Mass WordPress compromises redirect to tech support scams

Content Management Systems (CMSes) such as WordPress, Drupal, or Joomla are under a constant barrage of fire. Earlier this year, we detailed several waves of attacks against Drupal, also known as Drupalgeddon, pushing browser-based miners and various social engineering threats. During the past few days, our crawlers have been catching a larger-than-usual number of WordPress … [Read more…]

6 sure signs someone is phishing you—besides email

antispyware

There are several common and, unfortunately, frequently successful avenues of attack that cybercriminals can use to part you from your personal contact and financial information. These phishing attack methods include email, phone calls, corrupted software or apps, social media, advertisements, and even direct SMS (text) messages. Beyond the medium used to reach you (which is … [Read more…]

A month of giveaway spam on Twitter

We’ve observed a low level spam campaign working its way through Twitter, with just under 2,000 posts visible on public search since September 1. Click to enlarge The posts promote what appears to be CBD oil. For those who don’t know (And I was one of them—still not sure if this oil is supposed to … [Read more…]

New trends in the world of IoT threats

Cybercriminals’ interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And in 2017 there were ten times more than in 2016. That doesn’t bode well for the years ahead. We decided to study what attack vectors … [Read more…]

A week in security (September 10 – 16)

antispyware

Last week on Malwarebytes Labs, we assessed the security of a portable router, identified ways to waste a scammer’s time, named the many faces of omnichannel fraud, questioned the security of 2FAs, profiled a massive tech support scam operation, and exposed a new HMRC phishing campaign. Other cybersecurity news: Trend Micro addressed the burning questions … [Read more…]

HMRC phish swipes email login, payment details

It’s not tax season in the UK, but that hasn’t deterred scammers from sending out mail looking to swipe both card details and email logins in one fell swoop. The email, which claims UKGOV has issued a tax refund to the tune of 542.94 GBP, arrives under the following title, which is spectacularly poorly formatted: … [Read more…]

Is two-factor authentication (2FA) as secure as it seems?

Two-factor authentication (2FA) was invented to add an extra layer of security to the—now considered old-fashioned and insecure—simple login procedure of entering a username and password. One of the most well-known examples of 2FA is when you try to log into a familiar website from a different machine or from a different location, which results … [Read more…]

Partnerstroka: Large tech support scam operation features latest browser locker

Tech support scams continue to be one of the top consumer threats in 2018, despite actions from security vendors and law enforcement. Scammers are constantly looking for new ways to reel in more victims, going beyond cold calls impersonating Microsoft to rogue tech support ads using the good name of legitimate brands, and of course, malicious pop-ups. … [Read more…]

The many faces of omnichannel fraud

antispyware

The rise of new technologies, social networks, and other means of online communication have brought about compelling changes in industries across the board. For example, in retail, organizations use digital tools such as websites, email, and apps to reach out to their current and potential clients, anticipate their needs, and fully tailor their business strategies … [Read more…]

5 safe ways to get back at spammers: a guide to wasting time

antispyware

Everyone hates spam (apart from the people who send it). While many people simply report spam and delete, a few look for ways to get back at the spammers wasting their time. In fact, a common question we’re asked is, “How can we waste their time?” My own opinion on this is a little loaded with … [Read more…]