Your computer and smartphone aren’t the only ways you can get scammed. You can also get scammed at the gas pump. This week the FTC issued a warning about credit card skimmers at gas pumps.
“Recently, the Federal Trade Commission (FTC) issued a warning about the dangers presented by skimmers on gas pumps. Skimmers are small electronic devices that are easily installed by an identity thief on gas pumps, ATMs and other card reading devices. The skimmer steals all of the information from old style magnetic strip credit card or debit cards which then enables the identity thief to use that information to access the victim’s bank account when the skimmer is used on a debit card. If a credit card is used, the identity thief can use the stolen information to access the victim’s credit card account. Each skimmer can hold information on as many as 2,400 cards.” Pay attention at the pump.
SurveyMonkey Phishing Scams
Have you ever been asked to take an online survey? Be careful, some of those surveys are used to phish you. This according to Abnormal Security.
“SurveyMonkey is a survey service that is normally used to host legitimate surveys. However, sometimes attackers will utilize file sharing and surveying sites like SurveyMonkey to host redirect links to a phishing webpage. By using these legitimate services, attackers can bypass email URL detection systems deployed by many email security services.”
Phishing Phrontier
When we have good news, we feel compelled to share it. You know how scammers use bogus domains to launch their phishing attacks? Well this week Microsoft sued those same scammers to seize those same bogus domains.
“Microsoft has taken legal action to seize web domains being used to launch coronavirus-themed phishing attacks. The Windows giant obtained an order from US courts allowing it to seize domains being used for phishing.” Good for your tech giant.
Voicemail Phishing Scam
We’re always impressed when scammers can phish you WITHOUT having to send you an email. Such is the case this week of the Fake Voicemail Phishing Attack. Here hackers are simply taking advantage of the fact that some systems email users with recordings of voice mails.
“The email comes in very much like it would from your phone system. The subject line will say something like ‘New Voicemail from: (555) 555-5555’ (but with a real number) and attached will be a file that looks like it could be an audio clip of the voicemail. Be very wary of this. That file could contain malware. Some of these emails also contain links or buttons to click on to download the voicemail.”
Body Count
What are the chances your credentials are available for sale on the dark web? Pretty good after news this week that 15 billion credentials are available on the dark web for as little as $16. In case you’re wondering, that’s two credentials for everyone on Earth.
How bad is it? “Roughly one-third of the credentials, or about 5 billion, are unique, according to Digital Shadows, whose researchers reached these totals following an analysis of two-and-a-half years of advertised account credentials found across nine active and defunct dark web marketplaces.” Yeah, I think it’s safe to say your credentials are for sale on the dark web.
It’s one thing to accidently download some malware onto your smartphone. It’s quite another when that malware comes pre-installed. But that’s exactly what seems to be happening to Android phones in the US.
From Security Week, “Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go. The UMX U686CL phone, sold as part of the government-funded Lifeline Assistance program by Virgin Mobile, a subsidiary of Sprint, was being shipped to users with two malicious programs pre-installed: A Wireless Update application and a Settings app.” Stay safe out there.
And that’s the week that was.