Oleh Diposting pada

The tables have turned. Now you can use AI to spot and block scam texts before they do you harm. 

You might have heard how scammers have tapped into the power of AI. It provides them with powerful tools to create convincing-looking scams on a massive scale, which can flood your phone with annoying and malicious texts. 

The good news is that we use AI too. And we have for some time to keep you safe. Now, we’ve put AI to use in another powerful way—to put an end to scam texts on your phone. 

Our new McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your texts. No more wondering if a package delivery message or bank notification is real or not. Our patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more. 

Stop scam texts and their malicious links.  

The time couldn’t be more right for this kind of protection. Last year, Americans lost $330 million to text scams alone, more than double the previous year, with an average reported loss of $1,000, according to the Federal Trade Commission. The deluge of these new sophisticated AI-generated scams is making it harder than ever to tell what’s real from what’s fake.  

Which is where our use of AI comes in. With it, you can turn the table on scammers and their AI tools.  

Here’s a closer look at how McAfee Scam Protection works: 

  • Proactive and automatic protection: Get notifications about a scam text before you even open the message. After you grant permission to scan the URLs in your texts, McAfee Scam Protection takes charge and will let you know which texts aren’t safe and shouldn’t be opened. 
  • Patented and powerful AI: McAfee’s AI runs in real-time and is constantly analyzing and processing millions of malicious links from around the world to provide better detection. This means McAfee Scam Protection can protect you from advanced threats including new zero-day threats that haven’t been seen before. McAfee’s AI continually gets smarter to stay ahead of cybercriminals to protect you even better. 
  • Simple and easy to use: When you’re set up, McAfee Scam Protection goes to work immediately. No copying or pasting or checking whether a text or email is a scam. We do the work for you and the feature will alert you if it detects a dangerous link and blocks risky sites in real time if you accidentally click.   

How do I get McAfee Scam Protection? 

McAfee Scam Protection is free for most existing customers, and free to try for new customers. 

Most McAfee customers now have McAfee Scam Protection available. Simply update your app. There’s no need to purchase or download anything separately. Set up McAfee Scam Protection in your mobile app, then enable Safe Browsing for extra protection or download our web protection extension for your PC or Mac from the McAfee Protection Center. Some exclusions apply¹. 

For new customers, McAfee Scam Protection is available as part of a free seven-day trial of McAfee Mobile Security. After the trial period, McAfee Mobile Security is $2.99 a month or $29.99 annually for a one-year subscription. 

As part of our new Scam Protection, you can benefit from McAfee’s risky link identification on any platform you use. It can block dangerous links should you accidentally click on one, whether that’s through texts, emails, social media, or a browser. It’s powered by AI as well, and you’ll get it by setting up Safe Browsing on your iOS² or Android device—and by using the WebAdvisor extension on PCs, Macs and iOS. 

Scan the QR code to download McAfee Scam Protection from the Google App store

 Yes, the tables have turned on scammers. 

AI works in your favor. Just as it has for some time now if you’ve used McAfee for your online protection. McAfee Scam Protection takes it to a new level. As scammers use AI to create increasingly sophisticated attacks, McAfee Scam Protection can help you tell what’s real and what’s fake. 

  1. Customers currently with McAfee+, McAfee Total Protection, McAfee LiveSafe, and McAfee Mobile Security plans have McAfee Scam Protection included in their subscription.
  2. Scam text filtering is coming to iOS devices in October.  

Introducing McAfee Scam Protection

Avoid scam texts with AI-powered protection


#AIpowered #Scam #Protection #Spots #Block #Scams #Real #Time

Oleh Diposting pada

QR codes are all around us. They offer a quick way to take part in surveys, download useful stuff, and visit websites of interest. After all, pointing your phone at a picture is far easier than typing in an annoyingly long URL.

But their very convenience hides a significant drawback. With regular links, it’s possible to spot a trap with the naked eye. The red flags are well-known: typos or extra characters in the site address, a disguised redirect, strange domain zones, and so on. But as for QR codes, where that jumble of black squares might take you is anyone’s guess.

With a compelling example, in this post we explain how those harmless-looking squares can pose a threat, and how not to fall victim to scammers. The example in question is the story of a woman who lost US$20,000 by scanning a QR code when buying bubble tea.

20,000-dollar bubble tea

Many have encountered coffee-shop promos when visitors are invited to take a short survey in exchange for a free drink or a discount on a purchase. This often requires you to scan a QR code at the counter — a familiar, almost routine action. What could possibly go wrong?

That’s what a 60-year-old Singaporean must have thought, too. To get a free cup of bubble tea, she scanned the QR code sticker on the glass of the coffee shop door. As it turned out later, the sticker had been pasted on by cybercriminals. The scam code contained a link to download a third-party Android app in order, she believed, to take a survey. However, the app was malicious.

Once installed, the program requested access to the camera and microphone, and to enable Android Accessibility services. This built-in Android service allows criminals to view and control the victim’s screen, as well as to disable facial and fingerprint recognition — this way attackers can force the victim to type their banking app password manually, if needed. The scammers had only to wait for her to log in, intercept the credentials, and later use them to transfer all the money to their own accounts.

How not to fall victim

Since it’s impractical (and not really necessary) to avoid scanning QR codes altogether, we recommend the following:

  • Check the addresses of sites that are linked inside QR codes carefully, and look for typical red flags.
  • Make sure that the expected and actual content match up. For example, if the code was supposed to lead to a survey, logically there should be some kind of form with answer options. If not, close the site immediately. But even if the page arouses no suspicion, you should still be careful — it may be a high-quality fake (see the first point, and read our post about how to spot a bogus site).
  • Don’t download apps via QR codes. As a rule, bona fide apps can always be found on Google Play, the App Store, or any other official platform. Apps from third-party sources shouldn’t be installed in any case.
  • Protect your devices with a reliable security solution. A built-in QR scanner lets you check the link buried in the maze of squares. Also, our solution blocks attempts to visit malicious sites and protects you from the profusion of other threats out there in cyberspace.


#codes #dangerous #Kaspersky #official #blog

Oleh Diposting pada

Short links are everywhere these days. All these bit.ly, ow.ly, t.co, t.me, tinyurl.com and the like have long since become a familiar part of the online landscape. So familiar, in fact, that most users click on them without thinking twice. But thinking is never a bad thing. With that in mind, we explain below how short links work and what privacy and security threats they can pose.

What happens when you click on a short link?

When you click on a short link, you almost go straight to the intended destination, which is the address specified by the user who created the link. Almost, but not quite: the actual route takes a quick detour via the URL shortener service.

The more efficient the service, the quicker this takes, and the smoother the transition to the end stop. Of course, the delay feels insignificant only to a person — we humans are rather slow. But for an electronic system, it’s more than long enough to get up to all kinds of activity, which we’ll discuss below.

Why short links? The main reason is one of space: making a long link shorter means it takes up less of the screen (think mobile devices) and doesn’t eat up the character limit (think social media posts). Alas, that’s not all there is to it. The creators of short links may be pursuing their own goals, not necessarily driven by concern for users. Let’s talk about them.

Short links and user tracking

Have you ever wondered why many internet links are so long and unsightly? It’s usually because links encode all kinds of parameters for tracking click-throughs, so-called UTM tags.

Usually, these tags are deployed to determine where the user clicked on the link, and thus to evaluate the effectiveness of ad campaigns, placement on blogger pages, and so on. This is not done in the name of user convenience, of course, but for digital marketing.

In most cases, this is a fairly harmless form of tracking that doesn’t necessarily collect data from link clickers: often marketers are just interested in the source of traffic. But since this additional “packaging” doesn’t look very aesthetic, and often makes the URL insanely long, shortener services are often brought into play.

What’s more unpleasant from a privacy point of view is that URL shorteners don’t limit themselves to redirecting users to the destination address. They also tend to harvest a host of statistics about the link clickers — so your data ends up in the hands not only of the creator of the short link through embedded UTM tags, but also of the owners of the URL shortener. Of course, this is the internet, and everyone collects some kind of statistics, but using a short link introduces another intermediary that holds data on you.

Disguised malicious links

Besides violating your privacy, short links can threaten the security of your devices and data. As we never tire of repeating: always carefully check links before clicking on them. But with short links, a problem arises: you never know for sure where it is you’ll be taken.

If cybercriminals use short links, the advice to check them becomes meaningless: you can only find out where a link points after clicking. And by then it may be too late — if the attackers exploit a zero-click vulnerability in the browser, the infection can occur as soon as you land on the malicious site.

Short links and dynamic redirects

Cybercriminals can also use link-shortening tools to change the target address as the need arises. Suppose that some attackers bought a database of millions of email addresses and used it to send out phishing messages with some kind of link. But here’s the problem (for the attackers): the phishing site they created was quickly discovered and blocked. Rehosting it at a different address is not an issue, but then they would have to resend all the phishing mailshots.

The solution (again, for the attackers) is to use a “shimming” service, which makes it possible to quickly change the URL users will visit. And the role of “shims” here can be played by URL shorteners, including ones originally created with dubious intentions in mind.

With this approach, a link to the shimming service is added to the phishing email, which redirects victims to the phishers’ site at their currently active address. Often, multiple redirects are used to further muddy the trail. And if the destination phishing site gets blocked, the cybercriminals simply host it at a new address, change the link in the shim, and the attack continues.

Man-in-the-middle attacks

Some link-shortening tools, such as Sniply, offer users more than just shorter links. They allow tracking the actions of link clickers on the actual destination site, which is effectively a man-in-the-middle attack: traffic passes through an intermediate service node that monitors all data exchanged between the user and the destination site. Thus, the URL shortener can intercept anything it wants: entered credentials, social network messages, and so on.

Personal spying

In most cases, short links intended for mass use are placed in social network posts or on web pages. But additional risks arise if one was sent to you personally — in a messenger or an email to your personal or work address. Using such links, an attacker who already has some information about you can redirect you to a phishing site where your personal data is pre-filled. For example, to a copy of a banking site with a valid username and a request to enter your password, or to the “payment gateway” of some service with your bank card number pre-filled, asking you to enter a security code.

What’s more, such links can be used for doxing and other types of tracking, especially if the URL shortener service offers advanced functionality. For instance, our recent post about protecting privacy in Twitch looked in detail at ways to de-anonymize streamers and how to counter them.

How to stay protected

What to do about it? We could advise never to click on short links, but, in the vast majority of cases, URL shorteners are used for legitimate purposes, and short links have become so common that total avoidance isn’t really an option. That said, we do recommend that you pay special attention to short links sent to you in direct messages and emails. You can inspect such links before clicking by copying and pasting them into a tool for checking short links, such as GetLinkInfo or UnshortenIt.

However, there is a simpler method: a high-quality security solution with an integrated approach that takes care of security and privacy at the same time. For example, our Kaspersky Premium has a Private Browsing component that blocks most known online trackers and thus prevents your online activities from being monitored.

Our products also offer protection against online fraud and phishing, so rest assured that Kaspersky Premium will warn you in good time before landing on a dangerous site — even if the link was shortened. And, of course, the antivirus will guard against any attempts to infect your devices — including ones exploiting as-yet-unknown vulnerabilities.


#Privacy #security #threats #short #links

Oleh Diposting pada

Authored by: Neil Tyagi  

Scam artists know no bounds—and that also applies to stealing your cryptocurrency. Crypto scams are like any other financial scam, except the scammers are after your crypto assets rather than your cash. 

Crypto scammers use many tactics in other financial crimes, such as pump-and-dump scams that lure investors to purchase an asset with fake claims about its value or outright attempts to steal digital assets. 

This time scammers were trying to get an investor to send a digital asset as a form of payment for a fraudulent transaction. 

It starts with a Tweet used as bait to lure innocent cryptocurrency investors into purchasing a non-existent token, related to a reputed company, SpaceX. 

The theme used here by scammers is the sale of the official cryptocurrency of SpaceX. In the above image we can also see the reach of the tweet is high. (224.4K views) 

 Protection with McAfee+:  

McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance, and support to take the steps to be safer online. McAfee protects against these types of scam sites with Web Advisor protection that detects malicious websites. 

The link present in this tweet redirects to  space[-]launch[.]net, which is already marked as malicious by McAfee. 

A WHOIS search on the site reveals it is hosted on Cloudflare. Cloudflare has increasingly become the number one choice for scammers to host malicious websites and protect their assets. 

A WHOIS lookup on the domain reveals redacted personal information. No surprises there  

When we click on the link, it takes us to a login page and asks for SpaceX login credentials. This page was designed as a phishing page for people who have real SpaceX login credentials. 

 

For people who don’t have SpaceX credentials, they can use the signup link.  

 

After we log in, it redirects to a landing page where one can purchase the supposedly original cryptocurrency launched by SpaceX

 

As you can see, it impersonates as the official SpaceX portal for buying their token. It also has all the elements related to SpaceX and its branding. 

In the above picture, we can see that scammers are employing the social engineering trick of FOMO (Fear Of Missing Out) as they have created a timer showing that the fake tokens are only available for purchase for the next 10 hours. This also makes sure that the scam would end before all the online security vendors flag the site. 

Scammers also allow users to purchase fake tokens from about 22 cryptocurrencies, the prominent being Bitcoin, Ethereum, and USDT. 

 

Scammers even offer a bonus of fake SpaceX tokens if users are ready to purchase a minimum amount

Here we can find the BTC wallet address of the scammers and see the transactions related to these wallets. 

The crypto wallet addresses of scammers for the following currencies are.  

  • BTC bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee 
  • USDT 398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 
  • ETH 16a243E3392Ffd9A872F3fD90dE79Fe7266452F9 

Looking at transactions related to these addresses, we find people have become victims of this scam by sending payments to these wallets. The Bitcoin wallet above has gathered around 2,780 US dollars. You can also see three of the last transactions made to the account. 

Similarly, for Ethereum, the scammers have gathered around 1,450 US dollars 

We observed two popular cryptocurrencies, but scammers are using about 22 different crypto wallets.  

Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. Also, stay informed by researching and reading about recent phishing incidents and security best practices. 

IOC (Indicator of Compromise)  

Domain  Crypto Type  Wallet address 
space[-]launch[.]net  BTC  bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee 
space[-]launch[.]net  USDT  398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 
space[-]launch[.]net  ETH  16a243E3392Ffd9A872F3fD90dE79Fe7266452F9 
space[-]launch[.]net  XRP  rnmj4xsaaEaGvFbrsg3wCR6Hp2ZvgjMizF 
space[-]launch[.]net  DASH  XxD3tJ7RA81mZffKFiycASMiDsUdqjLFD1 
space[-]launch[.]net  BCH  qr45csehwfm5uu9xu4mqpptsvde46t8ztqkzjlww68 
space[-]launch[.]net  USDC  0x398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 

 

 

 


#Crypto #Scam #SpaceX #Tokens #Sale

Oleh Diposting pada

Instead of getting you out of a jam, tech support scams get you into one. And they can get costly.

Tech support scammers had a banner year in 2022. They raked in more than $800 million in the U.S. alone, according to the FBI’s list of reported cases. The actual figure climbs higher when you factor in all the unreported cases. And it goes yet higher still when you consider all the victims worldwide.

In all, tech support scams make up a multi-billion-dollar industry.

They make their money several ways. Sometimes the scammers who run them charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis, but access your computer to steal information instead. Or they could hit you with several of the above.

You can stumble across these scams on your own as you go about your day online. Other times, they find you, such as when the scammer calls you directly.

One of our employees shared his story when a tech support scammer called his wife out of the blue:

I was messing around on my computer before dinner. My wife came in with a strange look on her face as she told the person on the phone, “I think you might want to talk to my husband about that.” Once on the phone I was greeted with, “Hi, this is Rick from Windows support and we’re calling because your computer is sending junk files to the internet.” I knew there was no way he was from “Windows support” since a reputable company isn’t going to call me up out of the blue like this, but as a security researcher I was curious, so I jumped right in.

“Rick” said that to fix my issue he needed me to install a free remote access tool and give him access to my system. Letting an unknown person access my actual computer seemed like a bad idea, so I let him log on to a “virtual machine” that I use for security testing. The first thing he did was turn off my security software, including the antivirus and firewall. After doing that, he downloaded a file that he tried to install. Since I had additional security software in place he wasn’t aware of, the installation failed each time he tried to run it. At this point, I had the file he was trying to install, the IP address he was connecting from, and the site he used to get the malicious file. I told “Rick” that I work for a security company and would like to know what he was actually looking for. I’m fairly certain he hung up before I completed my sentence.

Sure enough, after the call, a malware scan confirmed that “Rick” wanted to install a remote access tool (RAT) that would have given him full control of the computer.

That’s one example of how these scams go. They get costly too. The FBI further reported that the average loss for a tech support scam approached $25,000. In some cases, pop-up “security alert” ads spearheaded scams that cost people $200,000 and upwards to $1 million.

Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.

What do tech support scams look like?

Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.

First, there are the scams that track you down.

This might be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they might reach you by way of a pop-up ad. Again telling you that your computer or device needs urgent repairs. These can find you a few different ways:

  • By clicking on links from unsolicited emails.
  • From pop-up ads from risky sites.
  • Via pop-ups from otherwise legitimate sites that have had malicious ads injected.
  • By way of spammy phone calls made directly to you, whether by robocall or a live operator.

Second, there are the scams that lie in wait.

These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads on social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include:

  • Online classified ads, forum posts, and blog sites.
  • Ads on Social media sites such as Facebook, Reddit, YouTube, and Tumblr.
  • Search results—scammers place paid search ads too!

How to spot and avoid tech support scams

  • With regards to ads and search results, keep an eye open for typos, awkward language, or poor design and logos that look like they could be a knockoff of a trusted brand. Check our top tips to spot tech support scams of what these ads and search results look like.
  • Don’t fall for the call. If someone calls you with an offer of “tech support.” Chances are, it’s a scam. And if they ask for payment in gift cards or cryptocurrency like bitcoin, it’s absolutely a scam. Just hang up.
  • Note that big tech companies like Apple and Microsoft won’t call you with offers of tech support or an alert that “something is wrong with your computer.” Such calls come from imposters. Moreover, in many cases, the company will offer free support as part of your purchase or subscription that you can get on your own when you need it. (For example, that’s the case with our products.)
  • Don’t click or tap on any links or call any numbers that suddenly appear on your screen and warn you of a computer problem. Again, this is a likely sign of an attempted scam. Often, this will happen while browsing. Simply close your browser and open a fresh browser window to clear the ad or link.
  • Go to the source. Contact the company directly for support, manually type their address into your browser, or call the number that came with the packaging or purchase. Don’t search. This will help you avoid imposters that clog up search results with bogus ads.
  • Protect your browsing. Use a web protection extension that can spot malicious sites and help prevent you from clicking on them by mistake. Comprehensive online protection software will offer protection for your browsing, in addition to protection from malware and viruses.
  • Remove your personal info from data broker sites. How did that scammer get your phone number in the first place? Scammers often purchase personal information in bulk from data broker sites, which can include your phone number. Our Personal Data Cleanup can help you remove your information from some of the riskiest data broker sites out there.

Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download on your own, get it from the company’s official website. Stay away from third-party sites that might host malware.

What to do if you think you’ve been scammed:

  1. Change your passwords. This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier.
  2. Run a malware and virus scan right away. Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well by gaining access to one device on your network.
  3. Stop payment. Contact your bank, credit card company, or online payment platform to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services don’t.)
  4. Report the scam. In the U.S., you can contact the Federal Trade Commission, which reports the claim to thousands of law enforcement agencies. While they can’t resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?”

Introducing McAfee+

Identity theft protection and privacy for your digital life


#Lookout #Scam #Tech #Support #Calls

Oleh Diposting pada

There are lots of websites with tempting offers of quick and easy money working from home. But in reality, they’re likely to be from scammers looking to get gullible users to work for them for free and advertise their “business.” This post demonstrates the operation principle of several such schemes and gives tips on how to avoid falling victim to them.

Many scams in one

Who wouldn’t want to earn money for doing regular online stuff: taking surveys, watching videos, playing games and other simple tasks? That’s how scammers lure victims to one of the sites.

Home page of a scam website offering part-time work doing regular online activities

Home page of a scam website offering part-time work doing regular online activities

The home page of the “platform” is overflowing with offers of easy-earning jobs. Scammers promise new recruits a whopping US$200 a day. Plus a US$25 signing-up bonus!

Of course, there are numerous reviews from grateful “users” who have already become rich. But if you bother to read them, you’ll spot a lot of grammatical mistakes.

Reviews from

Reviews from “users” who supposedly struck gold

To earn money on the “platform”, you are asked to complete various tasks, such as testing apps, playing games, sharing a link to the site with friends, and the like.

Tasks you get paid for

Tasks you get paid for

In fact, all these “tasks” are just links to other scam resources. By visiting them, users create traffic to cybercriminals’ sites. This improves their position in search results. And also, cybercriminals may have their own footfall KPIs (key performance indicators).

When the victim tries to get their “money” (the home page promises that this can be done through popular services like Cash App, Venmo, PayPal and others), they discover that they must first earn at least US$200.

Message saying you need to earn US$200 to withdraw funds

Message saying you need to earn US$200 to withdraw funds

Sure, you won’t see any payout even if you do “earn” 200 bucks.

Nor can it be ruled out that the scammers’ domain won’t simply be blocked before user even try — such sites have very short lifespan. After getting blocked, the scammers will get another domain and launch the whole scheme again with new victims.

The scam itself is quite international. Besides English, the cybercriminals’ website is available in nine other languages. Although these versions look less professional.

Share it with the whole world

Now let’s talk about a similar site with a more primitive design, but with a different mechanism for making money from naive users.

The victims are offered two ways to earn. The first is to share the link and invite “referrals” to the website: you get US$1 for every 100 people. What’s more, the site supposedly lets you withdraw funds after accumulating just US$20. To earn this amount through inviting referrals, you need to attract 1500 users to the site (you get US$5 for signing-up).

Home page of a site that pays you to share its link

Home page of a site that pays you to share its link

Sounds hard, but things aren’t all that bad, you have a chance to earn US$50 right away. But for this you’ll have to play the scammers’ game — by endlessly refreshing the page so that the two images match. They won’t of course.

Scammers' game

Scammers’ game

When the victim goes to the site, they are immediately asked for permission to display browser notifications. Through these, the cybercriminals distribute ads for various other scams or relatively legit adult sites. That’s the main objective: to lure as many victims as possible who will give this permission.

And the image-matching game helps the scammers boost traffic to their own site and improve its search visibility.

How to avoid falling victim?

To avoid falling for online job scams:

  • Don’t believe promises of easy money.
  • Don’t enter payment information on dubious websites.
  • Read our post on how to spot scammers.
  • Use a robust security solution that will warn you before visiting suspicious sites and keep your money and data out of cybercriminals’ hands.


#Scam #websites #offering #jobs #Kaspersky #official #blog

Oleh Diposting pada

Ku ringing atanapi ping, scammers datang nelepon jeung texting.

Ieu meureun lumangsung rada mindeng. Anjeun nampi telepon ti nomer anu teu dipikanyaho, sareng anjeun heran naha anjeun kedah ganggu ngawalonna. Ieu meureun scammer a. Atawa éta? Kumaha lamun éta hal penting? anjeun ngajawab. Cukup yakin, éta nyaéta panggero robot. Tapi sorana nyarios éta bank anjeun sareng aya masalah sareng akun anjeun. Naon anu anjeun lakukeun ayeuna?

Hal anu sami sareng téks. Panginten anjeun nampi pesen anu nyarios sapertos kieu:

“Kami parantos mendakan kagiatan anu teu biasa dina akun anjeun. Punten nelepon nomer ieu pikeun ngobrol sareng wawakil layanan palanggan. ”

Lebetkeun dunya vishing sareng smishing.

Kaayaan vishing asalna tina kombinasi “sora” jeung “phishing”. oge, nyerengeh asalna tina kombinasi “SMS” (téks) jeung “phishing.” Gemblengna, aranjeunna dua cara scammers bakal nyobian sareng ngahubungan anjeun dina ponsel anjeun.

Kontra anu sarua sakumaha salawasna kalawan sagala bentuk phishing. Penipu hoyong hal-hal sapertos nomer kartu kiridit, login akun sareng inpormasi pribadi anu sanés supados aranjeunna tiasa snag atanapi maok idéntitas anjeun sadayana.

Tapi anjeun boga cara pikeun ngajaga diri. Sareng anjeun gaduh alat anu tiasa ngabantosan anjeun ngirangan jumlah telepon scam sareng SMS anu anjeun tampi.

Kumaha vishers sareng smisher nampi nomer telepon anjeun?

Fraudsters balik serangan ieu mindeng tuang jaring lega. Aranjeunna ngirim telepon sareng pesen ka rébuan sareng rébuan telepon dina hiji waktos. Malah lamun aranjeunna bray fraksi korban, razia masih bisa ngahasilkeun kaunggulan sizable.

Rahasia nyaéta volume, sareng scammers tiasa nampi nomer telepon sacara ageung ku sababaraha cara:

  • Palanggaran data: Bari sababaraha breaches data ngalibatkeun leungitna kartu kiridit jeung nomer ID pamaréntah, batur ngalibatkeun ngaran, alamat surélék tur nomer telepon. Ieu masih ngaruksak, sabab breaches ieu nyadiakeun hacker jeung scammers kalawan informasi dasar maranéhna butuh pikeun ngajalankeun sagala jinis phishing, vishing, sarta serangan smishing.
  • calo data: Fraudsters ogé bisa meuli sakabéh daptar angka pikeun sababaraha dollar kalawan sababaraha clicks. calo data online ngumpulkeun jeung ngajual incredibly lengkep inpo ngeunaan jutaan jalma. Rékaman rupa-rupa ti calo ka calo, tapi aranjeunna tiasa kalebet puluhan atanapi malah ratusan éntri anu dikumpulkeun tina sumber umum sareng ti pihak katilu. calo data bakal mindeng ngajual béréndélan misalna mun advertisers keur kampanye sasaran – tapi maranéhna ogé bakal ngajual ka scammers. Calo data bakal ngajual ka saha waé.
  • Jaring poék: Seueur inpormasi pribadi anu kadaluwarsa pasar wéb poék. Scammers bakal sering ngabagi daptar calon korban sareng scammers sanés gratis. Dina kasus séjén, maranéhna bakal ngajual eta hiji kaunggulan. Barina ogé, web poék nyadiakeun scammers kalawan sababaraha sumber nomer telepon.
  • Teuleum sampah: Jeung baheula “hacking” ngalibatkeun digging ngaliwatan bank atawa dumpster bisnis jeung salvaging daptar nomer telepon klien. Kalayan daptar éta, scammers tiasa ngaprogram nomerna kana dialerna pikeun serangan anu langkung sasar.
  • Telepon otomatis: Sakumaha ngaranna nunjukkeun, alat ieu nelepon nomer telepon acak kalayan a dirékam pesen. Sakapeung, fraudsters bakal nelepon ka kode wewengkon tangtu kalawan pesen ngalibetkeun bank régional atawa serikat kiridit. Ku cara kieu, scammers nargétkeun anggota poténsial di wewengkon sasaran.

Naon sababaraha conto smishing?

Aya kasempetan alus anjeun geus katempo sababaraha conto smishing diri. Panginten anjeun parantos mendakan sapertos kieu:

  • “Hai! Kami ningali yén anjeun mangrupikeun palanggan anyar kami. Pikeun réngsé nyetél akun anjeun, punten ketok tautan ieu sareng lebetkeun inpormasi pribadi anjeun.”
  • “Urgent! Rekening bank anjeun geus dikompromi. Mangga ketok link ieu pikeun ngareset sandi anjeun sarta nyegah panipuan salajengna.”
  • “Kami gaduh pakét kanggo anjeun, tapi kami henteu tiasa ngirimkeunana. Punten ketok tautan ieu pikeun ngapdet inpormasi anjeun supados kami tiasa ngirim pakét anjeun ka anjeun.
  • “Hai! Ieu abdi Mandy. Dupi urang tuang siang ayeuna?”
  • “Anjeun ngahutang pajeg. Mayar nganggo tautan ieu dina tilu dinten atanapi kami bakal ngabalikeun kasus anjeun ka penegak hukum.

Pesen sapertos kieu sigana mimitina, dugi ka anjeun tingali.

Kahiji, aranjeunna biasana ngawengku link. Linkna tiasa kalebet senar karakter anu teu biasa sareng alamat wéb anu henteu cocog sareng asal pesen. Siga béwara kantor pos palsu anu henteu nganggo URL resmi kantor pos. Atanapi, tautanna tiasa katingali ampir kawas alamat sah, tapi robah ngaran dina cara sapertos pikeun nembongkeun éta palsu.

Indikator sejen bisa jadi nu teu nyaho “Mandy” pisan. Éta ku rarancang. Kanyataanna, scammer miharep anjeun teu ngakuan ngaranna. Aranjeunna hoyong anjeun ngabales ku téks “punten, salah nomer”. Ti dinya, penipu bakal nyobian ngamimitian paguneman tur ngajalankeun hambalan kahiji a panipuan cinta atawa kaulinan con sarupa.

Tungtungna, pesen tiasa nganggo taktik nyingsieunan atanapi ancaman. Penipu resep kana pendekatan ieu sabab maénkeun émosi jalma sareng ngajantenkeun aranjeunna gancang-gancang tanpa mikir teuing. Bank jeung pajeg sieun nawarkeun sababaraha conto prima pendekatan ieu. Sapertos pesen anu muncul ti anggota kulawarga anu nyarios aranjeunna aya dina kasulitan. Kawas mobil maranéhanana mogok di antah berantah atawa maranéhna indit ka perawatan darurat alatan gering ngadadak.

Gemblengna, para penipu di tukangeun téks ieu mangrupikeun hal anu sami-inpormasi pribadi anjeun, artos, atanapi sababaraha kombinasi dua éta.

Kumaha ngajaga diri tina serangan vishing sareng smishing

  1. Tong percanten ka ID panelepon: Scammers bisa tamper kalawan ID panelepon. Penipu ngagaduhan sababaraha alat anu tiasa ngabantosan aranjeunna ngeusian ID panelepon sareng bank atanapi serikat kiridit khusus, atanapi nganggo kecap “Bank” atanapi “Kredit Uni”.
  2. Tindak lanjut langsung: Upami anjeun nampi telepon ti batur atanapi ngarékam naroskeun inpormasi pribadi, tutup telepon. Upami teleponna katingalina asalna ti organisasi anu dipercaya, hubungi aranjeunna langsung pikeun mastikeun pamundutana. Laksanakeun hal anu sami pikeun sadaya téks anu nyarankeun anjeun Milih link nyadiakeun informasi.
  3. Langsung laporkeun sagala usaha panipuan: Dokuméntasi telepon, rekam naon anu diomongkeun, naon éta dipénta, sareng nomer anu dianggo ku nu nelepon atanapi SMS. Laporkeun ieu ka perusahaan anu bersangkutan. Seueur organisasi gaduh halaman scam khusus anu gaduh alamat email pikeun ngalaporkeun panipuan anu dilakukeun atas nama aranjeunna. Netflix nawiskeun conto anu saé, Jeung ogé Internal Revenue Service (IRS) di Amérika McAfee ogé ngagaduhan halaman khusus pikeun panipuan.
  4. Néangan kasalahan éjahan atawa grammar. Usaha sareng organisasi anu sah ngalakukeun usaha anu saé pikeun mastikeun pesenna bébas tina kasalahan. Fraudsters, kirang kitu. Éjahan anu salah sareng kalimat anu kagok sering mendakan jalanna pikeun nyerang serangan.
  5. Kontak pangirim: Naha anjeun nampi pesen téks anu penting ti batur anu katingalina janten réréncangan atanapi anggota kulawarga? Tuturkeun aranjeunna dina sababaraha sagala cara lian ti ngarespon kana pesen téks nu karék narima, utamana lamun éta ti nomer anyar atawa kanyahoan.
  6. Tong ngetok tautan dina pesen téks: Upami anjeun nuturkeun hiji saran, ieu mangrupikeun. Sakumaha anu disebatkeun di luhur, upami anjeun gaduh prihatin, tuturkeun langsung.

Cara séjén pikeun ngirangan telepon sareng téks palsu: parangkat lunak panyalindungan online

Kalawan software panyalindungan online komprehensif kayaning McAfee+ dina smartphone AnjeunAnjeun tiasa tetep aman ku sababaraha cara.

Éta nawiskeun panyalindungan wéb anu ngingetkeun anjeun ngeunaan tautan samar dina téks, panéangan, sareng nalika anjeun ngotéktak, anu tiasa ngajauhan anjeun tina situs wéb anu nyolong inpormasi. Éta ogé tiasa ngawaskeun puluhan inpormasi pribadi sareng ngabéjaan upami aya anu muncul dina wéb poék– sareng nawiskeun pituduh pikeun naon anu kedah dilakukeun salajengna.

Salajengna, Éta tiasa ngabantosan anjeun ngahapus inpormasi pribadi anjeun tina situs calo data nganggo Pembersihan Data Pribadi kami. Anjeun parantos ningali kumaha scammers nganggo calo data pikeun ngawangun daptar telepon sareng téks na. Telemarketers giliran calo data pikeun alesan anu sami. Ngahapus inpormasi anjeun tiasa nurunkeun paparan anjeun ka calo data sareng telemarketer sareng ngabantosan ngirangan panipuan sareng telepon spam salaku hasilna.

Nalika datang ka vishing sareng smishing, anjeun gaduh sababaraha tip, taktik sareng alat anu anjeun pikahoyong. Iraha tibatan, aranjeunna bisa mantuan tetep scammers ti nelepon jeung ping Anjeun – atanapi fooling anjeun lamun maranéhna masih ngalakukeun.

Nepangkeun McAfee+

Maling identitas sareng panyalindungan privasi pikeun kahirupan digital anjeun


#Telepon #sareng #SMS #Scam #Ngaganggu #Kumaha #Ngalawan #Vishing #sareng #Smishing

Oleh Diposting pada

Usum panas mendakan seueur karyawan perusahaan neuteup lila-lila kaluar jandela, sakapeung ningali kalénder. Anjeun teu kudu jadi psikis pikeun maca kecap “liburan” dina pikiran maranéhanana. Atawa penjahat cyber – anu ngamangpaatkeun sentimen sapertos ngaliwatan phishing. Tujuanana, sapertos biasa, nyaéta pikeun ngabujuk kapercayaan perusahaan. Kami ngajalajah panipuan sapertos kitu sareng ngajelaskeun naon anu anjeun kedah perhatikeun.

Surélék phishing

Tujuanana nyaéta pikeun ngaklik tautan phishing. Pikeun ngahontal ieu, panyerang kedah mareuman sisi pamikiran kritis otak korban, biasana ku cara nyingsieunan atanapi intrik. Kasempetan, dina awal usum panas, nami jadwal pakansi bakal ngalakukeun trik. Dina waktos ayeuna, seueur karyawan anu parantos ngarencanakeun, mésér tikét, mesen hotél. Upami tanggal liburan ujug-ujug robih, sadaya rencana ieu bakal dibatalkeun. Ku alatan éta, scammers ngirim surelek disangka ti HR on jejer libur: sugan a rescheduling dadakan, kudu mastikeun kaping, atawa clash kalawan sababaraha acara penting. Email sapertos kieu sapertos kieu:

Surélék HR palsu

Kusabab dina hal ieu masalahna nyaéta phishing massal, sanés phishing tumbak, éta gampang pisan pikeun mendakan trik panyerang. Hal utama nyaéta nolak pangjurung pikeun klik langsung dina tautan pikeun ningali tanggal pakansi anu dirévisi anjeun. Lamun urang nalungtik email leuwih raket, janten jelas yén:

  • Pangirimna (cathy@multiempac.com) sanes karyawan perusahaan anjeun;
  • “Penandatanganan” “Diréktur SDM” teu gaduh nami sareng tanda tangan henteu cocog sareng gaya perusahaan organisasi anjeun;
  • Disumputkeun di tukangeun tautan anu nembongan nunjuk kana file PDF mangrupikeun alamat anu béda-béda (anjeun tiasa ningali ku ngalayangkeun tautan).

Éta ogé pas janten jelas yén panyerang ngan ukur terang alamat panampi. Alat surat massal otomatis nyandak nami domain perusahaan sareng nami karyawan tina alamatna sareng otomatis ngagentos ku tautan dummy sareng tandatangan pangirim.

Situs phishing

Sanaos korban ngelek umpan sareng ngaklik tautan, éta masih tiasa mendakan tanda-tanda phishing dina situs panyerang. Link dina email di luhur nunjuk ka dieu:

Situs palsu anu maok kredensial

Situs sorangan kirang ti ngayakinkeun:

  • Pikeun ngamimitian, éta henteu di-host dina server perusahaan anjeun, tapi dina Huawei Cloud (myhuaweicloud.com), dimana saha waé tiasa nyéwa rohangan;
  • Ngaran koropak teu cocog jeung ngaran PDF dieusian dina email;
  • Henteu aya atribut tunggal dina situs pikeun nyambungkeunana sareng perusahaan anjeun.

Tangtosna, pas korban ngalebetkeun kecap konci na dina jandela login, éta langsung ka server penjahat cyber.

Kumaha tetep aman

Pikeun ngirangan kamungkinan karyawan perusahaan anjeun mendakan email phishing, anjeun kedah gaduh panyalindungan dina tingkat gateway email. Naon deui, sadaya alat anu nyambung ka internét kedah ditangtayungan ku solusi kaamanan endpoint.

Salaku tambahan, kami nyarankeun ngayakeun pelatihan kasadaran rutin pikeun karyawan ngeunaan ancaman siber panganyarna, atanapi, sahenteuna, nginpokeun aranjeunna ngeunaan panipuan phishing poténsial. Kanggo inpo nu langkung lengkep ihwal trik sareng perangkap phisher, tingali tulisan anu sanés dina blog ieu.


#phishing #scam #Blog #resmi #Kaspersky

  • 1
  • 2