitor is taken to the legitimate site with a small difference.
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Beware: PayPal phishing texts state your account is ‘limited’
January 3, 2021
A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft. When PayPal detects suspicious or fraudulent activity on an account, the account will have its status set to “limited,” which will put temporary restrictions on withdrawing, sending, or receiving money. Read ...
- Data breach broker selling 368.8 million user records stolen from 26 companies
December 31, 2020
A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned. When threat actors and hacking groups breach a company and steal their user databases, they commonly work with data breach brokers who market and sell the data for them. Brokers will then create posts on ...
- Emotet malware hits Lithuania’s National Public Health Center
December 30, 2020
The internal networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities have been infected with Emotet malware following a large campaign targeting the country’s state institutions. “When infected recipients opened infected messages, the virus entered the internal networks of the institutions,” NVSC officials said in a statement published today. “Infected computers, after downloading additional ...
- T-Mobile data breach exposed phone numbers, call records
December 30, 2020
T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records. Starting yesterday, T-Mobile began texting customers that a “security incident” exposed their account’s information. According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile ...
- Phishing Technique Uses Legitimate-looking Domains to Avoid Detection
December 28, 2020
Email threats continued to increase in the time of the pandemic, and the number of phishing URLs rose along with it. Our 2020 mid-year observation on phishing and email threats continue to be true as we close out the year. During our recent tracking efforts, we observed a phishing technique that involves a combination of phishing ...
- Ransomware: Attacks could be about to get even more dangerous and disruptive
December 23, 2020
Ransomware is one of the biggest threats facing businesses. An organisation that falls victim to a ransomware attack – which sees cyber criminals use malware to encrypt the network, rendering it inoperable – will quickly find itself unable to do business at all. Cyber criminals lock down networks like this for one simple reason: it’s the ...