Free Republic

All 1.8 billion Gmail users have been issued a 'red alert' over a scam that lets hackers gain access to accounts. The attack uses AI to craft deepfake robocalls and malicious emails capable of bypassing security filters. The combination works to convince victims their Gmail account has been compromised. Users receive a phone call that suspicious activity was detected in their account and are told an email is soon to follow with steps to rectify the issue. The email includes a fake website that looks identical to Google's, which prompts users to enter their login credentials. Cybersecurity experts warned that...

DARPA scientist Joshua Elliott, the documents show. He was a DARPA program manager from 2017 to 2023, according to his LinkedIn. Beforehand, he studied things like “socio-technical change,” and worked in academia for 10 years on things like “computational climate economics.” At DARPA, he was allowed to “program” $600 million in federal research and development funding, according to the Federation of American Scientists. Afterward, Elliott worked for the radical group Quadrature Climate Foundation, and more recently, Renaissance

Nearly 100 domains hosting Sneaky 2FA phishing pages have been identified as of this month, suggesting moderate adoption by threat actors. "This kit is being sold as phishing-as-a-service (PhaaS) by the cybercrime service 'Sneaky Log,' which operates through a fully-featured bot on Telegram," the company said in an analysis. "Customers reportedly receive access to a licensed obfuscated version of the source code and deploy it independently." Phishing campaigns have been observed sending payment receipt-related emails to entice recipients into opening bogus PDF documents containing QR code that, upon scanning, redirects them to Sneaky 2FA page Sekoia said the phishing pages...

This seems like a scam: I received an e-mail stating "Greetings myWaIgreens Member,Your myWaIgreens points total of $564.54 is set to expire and should be redeemed by September 9th.Click here before September 9th to retain your myWaIgreens points for 2024.We appreciate your participation.Best wishes, WaIgreens TeamSuspicious, eh?

An urgent warning has been issued to all 1.46 billion iPhone users after tech experts uncovered a new cyberattack targeting Apple IDs. Bad actors are using SMS phishing campaigns that send messages claiming to be from Apple, prompting users to visit a link to an 'important request' about iCloud. California-based Symantec security firm discovered the attack this month, warning the links lead to fake websites that urge users to hand over their Apple ID information. Apple has established guidelines for such an attack, urging iPhone owners to use two-factor authentication that requires a password and six-digit verification code to access...

Credential theft is a significant factor in breaches, resulting in 38% of all incidents. Phishing is another route into the enterprise, being associated with 15% of all breaches. The most frequently used entry point for phishing is Web applications, followed by email.The report, which analyses 20,358 security incidents and 10,626 confirmed breaches offered by third-party contributors including the US Secret Service and dozens of other organizations and companies; publicly-known data breaches; and security events mitigated by its own Verizon Threat Research Advisory Center (VTRAC), emphasised the critical role the human element plays in introducing risk into the equation.

Dozens of people around the world have been arrested after police disrupted a UK-founded website scamming victims on an industrial scale. LabHost, a site set up in 2021, tricked as many as 70,000 UK victims, obtaining 480,000 card numbers and 64,000 PINs worldwide, the Metropolitan Police said. It was created by a criminal network and enabled more than 2,000 users to set up phishing websites designed to steal personal information such as email addresses, passwords and bank details. Criminal subscribers could log on and choose from existing sites or request bespoke pages replicating those of trusted brands such as banks,...

The Russian-made app, according to a new report from Guardio, has, in recent times, evolved into a thriving center where experienced cybercriminals and beginners can openly share illegal tools and knowledge—a "scammers paradise." As a result, a dark and well-organized supply chain of tools and victims' data has emerged... As the Guardio report clearly demonstrated, there is very little, if anything, secure about Telegram, contrary to popular reports. The paradox lies in Telegram's emphasis on its security and privacy features, despite there being no automatic end-to-end encryption in place; instead, message protection relies on policies rather than technology. Such a...

Chinese-owned video streaming platform TikTok has reportedly been asking users for their iPhone passwords in order to view content, sparking concern among individuals using the app.Reports that the platform began asking users to enter their iPhone passwords in order to watch videos on the app first began emerging in November, according to Dexerto, with the publication noting users took to social media to raise the alarm.Yet TikTok—which is owned by ByteDance, a Chinese company that moved its headquarters to Singapore in 2020—has not explained the reasoning behind the need for users to enter their highly personal and sensitive information.Dexerto noted...

Had a weird email from Ebay this weekend. I have (or had?) an ebay account, I have not used it in years. This weekend I received an email saying my account was permanently banned because I had done some sort of 'promoting hate' Considering that I have not been on eBay site for many years I can only assume they were referring to some post I made on some OTHER site. I am pretty vocal about how I think liberalism, and especially this 'trans' business is a mental disease. So, is eBay trolling other sites to check my social score?...

Only 48 hours after he arrived in Singapore to begin his first year for a master's degree in chemistry at a local university, Albert (not his real name) received a phone call from officers claiming to be from the Ministry of Health, that sent him into a panic. The 24-year-old Chinese national was told he was involved in money laundering activities and the call was subsequently transferred to scammers claiming to be police officers in China. The conmen sent him official-looking documents and even conducted video calls to convince him to transfer $70,000 to them. The money was from his...

The city of Fresno lost about $400,000 in 2020 after falling victim to an electronic phishing scam, and former Mayor Lee Brand’s administration failed to disclose the loss to the Fresno City Council and taxpayers, The Fresno Bee has confirmed. Furthermore, the Fresno City Attorney’s Office in December 2021 rejected a public records request from The Fresno Bee seeking city communications regarding the fraud. The city told The Bee no records were located. However, The Bee recently obtained emails that existed prior to the records request. The electronic fraud was disguised as an invoice from a subcontractor working on the...

It wasn't exactly my finest hour, but it does go to prove that anyone can be scammed if the circumstances are exactly right. There were a few unfortunate incidents just prior to this phishing email and I explain how I was convinced to delete me own YouTube channel.

I just got a text message that said 'please text me' .It was from the same area code as my phone with the first 3 numbers the same as mine as well, a tactic often used by scammers. I sent nothing back, but only because I don't know the automatic feedback for a non existent number.

March 20, 2021 NOTICE OF DATA BREACH WHAT HAPPENED? An employee of the California State Controller’s Office (SCO) Unclaimed Property Division clicked on a link in an email they received and then entered their user ID and password as prompted, unknowingly providing an unauthorized user with access to their email account. The unauthorized user had access to the account from March 18, 2021 at 1:42 p.m. to March 19, 2021 at 3:19 p.m.. WHAT INFORMATION WAS INVOLVED? SCO has reason to believe the compromised email account had personal identifying information contained in Unclaimed Property Holder Reports. The unauthorized user also...

Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal. Over the last week, many of the firm’s closest partners and largest clients have cut ties with the Sacramento startup. And now it’s cancelled all public appearances by its executives at the industry’s biggest conference in the hopes of ducking a scandal that seems to grow daily as more of its questionable practices come to light. Last week, the hacker group Anonymous released more than 40,000 of HBGary Federal’s emails, followed by another 27,000 from its sister company, HBGary, over the...

Dear fellow FReepers, likely the majority of you use a VPN along with more secure browsers and also add-ons like Ghostery. Every time my computer boots up, the first thing that I see is my VPN asking to secure. Then I click on the secure tab and it logs on and secures my internet browsing. But yesterday morning a very official-looking notification (a pop-up) appeared with the exact same logo as my VPN, informing me that my subscription had expired and that I needed to purchase a new plan. It also said that my current subscription would expire in January...

Hackers used malicious Office 365 apps to gain access to customer accounts, which they later used to orchestrate BEC attacks. Microsoft has obtained a court order this month allowing the company to seize control of six domains that were used in phishing operations against Office 365 customers, including in campaigns that leveraged COVID-19 lures. According to court documents obtained by ZDNet, Microsoft has targeted a phishing group that has been targeting the company's customers since December 2019. The phishers operated by sending emails to companies that hosted email servers and enterprise infrastructure on Microsoft's Office 365 cloud service. The emails...

Security researchers at Microsoft say they have seen a "steady increase" in unsolicited email attachments containing malicious Excel 4.0 macros. It is part of a "massive campaign" to infect PCs with malware under the guise of providing current statistics related to Covid-19. Phishing scams are nothing new by any stretch, but according to Microsoft (via ZDNet), this latest campaign only started around a week ago "and has so far used several hundreds of unique attachments." "The emails purport to come from Johns Hopkins Center bearing 'WHO COVID-19 SITUATION REPORT'. The Excel files open w/ security warning & show a graph...

Hackers are trying to infect organizations throughout the world with a popular strain of malware by sending emails that appear to be from an Egyptian oil company. In research published Tuesday, Romanian antivirus company BitDefender noted a surge in attempted phishing attacks that try to trick users into downloading malware by masquerading as Enppi, an oil company owned by the Egyptian government. The malware, known as Agent Tesla, is a spyware tool which enables hackers to monitor keystrokes, steal data about file downloads and collect username and password credentials from internet browsers, among other capabilities. The number of attacks spiked...