Search This Blog

Popular Posts

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label phishing. Show all posts
subscriptions
cloud storage Cyber Security Email Google Drive phishing Scam subscriptions

Cloud Storage Scam Uses Fake Renewal Notices to Trick Users


Cybercriminals are running a large-scale email scam that falsely claims cloud storage subscriptions have failed. For several months, people across different countries have been receiving repeated messages warning that their photos, files, and entire accounts will soon be restricted or erased due to an alleged payment issue. The volume of these emails has increased sharply, with many users receiving several versions of the same scam in a single day, all tied to the same operation.

Although the wording of each email differs, the underlying tactic remains the same. The messages pressure recipients to act immediately by claiming that a billing problem or storage limit must be fixed right away to avoid losing access to personal data. These emails are sent from unrelated and randomly created domains rather than official service addresses, a common sign of phishing activity.

The subject lines are crafted to trigger panic and curiosity. Many include personal names, email addresses, reference numbers, or specific future dates to appear genuine. The messages state that a renewal attempt failed or a payment method expired, warning that backups may stop working and that photos, videos, documents, and device data could disappear if the issue is not resolved. Fake account numbers, subscription details, and expiry dates are used to strengthen the illusion of legitimacy.

Every email in this campaign contains a link. While the first web address may appear to belong to a well-known cloud hosting platform, it only acts as a temporary relay. Clicking it silently redirects the user to fraudulent websites hosted on changing domains. These pages imitate real cloud dashboards and display cloud-related branding to gain trust. They falsely claim that storage is full and that syncing of photos, contacts, files, and backups has stopped, warning that data will be lost without immediate action.

After clicking forward, users are shown a fake scan that always reports that services such as photo storage, drive space, and email are full. Victims are then offered a short-term discount, presented as a loyalty upgrade with a large price reduction. Instead of leading to a real cloud provider, the buttons redirect users to unrelated sales pages advertising VPNs, obscure security tools, and other subscription products. The final step leads to payment forms designed to collect card details and generate profit for the scammers through affiliate schemes.

Many recipients mistakenly believe these offers will fix a real storage problem and end up paying for unnecessary products. These emails and websites are not official notifications. Real cloud companies do not solve billing problems through storage scans or third-party product promotions. When payments fail, legitimate providers usually restrict extra storage first and provide a grace period before any data removal.

Users should delete such emails without opening links and avoid purchasing anything promoted through them. Any concerns about storage or billing should be checked directly through the official website or app of the cloud service provider.

Read more »
phishing
Credential Theft Data Breach Data Theft Emails IP Address Microsoft Microsoft SharePoint phishing

Attackers Hijack Microsoft Email Accounts to Launch Phishing Campaign Against Energy Firms

 


Cybercriminals have compromised Microsoft email accounts belonging to organizations in the energy sector and used those trusted inboxes to distribute large volumes of phishing emails. In at least one confirmed incident, more than 600 malicious messages were sent from a single hijacked account.

Microsoft security researchers explained that the attackers did not rely on technical exploits or system vulnerabilities. Instead, they gained access by using legitimate login credentials that were likely stolen earlier through unknown means. This allowed them to sign in as real users, making the activity harder to detect.

The attack began with emails that appeared routine and business-related. These messages included Microsoft SharePoint links and subject lines suggesting formal documents, such as proposals or confidentiality agreements. To view the files, recipients were asked to authenticate their accounts.

When users clicked the SharePoint link, they were redirected to a fraudulent website designed to look legitimate. The site prompted them to enter their Microsoft login details. By doing so, victims unknowingly handed over valid usernames and passwords to the attackers.

After collecting credentials, the attackers accessed the compromised email accounts from different IP addresses. They then created inbox rules that automatically deleted incoming emails and marked messages as read. This step helped conceal the intrusion and prevented account owners from noticing unusual activity.

Using these compromised inboxes, the attackers launched a second wave of phishing emails. These messages were sent not only to external contacts but also to colleagues and internal distribution lists. Recipients were selected based on recent email conversations found in the victim’s inbox, increasing the likelihood that the messages would appear trustworthy.

In this campaign, the attackers actively monitored inbox responses. They removed automated replies such as out-of-office messages and undeliverable notices. They also read replies from recipients and responded to questions about the legitimacy of the emails. All such exchanges were later deleted to erase evidence.

Any employee within an energy organization who interacted with the malicious links was also targeted for credential theft, allowing the attackers to expand their access further.

Microsoft confirmed that the activity began in January and described it as a short-duration, multi-stage phishing operation that was quickly disrupted. The company did not disclose how many organizations were affected, identify the attackers, or confirm whether the campaign is still active.

Security experts warn that simply resetting passwords may not be enough in these attacks. Because attackers can interfere with multi-factor authentication settings, they may maintain access even after credentials are changed. For example, attackers can register their own device to receive one-time authentication codes.

Despite these risks, multi-factor authentication remains a critical defense against account compromise. Microsoft also recommends using conditional access controls that assess login attempts based on factors such as location, device health, and user role. Suspicious sign-ins can then be blocked automatically.

Additional protection can be achieved by deploying anti-phishing solutions that scan emails and websites for malicious activity. These measures, combined with user awareness, are essential as attackers increasingly rely on stolen identities rather than software flaws.


Read more »
phishing
Cyber Attacks DHL phishing campaigns phishing

Fake DHL Pickup Slips Used in QR Code Phishing Scam

 

Criminals are using fake DHL pickup slips to carry out a new phishing scam that targets customers during periods of high online shopping activity, according to the company. 

The scam involves counterfeit versions of DHL’s familiar yellow delivery notices, which are typically left when a parcel cannot be delivered. Unlike genuine slips, the fake notices contain a QR code that prompts recipients to scan it to arrange a redelivery. 

Scanning the code redirects users to a fraudulent website designed to closely resemble DHL’s official site. Victims are then asked to enter personal information, including names, addresses and bank details, which can be used for financial fraud and identity theft. 

The tactic is part of a broader trend known as “quishing,” a form of phishing that relies on QR codes rather than email links. These scams are increasingly being spread through physical notices, emails, text messages and fake social media accounts. 

Jens-Uwe Hogardt, a spokesperson for DHL, said such fraud attempts are becoming more sophisticated and harder to detect. He noted that official DHL communications are sent only from verified email domains such as “@dhl.com” or “@dhl.de,” and that legitimate messages do not originate from generic email services. 

DHL advises customers to track parcels only through its official website or mobile app and to avoid scanning QR codes from unsolicited delivery notices. 

Users who believe they have been targeted are urged to contact local police and DHL customer service, change passwords immediately and refrain from sharing personal or financial details through unknown links. 

"If you suspect having received fraudulent emails, SMS or found a website or social media account that tries to pass off as DHL, we encourage you to let us know at your earliest convenience, so that we can quickly take actions to stop the fraud," DHL posted. 

Authorities and companies continue to warn that vigilance is especially important during peak shopping seasons, when delivery-related scams tend to increase.
Read more »
Social Engineering
AI Cyber Attacks Data Microsoft phishing Russia Scams Social Engineering

2FA Fail: Hackers Exploit Microsoft 365 to Launch Code Phishing Attacks


Two-factor authentication (2FA) has been one of the most secure ways to protect online accounts. It requires a secondary code besides a password. However, in recent times, 2FA has not been a reliable method anymore, as hackers have started exploiting it easily. 

Experts advise users to use passkeys instead of 2FA these days, as they are more secure and less prone to hack attempts. Recent reports have shown that 2FA as a security method is undermined. 

Russian-linked state sponsored threat actors are now abusing flaws in Microsoft’s 365. Experts from Proofpoint have noticed a surge in Microsoft 365 account takeover cyberattacks, threat actors are exploiting authentication code phishing to compromise Microsoft’s device authorization flow.

They are also launching advanced phishing campaigns that escape 2FA and hack sensitive accounts. 

About the attack

The recent series of cyberattacks use device code phishing where hackers lure victims into giving their authentication codes on fake websites that look real. When the code is entered, hackers gain entry to the victim's Microsoft 365 account, escaping the safety of 2FA. 

The campaigns started in early 2025. In the beginning, hackers relied primarily on code phishing. By March, they increased their tactics to exploit Oauth authentication workflows, which are largely used for signing into apps and services. The development shows how fast threat actors adapt when security experts find their tricks.

Who is the victim? 

The attacks are particularly targeted against high-value sectors that include:

Universities and research institutes 

Defense contractors

Energy providers

Government agencies 

Telecommunication companies 

By targeting these sectors, hackers increase the impact of their attacks for purposes such as disruption, espionage, and financial motives. 

The impact 

The surge in 2FA code attacks exposes a major gap, no security measure is foolproof. While 2FA is still far stronger than relying on passwords alone, it can be undermined if users are deceived into handing over their codes. This is not a failure of the technology itself, but of human trust and awareness.  

A single compromised account can expose sensitive emails, documents, and internal systems. Users are at risk of losing their personal data, financial information, and even identity in these cases.

How to Stay Safe

Verify URLs carefully. Never enter authentication codes on unfamiliar or suspicious websites.  

Use phishing-resistant authentication. Hardware security keys (like YubiKeys) or biometric logins are harder to trick.  

Enable conditional access policies. Organizations can restrict logins based on location, device, or risk level.  

Monitor OAuth activity. Be cautious of unexpected consent requests from apps or services.  

Educate users. Awareness training is often the most effective defense against social engineering.  


Read more »
virus
AI Antivirus Cloud Data Identity Protection phishing Technology virus

Antivirus vs Identity Protection Software: What to Choose and How?


Users often put digital security into a single category and confuse identity protection with antivirus, assuming both work the same. But they are not. Before you buy one, it is important to understand the difference between the two. This blog covers the difference between identity theft security and device security.

Cybersecurity threats: Past vs present 

Traditionally, a common computer virus could crash a machine and infect a few files. That was it. But today, the cybersecurity landscape has changed from compromising computers via system overload of resources to stealing personal data. 

A computer virus is a malware that self-replicates, travelling through devices. It corrupts data and software, and can also steal personal data. 

With time, hackers have learned that users are easier targets than computers. These days, malware and social engineering attacks pose more threats than viruses. A well planned phishing email or a fake login page will benefit hackers more than a traditional virus. 

Due to the surge in data breaches, hackers have got it easy. Your data- phone number, financial details, passwords is swimming in databases, sold like bulk goods on the dark web. 

AI has made things worse and easier to exploit. Hackers can now create believable messages and even impersonate your voice. These shenanigans don't even require creativity, they need to be convincing enough to bait a victim to click or reply. 

Where antivirus fails

Your personal data never stays only on your computer, it is collected and sold by data brokers and advertisers, or to third-parties who benefit from it. When threat actors get their hands on this data, they can use it to impersonate you. 

In this case, antivirus is of no help. It is unable to notice breaches happening at organizations you don't control or someone impersonating you. Antivirus protects your system from malware that exists outside your system. There is a limit to what it can do. Antivirus can protect the machine, but not the user behind it. 

Role of identity theft protection 

Identity protection doesn't concern itself with your system health. It looks out for information that follows you everywhere- SSN, e-mail addresses, your contact number and accounts linked to your finances. If something suspicious turns up, it informs you. Identity protection works more on the monitoring side. It may watch your credit reports for threats- a new account or a hard enquiry, or falling credit score. Identity protection software looks out for early warning signs of theft, as mentioned above. It also checks if your data has been put up on dark web or part of any latest leaks. 

Read more »
User Security
Cyber Fraud FBI IC3 Impersonation phishing User Security

FBI Warns of Cybercriminals Impersonating IC3 to Steal Personal Data

 

The FBI has issued a public service announcement warning that cybercriminals are impersonating the FBI’s Internet Crime Complaint Center (IC3) and even cloning its website to steal victims’ personal and financial data.Attackers are exploiting public trust in federal law enforcement by creating fake IC3-branded domains and lookalike reporting portals, then driving victims to these sites via phishing emails, messages, and search engine manipulation so people think they are filing a legitimate cybercrime report. 

The alert—referenced as PSA I-091925—describes threat actors spoofing the official IC3 website and related communications, with the goal of harvesting names, home addresses, phone numbers, email addresses, and banking details under the pretext of gathering evidence for an investigation or helping recover lost funds.The FBI stresses that visiting these fake sites or responding to unsolicited “IC3” outreach could lead not only to identity theft and financial fraud but also to further compromise through follow‑on scams using the stolen data.

Security experts situates this campaign within a broader surge in impersonation attacks, noting that law enforcement, government agencies, and major brands have all been targets of cloned sites and spoofed communications, often enhanced by AI to appear more convincing. It highlights that scammers may blend IC3 impersonation with other fraud patterns, such as bogus refund or recovery services, “phantom hacker” style tech‑support narratives, or messages claiming to fix account compromises, all framed as official FBI assistance. 

The FBI has issued guidelines to safeguard Americans from phishing campaign. The real IC3 does not charge fees, will never ask for payment or direct victims to third‑party companies to recover funds, and does not operate any official presence on social media. Genuine IC3 reporting should be done only through the official ic3.gov domain, accessed by typing the URL directly into the browser or using trusted bookmarks, rather than clicking on links in unsolicited messages or search ads. 

Additionally, to mitigate risk the FBI recommends treating any unexpected communication claiming to be from the FBI or IC3 with skepticism, independently verify contact details through official channels, and avoid sharing sensitive information or making payments based on pressure tactics. It closes by urging individuals and organizations to train staff on recognizing impersonation scams, double‑check domains and email addresses, and promptly report suspected fake FBI or IC3 activity using confirmed, legitimate FBI contact points.
Read more »
phishing
Cyber Security Fake Domains Login Credentials Microsoft phishing

Hackers Use Look-Alike Domain Trick to Imitate Microsoft and Capture User Credentials

 




A new phishing operation is misleading users through an extremely subtle visual technique that alters the appearance of Microsoft’s domain name. Attackers have registered the look-alike address “rnicrosoft(.)com,” which replaces the single letter m with the characters r and n positioned closely together. The small difference is enough to trick many people into believing they are interacting with the legitimate site.

This method is a form of typosquatting where criminals depend on how modern screens display text. Email clients and browsers often place r and n so closely that the pair resembles an m, leading the human eye to automatically correct the mistake. The result is a domain that appears trustworthy at first glance although it has no association with the actual company.

Experts note that phishing messages built around this tactic often copy Microsoft’s familiar presentation style. Everything from symbols to formatting is imitated to encourage users to act without closely checking the URL. The campaign takes advantage of predictable reading patterns where the brain prioritizes recognition over detail, particularly when the user is scanning quickly.

The deception becomes stronger on mobile screens. Limited display space can hide the entire web address and the address bar may shorten or disguise the domain. Criminals use this opportunity to push malicious links, deliver invoices that look genuine, or impersonate internal departments such as HR teams. Once a victim believes the message is legitimate, they are more likely to follow the link or download a harmful attachment.

The “rn” substitution is only one example of a broader pattern. Typosquatting groups also replace the letter o with the number zero, add hyphens to create official-sounding variations, or register sites with different top level domains that resemble the original brand. All of these are intended to mislead users into entering passwords or sending sensitive information.

Security specialists advise users to verify every unexpected message before interacting with it. Expanding the full sender address exposes inconsistencies that the display name may hide. Checking links by hovering over them, or using long-press previews on mobile devices, can reveal whether the destination is legitimate. Reviewing email headers, especially the Reply-To field, can also uncover signs that responses are being redirected to an external mailbox controlled by attackers.

When an email claims that a password reset or account change is required, the safest approach is to ignore the provided link. Instead, users should manually open a new browser tab and visit the official website. Organisations are encouraged to conduct repeated security awareness exercises so employees do not react instinctively to familiar-looking alerts.


Below are common variations used in these attacks:

Letter Pairing: r and n are combined to imitate m as seen in rnicrosoft(.)com.

Number Replacement: the letter o is switched with the number zero in addresses like micros0ft(.)com.

Added Hyphens: attackers introduce hyphens to create domains that appear official, such as microsoft-support(.)com.

Domain Substitution: similar names are created by altering only the top level domain, for example microsoft(.)co.


This phishing strategy succeeds because it relies on human perception rather than technical flaws. Recognising these small changes and adopting consistent verification habits remain the most effective protections against such attacks.



Read more »
Technology
Financial Breach Fraud OTPs phishing Scam Scammers Technology

Smarter Scams, Sharper Awareness: How to Recognize and Prevent Financial Fraud in the Digital Age




Fraud has evolved into a calculated industry powered by technology, psychology, and precision targeting. Gone are the days when scams could be spotted through broken English or unrealistic offers alone. Today’s fraudsters combine emotional pressure with digital sophistication, creating schemes that appear legitimate and convincing. Understanding how these scams work, and knowing how to respond, is essential for protecting your family’s hard-earned savings.


The Changing Nature of Scams

Modern scams are not just technical traps, they are psychological manipulations. Criminals no longer rely solely on phishing links or counterfeit banking apps. They now use social engineering tactics, appealing to trust, fear, or greed. A scam might start with a call pretending to be from a government agency, an email about a limited investment opportunity, or a message warning that your bank account is at risk. Each of these is designed to create panic or urgency so that victims act before they think.

A typical fraud cycle follows a simple pattern: an urgent message, a seemingly legitimate explanation, and a request for sensitive action, such as sharing a one-time password, installing a new app, or transferring funds “temporarily” to another account. Once the victim complies, the attacker vanishes, leaving financial and emotional loss behind.

Experts note that the most dangerous scams often appear credible because they mimic official communication styles, use verified-looking logos, and even operate fake customer support numbers. The sophistication makes these schemes particularly hard to spot, especially for first-time investors or non-technical individuals.


Key Red Flags You Should Never Ignore

1. Unrealistic returns or guarantees: If a company claims you can make quick, risk-free profits or shows charts with consistent gains, it’s likely a setup. Real investments fluctuate; only scammers promise certainty.

2. Pressure to act immediately: Whether it’s “only minutes left to invest” or “pay now to avoid penalties,” urgency is a manipulative tactic designed to prevent logical evaluation.

3. Requests to switch apps or accounts: Authentic businesses never ask customers to transfer funds into personal or unfamiliar accounts or to download unverified applications.

4. Emotional storylines: Fraudsters know how to exploit emotions. They may pretend to be in love, offer fake job opportunities, or issue fabricated legal threats, all aimed at overriding rational thinking.

5. Asking for security codes or OTPs: No genuine financial institution or digital platform will ever ask for these details. Sharing them gives scammers direct access to your accounts.


Simple Steps to Build Financial Safety

Protection from scams starts with discipline and awareness rather than advanced technology.

• Take a moment before responding. Don’t act out of panic. Pause, think, and verify before clicking or transferring money.

• Verify independently. If a message or call appears urgent, reach out to the organization using contact details from their official website, not from the message itself.

• Activate alerts and monitor accounts. Keep an eye on all transactions. Early detection of suspicious activity can prevent larger losses.

• Use multi-layered security. Enable multi-factor authentication on all major financial accounts, preferably using hardware security keys or authentication apps instead of SMS codes.

• Keep your digital environment clean. Regularly update your devices, operating systems, and browsers, and use trusted antivirus software to block potential malware.

• Install apps only from reliable sources. Avoid downloading apps or investment platforms shared through personal messages or unverified websites.

• Educate your family. Many scam victims are older adults who may hesitate to talk about it. Encourage open communication and make sure they know how to recognize suspicious requests.


Awareness Is the New Security

Technology gives fraudsters global reach, but it also equips users with tools to fight back. Secure authentication systems, anti-phishing filters, and real-time transaction alerts are valuable but they work best when combined with personal vigilance.

Think of security like investment diversification: no single tool provides complete protection. A strong defense requires a mix of cautious behavior, verification habits, and awareness of evolving threats.


Your Takeaway

Scammers are adapting faster than ever, blending emotional manipulation with technical skill. The best way to counter them is to slow down, question everything that seems urgent or “too good to miss,” and confirm information before taking action.

Protecting your family’s financial wellbeing isn’t just about saving or investing wisely, it’s about staying alert, informed, and proactive. Remember: genuine institutions will never rush you, threaten you, or ask for confidential information. The smartest investment today is in your awareness.


Read more »
Subscribe to: Comments (Atom)