Tag: links | SpinSafe

Hackers are infecting Macs with malware using calendar invites and meeting links — don’t fall for this

February 29, 2024/in Computer Security

Getting an email with a calendar link for a meeting has become commonplace, but you may want to think twice before clicking on one. That’s because hackers have begun using calendar invites and meeting links to infect unsuspecting users with Mac malware.

As reported by Krebs On Security, cybercriminals are now abusing the popular scheduling tool Calendly in their scams. Like with other malware campaigns, this one uses social engineering to find potential targets but instead of draining their bank accounts, it goes after cryptocurrency.

Still, the hackers behind this campaign could pivot to go after other types of accounts by using a different Mac malware strain. Here’s everything you need to know about how this scam works as well as how to protect yourself and your Apple devices from Mac malware.

From meeting invite to malware infection

Krebs On Security got a first-hand look into this scam after one of the site’s readers explained how they were targeted and fell for it.

In this campaign, the hackers behind it are impersonating cryptocurrency investors who are asking to schedule a video call. However, this lure could easily be adapted to go after other groups of potential victims.

The attack itself began when the reader was approached via Telegram by a scammer that wanted to invest in their startup. Everything seemed above board though and they then shared their Calendly profile with the scammer.

When it was time for the meeting, the reader clicked on the meeting link and nothing happened. They then contacted the scammer who explained that there was an issue with the video platform. Fortunately though, their IT people had created a different meeting link.

While this is certainly the kind of thing that should raise suspicions, the reader didn’t think twice and clicked on the link. However, instead of opening a videoconferencing app, a message appeared on their Mac saying the video service was experiencing technical difficulties. The message also referenced a script that could be run as a temporary solution to fix these issues.

By running the script, the reader unknowingly infected their Mac with a dangerous trojan designed to siphon off personal and financial data from their…

Source…

Scam Alert: Fake obituary links on Facebook can lead to malware, virus – 11Alive.com WXIA

January 21, 2024/in Computer Security

Scam Alert: Fake obituary links on Facebook can lead to malware, virus 11Alive.com WXIA

Source…

Permanent TSB introduces new security feature to block scam links – The Irish Times

October 12, 2023/in Mobile Security

Permanent TSB has launched a new in-app security tool that will help detect potential scam websites that are targeting the bank’s customers.

PTSB Protect will alert customers if they receive a text message containing a fraudulent link or block them from accessing a suspicious website on their mobile device.

It is an opt-in feature that will require users to allow it to access browser and text message content to work correctly. But it will work differently depending on what mobile platform customers are using, Android users will get an alert when a fraudulent website is found in a text message; iPhone users will have the content blocked, preventing access to the fake site.

PTSB Protect depends on a daily-updated list of fraudulent links that are posing as legitimate websites, trying to scoop up personal details. The links that are received or accessed on the customer’s phone will be compared to it, with content blocked or an alert generated when fake websites are detected.

The move is in response to an increasing problem with fraudulent payments. While extra security measures such as two-factor authentication have been implemented for card payments and access to online banking, fraudsters have become increasingly sophisticated in response.

According to figures from the Banking and Payments Federation of Ireland (BPFI), card fraud cost Irish consumers €85 million in 2022. That was an increase of almost 9 per cent on the year before.

“Attempts to defraud customers through criminal activity has increased significantly over the last number of years. Our own research suggests that 75 per cent of Irish consumers have experienced an attempt of fraud with 27 per cent falling victim to it. With scams getting more sophisticated, consumers need to continue to be on their guard at all times,” said PTSB chief operating officer Peter Vance. “By introducing PTSB Protect as a new line of defence to our mobile app, we can now directly identify the source of this activity and help protect our customers before their accounts can become compromised. Financial fraud is a significant threat and it is often being targeted at groups that may think they are less vulnerable.”

The feature has…

Source…

Two teenagers among 13 arrested over links to Android banking-related malware scams

August 26, 2023/in Computer Security

SINGAPORE: Two teenagers were among 13 people arrested for their suspected involvement in banking-related malware scams targeting Android users.

The 15-year-old individuals were nabbed alongside seven men and four women aged 17 to 25, said the police in a news release on Saturday (Aug 26).

All of them were arrested during an anti-scam enforcement operation conducted by the police between Aug 14 and Aug 25.

Two other women, aged 29 and 39, and another 15-year-old teenager are assisting with investigations.

Preliminary police investigations revealed that the 13 suspects had allegedly facilitated the scam cases by relinquishing their bank accounts. Some of them also relinquished their internet banking credentials or disclosed their Singpass credentials for monetary gain.

Cases of malware being used to compromise Android mobile devices have been on the rise since January, said the police.

This results in unauthorised transactions made from the victims’ bank accounts even though they did not reveal their internet banking credentials, one-time passwords or Singpass credentials to anyone.

In such cases, the victims responded to advertisements on social media platforms and were later instructed by the scammers to download a malicious Android Package Kit from non-official app stores to facilitate the purchases, leading to malware being installed on the victims’ mobile devices.

The scammers then convince the victims via phone calls or text messages to turn on accessibility services on their Android phones. This allows the scammers to take full control of the mobile devices.

“This means that the scammers can log every keystroke and steal banking credentials stored in the phones and allows them to remotely log in to the victims’ banking apps, add money mules as payees, raise payment limits and transfer monies out to money mules,” said the police.

The scammers can further delete SMS and email notifications of the bank transfers to cover their tracks.

The police advised members of the public to not click on suspicious links, scan unknown QR codes or download mobile apps from third-party websites.

“These unverified apps may contain malware, which can severely…

Source…

Tag Archive for: links