Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Scam. Show all posts
subscriptions
cloud storage Cyber Security Email Google Drive phishing Scam subscriptions

Cloud Storage Scam Uses Fake Renewal Notices to Trick Users


Cybercriminals are running a large-scale email scam that falsely claims cloud storage subscriptions have failed. For several months, people across different countries have been receiving repeated messages warning that their photos, files, and entire accounts will soon be restricted or erased due to an alleged payment issue. The volume of these emails has increased sharply, with many users receiving several versions of the same scam in a single day, all tied to the same operation.

Although the wording of each email differs, the underlying tactic remains the same. The messages pressure recipients to act immediately by claiming that a billing problem or storage limit must be fixed right away to avoid losing access to personal data. These emails are sent from unrelated and randomly created domains rather than official service addresses, a common sign of phishing activity.

The subject lines are crafted to trigger panic and curiosity. Many include personal names, email addresses, reference numbers, or specific future dates to appear genuine. The messages state that a renewal attempt failed or a payment method expired, warning that backups may stop working and that photos, videos, documents, and device data could disappear if the issue is not resolved. Fake account numbers, subscription details, and expiry dates are used to strengthen the illusion of legitimacy.

Every email in this campaign contains a link. While the first web address may appear to belong to a well-known cloud hosting platform, it only acts as a temporary relay. Clicking it silently redirects the user to fraudulent websites hosted on changing domains. These pages imitate real cloud dashboards and display cloud-related branding to gain trust. They falsely claim that storage is full and that syncing of photos, contacts, files, and backups has stopped, warning that data will be lost without immediate action.

After clicking forward, users are shown a fake scan that always reports that services such as photo storage, drive space, and email are full. Victims are then offered a short-term discount, presented as a loyalty upgrade with a large price reduction. Instead of leading to a real cloud provider, the buttons redirect users to unrelated sales pages advertising VPNs, obscure security tools, and other subscription products. The final step leads to payment forms designed to collect card details and generate profit for the scammers through affiliate schemes.

Many recipients mistakenly believe these offers will fix a real storage problem and end up paying for unnecessary products. These emails and websites are not official notifications. Real cloud companies do not solve billing problems through storage scans or third-party product promotions. When payments fail, legitimate providers usually restrict extra storage first and provide a grace period before any data removal.

Users should delete such emails without opening links and avoid purchasing anything promoted through them. Any concerns about storage or billing should be checked directly through the official website or app of the cloud service provider.

Read more »
Scam
Bangladesh Cybersecurity FBI Identity Fraud Privacy Scam

U.S. Authorities Shut Down Online Network Selling Fake Identity Templates

 



United States federal authorities have taken down an online operation accused of supplying tools used in identity fraud across multiple countries. The case centers on a Bangladeshi national who allegedly managed several websites that sold digital templates designed to imitate official government identification documents.

According to U.S. prosecutors, the accused individual, Zahid Hasan, is a 29-year-old resident of Dhaka. He is alleged to have operated an online business that distributed downloadable files resembling authentic documents such as U.S. passports, social security cards, and state driver’s licenses. These files were not physical IDs but editable digital templates that buyers could modify by inserting personal details and photographs.

Court records indicate that the operation ran for several years, beginning in 2021 and continuing until early 2025. During this period, the websites reportedly attracted customers from around the world. Investigators estimate that more than 1,400 individuals purchased these templates, generating nearly $2.9 million in revenue. Despite the scale of the operation, individual items were sold at relatively low prices, with some templates costing less than $15.

Law enforcement officials state that such templates are commonly used to bypass identity verification systems. Once edited, the counterfeit documents can be presented to banks, cryptocurrency platforms, and online services that rely on document uploads to confirm a user’s identity. This type of fraud poses serious risks, as it enables financial crimes, account takeovers, and misuse of digital platforms.

The investigation intensified after U.S. authorities traced a transaction in which Bitcoin was exchanged for fraudulent templates by a buyer located in Montana. Following this development, federal agents moved to seize multiple domains allegedly connected to the operation. These websites are now under government control and no longer accessible for illegal activity.

The case involved extensive coordination between agencies. The FBI’s Billings Division and Salt Lake City Cyber Task Force led the investigation, with support from the FBI’s International Operations Division. Authorities in Bangladesh, including the Dhaka Metropolitan Police’s Counterterrorism and Transnational Crime Unit, also assisted in tracking the alleged activities.

A federal grand jury has returned a nine-count indictment against Hasan. The charges include multiple counts related to the distribution of false identification documents, passport fraud, and social security fraud. If convicted, the penalties could include lengthy prison sentences, substantial fines, and supervised release following incarceration.

The case is being prosecuted by Assistant U.S. Attorney Benjamin Hargrove. As with all criminal proceedings, the charges represent allegations, and the accused is presumed innocent unless proven guilty in court.

Cybersecurity experts note that the availability of such tools highlights the growing sophistication of digital fraud networks. The case is an alarming call for the importance of international cooperation and continuous monitoring to protect identity systems and prevent large-scale misuse of personal data.



Read more »
Technology
Financial Breach Fraud OTPs phishing Scam Scammers Technology

Smarter Scams, Sharper Awareness: How to Recognize and Prevent Financial Fraud in the Digital Age




Fraud has evolved into a calculated industry powered by technology, psychology, and precision targeting. Gone are the days when scams could be spotted through broken English or unrealistic offers alone. Today’s fraudsters combine emotional pressure with digital sophistication, creating schemes that appear legitimate and convincing. Understanding how these scams work, and knowing how to respond, is essential for protecting your family’s hard-earned savings.


The Changing Nature of Scams

Modern scams are not just technical traps, they are psychological manipulations. Criminals no longer rely solely on phishing links or counterfeit banking apps. They now use social engineering tactics, appealing to trust, fear, or greed. A scam might start with a call pretending to be from a government agency, an email about a limited investment opportunity, or a message warning that your bank account is at risk. Each of these is designed to create panic or urgency so that victims act before they think.

A typical fraud cycle follows a simple pattern: an urgent message, a seemingly legitimate explanation, and a request for sensitive action, such as sharing a one-time password, installing a new app, or transferring funds “temporarily” to another account. Once the victim complies, the attacker vanishes, leaving financial and emotional loss behind.

Experts note that the most dangerous scams often appear credible because they mimic official communication styles, use verified-looking logos, and even operate fake customer support numbers. The sophistication makes these schemes particularly hard to spot, especially for first-time investors or non-technical individuals.


Key Red Flags You Should Never Ignore

1. Unrealistic returns or guarantees: If a company claims you can make quick, risk-free profits or shows charts with consistent gains, it’s likely a setup. Real investments fluctuate; only scammers promise certainty.

2. Pressure to act immediately: Whether it’s “only minutes left to invest” or “pay now to avoid penalties,” urgency is a manipulative tactic designed to prevent logical evaluation.

3. Requests to switch apps or accounts: Authentic businesses never ask customers to transfer funds into personal or unfamiliar accounts or to download unverified applications.

4. Emotional storylines: Fraudsters know how to exploit emotions. They may pretend to be in love, offer fake job opportunities, or issue fabricated legal threats, all aimed at overriding rational thinking.

5. Asking for security codes or OTPs: No genuine financial institution or digital platform will ever ask for these details. Sharing them gives scammers direct access to your accounts.


Simple Steps to Build Financial Safety

Protection from scams starts with discipline and awareness rather than advanced technology.

• Take a moment before responding. Don’t act out of panic. Pause, think, and verify before clicking or transferring money.

• Verify independently. If a message or call appears urgent, reach out to the organization using contact details from their official website, not from the message itself.

• Activate alerts and monitor accounts. Keep an eye on all transactions. Early detection of suspicious activity can prevent larger losses.

• Use multi-layered security. Enable multi-factor authentication on all major financial accounts, preferably using hardware security keys or authentication apps instead of SMS codes.

• Keep your digital environment clean. Regularly update your devices, operating systems, and browsers, and use trusted antivirus software to block potential malware.

• Install apps only from reliable sources. Avoid downloading apps or investment platforms shared through personal messages or unverified websites.

• Educate your family. Many scam victims are older adults who may hesitate to talk about it. Encourage open communication and make sure they know how to recognize suspicious requests.


Awareness Is the New Security

Technology gives fraudsters global reach, but it also equips users with tools to fight back. Secure authentication systems, anti-phishing filters, and real-time transaction alerts are valuable but they work best when combined with personal vigilance.

Think of security like investment diversification: no single tool provides complete protection. A strong defense requires a mix of cautious behavior, verification habits, and awareness of evolving threats.


Your Takeaway

Scammers are adapting faster than ever, blending emotional manipulation with technical skill. The best way to counter them is to slow down, question everything that seems urgent or “too good to miss,” and confirm information before taking action.

Protecting your family’s financial wellbeing isn’t just about saving or investing wisely, it’s about staying alert, informed, and proactive. Remember: genuine institutions will never rush you, threaten you, or ask for confidential information. The smartest investment today is in your awareness.


Read more »
Scam
AI Deepfakes Bengaluru Cyber Crime deep fake videos Financial Scam links Scam

Deepfake of Finance Minister Lures Bengaluru Homemaker into ₹43.4 Lakh Trading Scam




A deceptive social media video that appeared to feature Union Finance Minister Nirmala Sitharaman has cost a Bengaluru woman her life’s savings. The 57-year-old homemaker from East Bengaluru lost ₹43.4 lakh after being persuaded by an artificial intelligence-generated deepfake that falsely claimed the minister was recommending an online trading platform promising high profits.

Investigators say the video, which circulated on Instagram in August, directed viewers to an external link where users were encouraged to sign up for investment opportunities. Believing the message to be authentic, the woman followed the link and entered her personal information, which was later used to contact her directly.

The next day, a man identifying himself as Aarav Gupta reached out to her through WhatsApp, claiming to represent the company shown in the video. He invited her to a large WhatsApp group titled “Aastha Trade 238”, which appeared to host over a hundred participants discussing stock trades. Another contact, who introduced herself as Meena Joshi, soon joined the conversation, offering to help the victim learn how to use the firm’s trading tools.

Acting on their guidance, the homemaker downloaded an application called ACSTRADE and created an account. Meena walked her through the steps of linking her bank details, assuring her that the platform was reliable. The first transfer of ₹5,000 was made soon after, and to her surprise, the app began displaying what looked like real profits.

Encouraged by what appeared to be rapid returns, she made larger investments. The application showed her initial ₹1 lakh growing into ₹2 lakh, and a later ₹5 lakh transfer seemingly yielding ₹8 lakh. The visual proof of profit strengthened her trust, and she kept transferring higher amounts.

In September, problems surfaced. While exploring an “IPO feature” on the app, she tried to exit but was unable to do so due to recurring technical errors. When she sought help, Meena advised her to continue investing to prevent losses. The woman followed this advice, transferring a total of ₹23 lakh in hopes of recovering her funds.

Once her savings were exhausted, the scammers proposed a loan option within the same app, claiming it would help her maintain her trading record. When she attempted to withdraw money, the platform denied the request, displaying a message stating her loan account was still active. Believing the issue could be resolved with more funds, she pawned her gold jewellery at a bank and a finance company, wiring additional money to the fraudsters.

By late October, her total transfers had reached ₹43.4 lakh across 13 separate transactions between September 24 and October 27. The deception came to light only when her bank froze her account on November 1, alerting her that unusual activity had been detected.

The East Cybercrime Police Station has since registered a case under the Information Technology Act and Section 318 of the Bharatiya Nyaya Sanhita, which addresses cheating. Officers confirmed that the fraudulent video used sophisticated AI tools to mimic the minister’s voice and gestures convincingly, making it difficult for untrained viewers to identify as fake.

Police officials have urged the public to remain alert to deepfake-driven scams that exploit public trust in well-known personalities. They advise verifying any financial offer through official government portals or trusted news sources, and to avoid clicking unfamiliar links on social media.

Experts warn that such crimes surface a new wave of cyber fraud, where manipulated media is used to build false credibility. Citizens are advised never to disclose personal or banking information through unverified links, and to immediately report suspicious investment schemes to their banks or local cybercrime authorities.



Read more »
Scam
Browser Malicious Browser Extension Mozilla phishing Scam

Mozilla Alerts Extension Developers About Phishing Scam on Add-ons Platform

 



Mozilla has issued a warning to developers who publish browser extensions on its official platform, addons.mozilla.org (AMO), about a new phishing campaign targeting their accounts. The attackers are reportedly sending emails that falsely claim to be from the Mozilla team, attempting to trick developers into giving away their login credentials.

AMO is the central hub for Firefox browser extensions, hosting more than 60,000 add-ons and over 500,000 visual themes. These are used by millions of Firefox users across the world, making the platform a valuable target for cybercriminals.

In its advisory, Mozilla stated that the scam emails are disguised to look like official communication from its staff. The messages often claim that the developer’s account needs to be updated in order to continue using certain features. This tactic is meant to create urgency and increase the chances of the developer clicking on a malicious link.

Mozilla urged developers to be extra cautious and double-check any email they receive related to their add-on accounts. Specifically, it advised checking if the message came from a genuine Mozilla domain such as mozilla.org, mozilla.com, or firefox.com. In addition, developers should make sure that the email passes technical checks like SPF, DKIM, and DMARC, which are designed to verify the sender's identity.

To avoid falling victim, Mozilla recommends that developers avoid clicking on any links in suspicious emails. Instead, they should go directly to Mozilla’s official website using a browser and log in only through trusted web addresses.

While Mozilla has not yet confirmed how many developers were affected or whether any accounts were compromised, at least one developer has come forward saying they fell for the scam. Mozilla has promised to share more details as its investigation progresses.

This warning comes just weeks after Mozilla introduced new security features aimed at protecting users from malicious extensions. The company’s Add-ons Operations team has recently removed hundreds of suspicious add-ons, including some designed to steal cryptocurrency.

Andreas Wagner, who oversees security efforts on the platform, noted that while not all harmful extensions are easy to detect, cybercriminals stole nearly $500 million in crypto last year through fake wallet extensions and similar scams.

Mozilla’s latest alert serves as a reminder for all developers and users to stay careful when it comes to online threats, especially those targeting widely used platforms.

Read more »
Social Media
Crypto Cyber Security Facebook Instagram Internet Meta Pig Butchering Scam Social Media

Beware of Pig Butchering Scams That Steal Your Money

Beware of Pig Butchering Scams That Steal Your Money

Pig butchering, a term we usually hear in the meat market, sadly, has also become a lethal form of cybercrime that can cause complete financial losses for the victims. 

Pig Butchering is a “form of investment fraud in the crypto space where scammers build relationships with targets through social engineering and then lure them to invest crypto in fake opportunities or platforms created by the scammer,” according to The Department of Financial Protection & Innovation. 

Pig butchering has squeezed billions of dollars from victims globally. Cambodian-based Huione Group gang stole over $4 billion from August 2021 to January 2025, the New York Post reported.

How to stay safe from pig butchering?

Individuals should watch out for certain things to avoid getting caught in these extortion schemes. Scammers often target seniors and individuals who are not well aware about cybercrime. The National Council on Aging cautions that such scams begin with receiving messages from scammers pretending to be someone else. Never respond or send money to random people who text you online, even if the story sounds compelling. Scammers rely on earning your trust, a sob story is one easy way for them to trick you. 

Another red flag is receiving SMS or social media texts that send you to other platforms like WeChat or Telegram, which have fewer regulations. Scammers also convince users to invest their money, which they claim to return with big profits. In one incident, the scammer even asked the victim to “go to a loan shark” to get the money.

Stopping scammers

Last year, Meta blocked over 2 million accounts that were promoting crypto investment scams such as pig butchering. Businesses have increased efforts to combat this issue, but the problem still very much exists. A major step is raising awareness via public posts broadcasting safety tips among individuals to prevent them from falling prey to such scams. 

Organizations have now started releasing warnings in Instagram DMs and Facebook Messenger warning users about “potentially suspicious interactions or cold outreach from people you don’t know”, which is a good initiative. Banks have started tipping of customers about the dangers of scams when sending money online. 

Read more »
Scam
Browser confidential documents Cyber Security Emails phishing Scam

When Trusted Sites Turn Dangerous: How Hackers Are Fooling Users

 


A recent cyberattack has revealed how scammers are now using reliable websites and tailored links to steal people's login credentials. This new method makes it much harder to spot the scam, even for trained eyes.


How It Was Caught

A cybersecurity team at Keep Aware was silently monitoring browser activity to observe threats in real time. They didn’t interrupt the users — instead, they watched how threats behaved from start to finish. That’s how they noticed one employee typed their login details into a suspicious page.

This alert led the team to investigate deeper. They confirmed that a phishing attack had occurred and quickly took action by resetting the affected user’s password and checking for other strange activity on their account.

What stood out was this: the phishing page didn’t come from normal browsing. The user likely clicked a link from their email app, meaning the scam started in their inbox but took place in their browser.


How the Scam Worked

The employee landed on a real, long-standing website known for selling outdoor tents. This site was over 9 years old and had a clean online reputation. But cybercriminals had broken in and added a fake page without anyone noticing.

The page showed a message saying the user had received a “Confidential Document” and asked them to type in their email to view a payment file. This is a typical trick — creating a sense of urgency to get the person to act without thinking.


Tactics Used by Hackers

The fake page was designed to avoid being studied by experts. It blocked right-clicking and common keyboard shortcuts so that users or researchers couldn’t easily inspect it.

It also had smart code that responded to how the person arrived. If the phishing link already included the target’s email address, the page would automatically fill it in. This made the form feel more genuine and saved the user a step — making it more likely they’d complete the action.

This technique also allowed attackers to keep track of which targets clicked and which ones entered their information.


Why It Matters

This attack shows just how advanced phishing scams have become. By using real websites, targeted emails, and smooth user experiences, scammers are getting better at fooling people.

To stay safe, always be cautious when entering personal information online. Even if a site looks familiar, double-check the web address and avoid clicking suspicious email links. If something feels off, report it before doing anything else.


Read more »
SSA
Cybersecurity Datatheft Fraud IdentityTheft malware phishing remotetool Scam screenconnect SSA

Cybercriminals Target Social Security Users with Sophisticated Phishing Scam

 

A new wave of phishing attacks is exploiting public trust in government agencies. Cybercriminals are sending fraudulent emails that appear to come from the Social Security Administration (SSA), aiming to trick recipients into downloading a remote access tool that gives hackers full control over their computers, according to a report by Malwarebytes.

The scam emails, often sent from compromised WordPress websites, claim to offer a downloadable Social Security statement. However, the entire message is typically embedded as an image—a tactic that allows it to bypass most email filters. Clicking on the link initiates the installation of ScreenConnect, a powerful malware tool that enables attackers to infiltrate your device remotely.

The campaign has been attributed to a phishing group known as Molatori, whose goal is to extract personal, banking, and other sensitive information. “Once in, the attackers can steal your data, commit financial fraud, and engage in identity theft,” the report warns.

To avoid falling victim, experts suggest staying alert to red flags. These scam emails often contain poor grammar, missing punctuation, strange formatting, and unusual colour schemes for links. Such errors—evident in screenshots shared by Malwarebytes and the SSA—are clear signs of a scam, even as AI-driven tactics make phishing attempts more convincing than ever.

“If you want to view your Social Security statement, the safest option is to visit ssa.gov,” the SSA advises.

What to Do If  You're Targeted:

  • Cut off all communication with the scammer
  • Report the incident to the SSA Office of the Inspector General (OIG)
  • File a report with your local police
  • If you've lost money, submit a complaint to the FBI’s Internet Crime Complaint Center (IC3)

As phishing threats continue to evolve, cybersecurity awareness remains your best defense.


Read more »
Subscribe to: Comments (Atom)