Valentine’s day scam, online romance scam on dating site, requests for loans, medical emergency, investment. Last month there have been spotted more than 4000 Valentine’s malicious campaigns.
Michael Cooney at Network World summarized the current scams doing the rounds related to online dating and romance sites. A good reminder that heartless con artists use social engineering tactics to trick people looking for love.
According to the FBI’s Internet Crime Complaint Center (IC3), scammers use poetry, flowers, and other gifts to reel in victims, the entire time declaring their “undying love.” These criminals also use stories of severe life circumstances, tragedies, deaths in the family, injuries to themselves, or other hardships to keep their victims concerned and involved in their schemes.
Scammers also ask victims to send money to help overcome a financial situation they claim to be experiencing. These are all lies intended to take money from unsuspecting victims, the IC3 says.
The FBI notes that these callous criminals — who also troll social media sites and chat rooms in search of romantic victims — usually claim to be Americans traveling or working abroad. In reality, they often live overseas. Their most common targets are women over 40, who are divorced, widowed, and/or disabled, but every age group and demographic is at risk, the agency stated. The FBI said that as of 2012 the average financial loss from these romance schemes is between $15,000 and $20,000. That number is nearly double what it was a decade ago.
SitePoint, (a website with books and courses for web developers), has confirmed its user database breach over 1 million people was copied and is now available to hackers. The database was on sale on hacker forums and later end up as a given away (https://www.bleepingcomputer.com/news/security/sitepoint-discloses-data-breach-after-stolen-info-used-in-attacks/). SitePoint users complained of getting email extortion demands and fake cryptocurrency giveaway emails the company sent a notice to users acknowledging the breach.
SitePoint says it has reset passwords on all accounts so users now have to enter new credentials. One exception is users whose accounts log in automatically. They should manually change their passwords. Those who use logins from Google and Facebook can continue to use them.
SitePoint suspects the hacker got into its system by compromising a third-party tool used to monitor the company’s GitHub software development account.
Emsisoft, the founder and managing director of cybersecurity provider Emsisoft says one of its systems was breached in mid-January. The system evaluates and benchmarks possible solutions for storing and managing log data generated by its products and services. This evaluation system was supposed to only have databases with technical logs. However, there were 14 email addresses of customers in one of the databases.
Emsisoft suspects the cause of the breach was misconfigured application by an employee, as a result, the company will spend more time to spot possible configuration issues and to create an isolated environment for benchmarking and making sure the system only has artificially-generated data.
Large Ukraine phishing services were closed, Ukraine police have closed one of the world’s largest phishing services. Working with law enforcement in the United States and Australia, the criminal service was aimed at banks and their customers in at least 11 countries. According to security reporter Brian Krebs, part of the service is an administration console called U-Admin, which allows crooks to oversee the theft of usernames and passwords from phishing pages that look like a specific brand. One of the worst parts of the console was it helped crooks steal multi-factor authentication codes at the moment victims entered them into the fake login pages.
COVID-19 related scams aren’t slowing. The latest scam is a sale of proof of vaccination record cards supposedly from the U.S. Centers for Disease Control. According to security vendor Domain Tools, these have been seen on the Shopify shopping platform. They’d be valuable to people who need to provide proof to employers, airlines, and other organizations that they have been vaccinated for the virus. These people may not be able to be vaccinated yet, or they don’t want to be vaccinated, but need to show evidence they have been. Individual cards are selling for $20, while a pack of four goes for $60. Unfortunately, people who have been vaccinated are proudly showing their proof cards on social media, giving crooks the ability to copy batch numbers and logos to make their counterfeit copies look real.