Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybertheft. Show all posts
Phishing Scams
account protection Account security Amazon Customer Data Cyber Attacks Cyberscams Cybertheft data security Data Theft Login Login Security Passkey Passkey Security Phishing Scams

Amazon Customers Face Surge in Phishing Attacks Through Fake Emails and Texts

 

Cybercriminals are actively targeting Amazon users with a sharp increase in phishing scams, and the company is sounding the alarm. Fraudsters are sending deceptive emails that appear to originate from Amazon, prompting users to log in via a counterfeit Amazon webpage. Once a person enters their credentials, attackers steal the information to take over the account. The urgency to secure your Amazon account has never been greater.  

These scam emails often warn customers about unexpected Amazon Prime renewal charges. What makes them particularly dangerous is the use of stolen personal data to make the emails appear genuine. Amazon’s warning reached over 200 million users, emphasizing the widespread nature of this threat. 

Adding to the concern, cybersecurity firm Guardio reported a dramatic spike in a related scam—this time delivered through SMS. This variant claims to offer fake refunds, again luring users to a fraudulent Amazon login page. According to Guardio, these text-based scams have jumped by 5000% in just two weeks, showing how aggressively attackers are adapting their tactics. 

Amazon says it is actively fighting back, having removed 55,000 phishing websites and 12,000 scam phone numbers involved in impersonation schemes over the past year. Despite these efforts, scammers persist. To combat this, Amazon issued six practical tips for customers to recognize and avoid impersonation fraud.  

The U.S. Federal Trade Commission (FTC) has also issued alerts, noting that scammers are pretending to be Amazon representatives. These fake messages typically claim there’s a problem with a recent purchase. But there’s no refund or issue—just a trap designed to steal money or private data. 

To stay protected, Amazon strongly recommends two major security measures. First, enable two-step verification (2SV) via the “Login & Security” settings in your account. Avoid using SMS-based verification, which is more vulnerable. Instead, use a trusted authenticator app such as Google Authenticator or Apple’s Passwords. If you’ve already set up SMS verification, disable it and reset your 2SV preferences to switch to an app-based method. 

Second, add a passkey to your account. This provides a stronger layer of defense by linking your login to your device’s biometric or PIN-based security, making phishing attacks far less effective. Unlike traditional methods, passkeys cannot be intercepted through fake login pages. 

Cyberattacks are growing more sophisticated and aggressive. By updating your account with these safety tools today, you significantly reduce the risk of being compromised.
Read more »
Third-party apps
cyber attack Cyber Attack Exploit Cyber Attacks Cybertheft Third-party apps

37% of Third-party Applications have High-risk Permissions

Recent data analysis reveals a significant increase in the integration of third-party apps with email platforms. This trend underscores the rapid expansion of a new avenue of vulnerability that cybercriminals are exploiting, demonstrating their ongoing evolution in attack strategies. 

The presence of software-as-a-service (SaaS) applications is continuously growing within enterprises worldwide. Staff members are providing permissions to external apps, allowing them to access fundamental SaaS platforms such as Microsoft 365 (M365) and Google Workspace. 

This trend introduces security vulnerabilities. Simultaneously, security personnel and organizations are struggling to monitor the number of interconnected applications or assess the extent of the security threats stemming from these apps. Throughout the initial six months of 2023 (spanning January to June), there was a steady upward trajectory in the integration of third-party applications. 

Concurrently, Abnormal noted a consistent escalation in instances of business email compromise (BEC) and vendor email compromise (VEC) attacks. This pattern of growth has remained consistent over the preceding five years. Abnormal's findings revealed that, on average, organizations now incorporate 379 third-party applications with their email systems. This reflects a substantial surge of 128% since the year 2020. 

In the case of sizable corporations employing over 30,000 individuals, the integration of third-party apps rises dramatically to an average of 3,973. These apps encompass a broad spectrum of functionalities, spanning collaboration, productivity, development, social networking, security, and various other domains. 

Among the third-party applications that have been integrated, approximately 37% come with permissions that pose high risks. These permissions include the capability to generate and erase emails or users, and even to reset user passwords. 

Vendor Email Compromise (VEC) falls under the category of Business Email Compromise (BEC), a significant subset of cyber assaults. These attacks entail the falsification or imitation of a corporate email address, with the intention of deceiving the organization, its staff, clients, or associates for fraudulent purposes. 

Business Email Compromise attacks manifest in diverse manners, with Vendor Email Compromise representing a particularly advanced variant within this spectrum. The report also indicated an upswing in BEC and VEC attacks during the initial half of 2023. 

BEC attacks demonstrated a rise of 55% over the preceding six months, with 48% of all entities experiencing at least one VEC attack within the same period. Further insights gleaned from the initial half of the year highlight a 34% surge in VEC attacks when contrasted with the previous two halves. 

Notably, there was a shift in the attack landscape, with BEC attacks surpassing malware instances, a departure from the trends seen in the preceding half. Particularly vulnerable are larger organizations those with over 5,000 mailboxes face a probability exceeding 90% of experiencing at least one BEC attack weekly, alongside a 76% likelihood of encountering a VEC attack. 

Among targeted sectors, the technology industry attracts the highest concentration of BEC attacks, while advertising/marketing is the primary focus for VEC attacks. Other sectors frequently subjected to BEC attacks include construction, finance, transportation, and media/entertainment.
Read more »
Subscribe to: Posts (Atom)