Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Shopping Scam. Show all posts
Smishing Scam
Cyber Security cybercriminals Data Theft Financial Theft Personal Data Shopping Scam Smishing Scam

Beware of Fake Delivery Text Scams During Holiday Shopping

 

As the holiday shopping season peaks, cybercriminals are taking advantage of the increased online activity through fake delivery text scams. Disguised as urgent notifications from couriers like USPS and FedEx, these scams aim to steal personal and financial information. USPS has issued a warning about these “smishing” attacks, highlighting their growing prevalence during this busy season.

How Fake Delivery Scams Work

A recent CNET survey shows that 66% of US adults are concerned about being scammed during the holidays, with fake delivery notifications ranking as a top threat. These fraudulent messages create urgency, urging recipients to act impulsively. According to Brian Cute of the Global Cyber Alliance, this sense of urgency is key to their success.

Victims typically receive texts claiming issues with their package and are directed to click a link to resolve them. These links lead to malicious websites designed to mimic legitimate courier services, tricking users into providing private information or downloading harmful software. The spike in online shopping makes both seasoned shoppers and those unfamiliar with these tactics potential targets.

Many scam messages stem from previous data breaches. Cybercriminals use personal information leaked on the dark web to craft convincing messages. Richard Bird of Traceable AI notes that breaches involving companies like National Public Data and Change Healthcare have exposed sensitive data of millions.

Additionally, advancements in artificial intelligence allow scammers to create highly realistic fake messages, making them harder to detect. Poor grammar, typos, and generic greetings are becoming less common in these scams, adding to their effectiveness.

How to Protect Yourself

Staying vigilant is essential to avoid falling victim to these scams. Here are some key tips:

  • Be cautious of texts or emails from unknown sources, especially those with urgent requests.
  • Verify suspicious links or messages directly on the courier’s official website.
  • Check for red flags like poor grammar, typos, or unexpected requests for payment.
  • Always confirm whether you’ve signed up for tracking notifications before clicking on links.

What to Do If You Suspect a Scam

If you believe you’ve encountered a scam, take immediate action:

  • Contact your financial institution to report potential fraud and secure your accounts.
  • Report the scam to relevant authorities such as the FCC, FTC, or FBI’s Internet Crime Complaint Center.
  • Use courier-specific contacts, like spam@uspis.gov for USPS or abuse@fedex.com for FedEx.

Consider freezing your credit to prevent unauthorized access to your financial data. Monitor your bank statements regularly for unusual activity. For added security, identity theft protection services bundled with cybersecurity tools can help detect and prevent misuse of your information.

Awareness and vigilance are your best defenses against fake delivery text scams. By following these tips and staying informed, you can shop with confidence and protect yourself from falling prey to cybercriminals this holiday season.

Read more »
Shopping Scam
2FA Cyber Security Dark Web dark web breaches Fake Website Hacker attack Malware Attack Online Shopping phishing Shopping Scam

The Dark Web’s Role in Phishing and 2FA Security Breaches

 


Black Friday and Cyber Monday may have passed, but the dangers of online scams and cyberattacks persist year-round. Cybercriminals continue to exploit digital shoppers, leveraging sophisticated tools such as phishing kits, fake websites, and cookie grabbers that bypass two-factor authentication (2FA). These tools, widely available on dark web marketplaces, turn online shopping into a risky endeavour, particularly during the peak holiday season.

Cybercriminal Tools: A Growing Threat

Dark web marketplaces operate like legitimate businesses, offering everything from free phishing kits to subscription-based malware services. According to NordStellar threat intelligence:

  • Phishing kits: Often free or low-cost, enable hackers to replicate authentic websites.
  • Fake website templates: Start at $50, tricking users into sharing personal information.
  • Malware subscriptions: Priced at $150 per month, provide hackers with advanced tools.
  • Cookie grabber pages: Sell for $400 or more, enabling access to user accounts by bypassing login credentials and 2FA.

These illicit tools are increasingly accessible, with some even offered at discounted rates during the holiday season. The result is an alarming rise in phishing scams targeting fake shopping sites, with 84% of victims interacting with these scams and nearly half losing money.

The Role of Stolen Cookies in Cybercrime

Session cookies, particularly authentication cookies, are a prized asset for hackers. NordStellar reports over 54 billion stolen cookies available on the dark web, including:

  • 154 million authentication cookies, 23.5 million of which remain active.
  • 37 million login cookies, with 6.6 million still usable.
  • 30 million session cookies capable of bypassing 2FA.

These cookies allow attackers to impersonate legitimate users, gaining unauthorized access to accounts without requiring passwords or verification codes. This capability makes cookie-grabber pages one of the most valuable tools in the hacker’s arsenal.

Protecting Yourself from Cyber Threats

Google has introduced measures like passkeys to combat these threats, offering a more secure alternative to traditional 2FA methods. A Google spokesperson emphasized that passkeys reduce phishing risks and strengthen security against social engineering attacks. Consumers can take additional steps to safeguard their online accounts:

  • Scrutinize links and websites to avoid phishing scams.
  • Switch to advanced authentication methods such as passkeys where available.
  • Stay informed about emerging cyber threats and adopt proactive security practices.

By remaining vigilant and embracing stronger authentication technologies, shoppers can minimize the risks posed by cybercriminals and their evolving arsenal of dark web tools.

Read more »
User Secuirty
BFCM Cyber Fraud data security Online fraud Shopping Scam User Secuirty

Scammers are Targeting Black Friday and Cyber Monday Shoppers

 

As Black Friday and Cyber Monday (BFCM) approach, hackers are plotting new tricks to spoil the party of shoppers. 

Last year, US shoppers spent USD 10.90 billion on Cyber Monday and another USD 9.03 billion on Black Friday. At the same time, merchants also hope to cash in on any additional traffic that BFCM brings to their ecommerce sites. 

But, while more traffic often brings more opportunities, it also directs to increased rates of online fraud. According to the UK's National Cyber Security Centre (NCSC), victims of online shopping frauds lost an average of ($1,176) each during the holiday shopping period last year – and the figure is rising. 

Sophisticated Technique 

To understand the patterns of cyber fraud, threat analysts at Bitdefender Antispam Lab have examined the fraudulent activities associated with Black Friday and Cyber Monday. 

During their study of fraud patterns between October 26 and November 9, the analysts detected that rate of unverified Black Friday emails peaked on Nov 9, when reached 26% of all Black Friday-related mail. The fraudsters employed multiple email subjects in an attempt to lure the recipients into visiting the fake websites to receive huge discounts. 

The researchers also identified a widespread online campaign inviting recipients to claim gift cards from popular retailers like Home Depot. In this case, the malicious emails include links to bogus online survey pages that have nothing to do with the retailer’s gift card. 

Once the victims have completed the survey, they were directed to another page where they could choose the ‘prize.’ To receive the prize at their doorstep, recipients were requested to pay for the shipment by providing private and banking details. 

“We scored an iPhone 13, though. The displayed page uses the recipients’ IP address to display a localized version of the scam – in our case Romania. We need to pay 15 RON (roughly 3.06 USD) for shipping and enter our name and address,” one of the recipients of fraud mail stated. “After entering our shipping details, we were prompted to enter our payment information, including cc number and CVV code.” 

Prevention Tips 

  1. Always scan the sender’s email address and look for typos 
  2. Never interact with unsolicited giveaway correspondence 
  3. Always shop on verified websites you already know 
  4. Research properly before providing details to a new vendor 
  5. Avoid accessing links or attachments from unverified sources
Read more »
Subscribe to: Posts (Atom)