PayPal closes loophole that let scammers send real emails with fake purchase notices

After an investigation by BleepingComputer, PayPal closed a loophole that allowed scammers to send emails from the legitimate [email protected] email address. Following reports from people who received emails claiming an automatic payment had been cancelled, BleepingComputer found that...

New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data

The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake 'payment lures' and urgent security alerts to trick victims into calling a fraudulent support number...

CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

India's Central Bureau of Investigation CBI has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to ha...

Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks

The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta...

Google ad for Facebook redirects to scam

Today, we are looking at a malicious ad campaign targeting Facebook users via Google search. It is well-known that tech support scammers attract new victims by buying ads for certain keywords related to their audience. What is perhaps less known is how it is even possible to impersonate top brand...

Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams

Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the most complex traffic redirection scheme we had ever seen. In fact, the threat actor had started deploying infrastructure in earnest as early as 2017, about 3 years prior to our...

A week in security (May 8-14)

Last week on Malwarebytes Labs: The rise of "Franken-ransomware," with Allan Liska: Lock and Code S04E11 Ransomware review: May 2023 Brightline breach hits at least 964,000 people, US records show Ransomware attack on MSI led to compromised Intel Boot Guard private keys Fake system update drops...

Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites...

Tech support scammers target Microsoft users with fake Office 365 USB sticks

Microsoft is a hot target for scammers and acts of fraud. For example, tech support scam websites cover themselves in Windows branding and messages. Phone scammers claim to be calling directly from Microsoft. If its not a Bill Gates themed lottery spam mail in your mailbox, its a fake Excel...

Viral video drives malvertising on social media platform

This blog post was authored by Jerome Segura Viral content shared on social media is highly coveted since it gets a lot of impressions and engagement. Unfortunately, the people who push this kind of content don't always have the best of intentions. We recently identified a malvertising campaign o...

Facebook, News and XSS Underpin Complex Browser Locker Attack

A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting XSS vulnerability on a popular news site, researchers said. Browser lockers are a type of...

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, theyve also caused quite the headache for browser vendors to fix. Browser lockers are only...

RevenueWire to pay $6.7 million to settle FTC charges

What can you do as a scammer when no legitimate payment provider wants to process your payments anymore? Or, what if you are growing sick and tired of these same payment providers reimbursing disgruntled customers who claim that your products didn't fix computers, like—you know—you said they woul...

Tech Support Scam Uses Child Porn Warning

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient's Windows license will be suspended unless they call an "MS Support"...

Man hacks Indian tech support scam call center; leaks CCTV footage

By Sudais Asif The tech support scam call center has now been raided by local police while its entire operation has been shut down. This is a post from HackRead.com Read the original post: Man hacks Indian tech support scam call center; leaks CCTV footage...

Apple iPhone Users Bombarded with Bogus Dating App for Valentine's Day

A malicious email campaign aimed at iPhone owners is making the rounds this week, using a bouquet of different themes to scam victims, just in time for Valentine’s Day – including a fake dating app. The gambit begins far afield from romance however, with an email from “Nerve Renew,” claiming to...

A week in security (January 20 – 26)

Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in Florida; unmasked an elaborate browser locking scheme behind the more advanced tech support operations that are currently active; and looked at the latest laws on regulating deepfakes...

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

Update 01-27-2020: Shortly after this blog was published we noticed that a large part of the infrastructure behind this browlock was taken down. The malicious server responsible for redirections is no longer responding and we have not observed any new live browlock from this 2 year old campaign. ...

A week in security (March 25 – 31)

Last week, we looked at plugin vulnerabilities, location tracking app problems, and talked about plain text password woes. We also looked at federal data privacy regulation and took a deep dive into BatMobi Adware. Other cybersecurity news Poisoned software update headache for ASUS Source: The...

Indian police & Microsoft busts tech support scam centers

By Uzair Amir You may have watched YouTube videos about tech support scam tricking unsuspecting users into believing that their devices have been compromised with some nasty malware and the only way to get rid of it is to pay the technician for their "services" over the phone or Skype call. This...