Computers Nationwide vigilantly watches how the internet continues to grow and expand in its sophistication of online scams. Social media platforms such as Facebook, LinkedIn, Instagram and Twitter are a great place for growing your business, staying connected and staying up to date with the latest news. Unfortunately, scammers and hackers LOVE these platforms. Scammers can use hidden URLs to direct users to a website that installs hidden malware on your device granting them access to ALL of your private information. These individuals or groups have tricks up their sleeves that might look seemingly normal to any user. A few social media tactics a scammer may use: hashtag hijacking, clickbait, fake coupons, financial scams and fraudulent promotions. Read more to discover the latest internet scams and how you can spot them to stay secure!
Here are 3 Current Internet Scams to Be Aware of:
1. Scammer Use Fake ‘Premium’ Version of FaceApp to Lure Users
FaceApp is a free app that can be downloaded from the App Store without any complication. Scammers are taking advantage of users interested in a ‘Premium’ version that does not exist thus leading the user down a rabbit hole of ads and with just one click a user may begin installing malware onto their device!
“With FaceApp gaining popularity worldwide, scammers have found a new way to make a quick buck. They are using a fake ‘Pro’ version of the application to lure users looking to download the popular app. In this, attackers use a fake website that claims to offer the premium version of FaceApp for free. However, in reality, the scammers trick victims into clicking through countless offers for other paid apps, subscriptions, ads and surveys. The app also asks the victim’s permission to allow display notifications. Once these notifications are enabled, they can lead to further fraudulent offers.”
2. Scammers Leverage Face Office 365 Admin Alerts in New BEC Scam
Phishing is a type of scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. Scammers disguised their email as Office 365 admin alerts and prompted their targets to enter their Microsoft login credentials.
“To gain access to a user’s account, scammers send fake Office 365 admin alerts through email. These alerts are usually time-sensitive and require an admins’ immediate attention. In order to create a sense of urgency, the alert can be around an issue with mail service or unauthorized access being discovered.
For instance, a fake alert found by BleepingComputer stated that an organization’s Office 365 license has expired and can only be retrieved after making a payment. For this, the victim had to click on a link included in the email to check with their payment details.”
3. Pegasus Spyware Can Now Scrape Data from Servers of Apple, Google, Facebook and Microsoft
“Once the malware is installed on a victim’s phone, the infection can spread to the user’s cloud accounts and download their entire online history. The malware does this by copying the login credentials of various services like Facebook Messenger, Google Drive, Apple’s iCloud, and others. It later uses a separate server to mimic the phone including its location.
The malicious server syncs all the information including messages, photos and location history from the connected victim’s device and relays them back to the surveillance operators.
Given the wide range of capabilities, the Financial Times said, “It works on any device that Pegasus can infect, including many of the latest iPhones and Android smartphones, according to the documents, and allows ongoing access to data uploaded to the cloud from laptops, tablets, and phones—even if Pegasus is removed from the initially targeted smartphone.”
How to Spot a Scam
- Be skeptical. Remember not all the information on your feed is true. Your friends may have fallen victim to a scam and are not aware of it.
- Always check the link before clicking. You can hover over a link which will show the referring website. Only visit known and trusted websites.
- Be very suspicious. If you receive an email prompting you to enter sensitive information contact the company using a phone number or website you know is real. Not the information in the email. Attachments and links can install harmful malware.
- If anyone or anything prompts you to download and install an app or file, stay clear. Mobile apps should only be downloaded from curated app stores such as the Apple App Store or Google Play, any other apps should be not be trusted.