Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google.
In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. Here’s how it works: Cybercriminals pay for a sponsored ad on Google pretending to be a major brand. Often, this ad leads people to a fake website. However, in the cases we recently found, the visitor is taken to the legitimate site with a small difference.
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Belden networking giant’s company data stolen in cyberattack
November 25, 2020
Network device manufacturer Belden was hit with a cyberattack that allowed threat actors to steal files containing information about employees and business partners. Belden is a US-based manufacturer of network connectivity devices, including routers, firewalls, switches, cabling, and connectors. Belden generated $2.5 billion in revenue for 2019 and employs approximately 9,000 people. Read more… Source: Bleeping Computer
- Baltimore County Public Schools hit by ransomware attack
November 25, 2020
Baltimore County Public Schools has been hit today by a ransomware attack that led to a systemic shutdown of its network due to the number of systems impacted in the attack. The Baltimore County school district manages all public schools in Baltimore County, Maryland, and is the 25th largest U.S. school system. Read more… Source: Bleeping Computer
- Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group
November 25, 2020
Three suspects have been arrested in Lagos following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation. The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise scams. The suspects are alleged to have developed phishing links, domains, ...
- Botnets have been silently mass-scanning the internet for unsecured ENV files
November 21, 2020
Drawing little attention to themselves, multiple threat actors have spent the past two-three years mass-scanning the internet for ENV files that have been accidentally uploaded and left exposed on web servers. ENV files, or environment files, are a type of configuration files that are usually used by development tools. Frameworks like Docker, Node.js, Symfony, and Django use ...
- New Grelos Skimmer Variants Siphon Credit Card Data
November 20, 2020
Just as seasonal online shopping kicks into high gear, new variants of the point-of-sale Grelos skimmer malware have been identified. Variants are targeting the payment-card data of online retail shoppers on dozens of compromised websites, researchers warn. The Grelos skimmer malware has been around since 2015, and its original version is associated with what are called ...
- IT threat evolution Q3 2020
November 20, 2020
IT threat evolution Q3 2020 Mobile statistics The statistics presented here draw on detection verdicts returned by Kaspersky products and received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, the third quarter saw: 1,189 797 detected malicious installers, of which 39,051 packages were related to mobile banking trojans; 6063 packages proved to be mobile ...