Cybercriminals are delivering bogus data breach notifications, deceiving unsuspecting recipients and infecting their devices with malware
Bleeping Computer reports that fraudsters are using malicious SEO techniques, Google sites, and spam pages to deceive and defraud users
Scammers are sending fake data breach messages from companies such as Chegg, EA, Canva, Dropbox, Hulu, Ceridian, Shein, PayPal, Target, Hautelook, Mojang, InterContinental Hotels Group, and Houzz sending data breach messages
To spread the fake notices, scammers have published new web pages and compromised existing sites with terms such as "data breach" These were picked up by Google Alerts, a service that allows users to track arbitrary keywords
The notifications used subjects such as "Target data breach," "Dropbox data breach," and "Paypal security breach 2020" to grab users' attention Clicking on these links would direct users to web pages containing fake giveaways, browser extension advertisements, and other scams
In some cases, the notifications were not easily recognizable as scams because they displayed a "page not found" warning or text describing a fake data breach
The best way to avoid becoming a victim of these scams is to avoid installing browser extensions, plug-ins, or software that these warnings suggest In many cases, you will only be asked to fill out a survey to see the "notification," which is harmless as long as you do not have to provide any personal information
Bleeping Computer's research also uncovered a directory of 2,000 text files using specific keywords and phrases that appear in Google Alerts Most of these were created in the past week, but the oldest can be traced back to July 31, 2018
All of this information was taken from public sources and is based on questions people have, and topics include software products, DIY, vapes, breeding dogs, hardware, etc
Another fake message urged users to update their Adobe Flash browser plug-in and appeared in Google Chrome and Mozilla Firefox, sending users to a fake iPhone 11 competition
Jake Moore, a security specialist at ESET, told Tom's Guide: "Malicious vendors are becoming increasingly adept at obfuscating their illicit means Attackers continue to evolve their tactics to give their prey a false sense of security, and they are very good at this
[22] "Attackers use well-known brands to give victims a false sense of security and get them to click on malware without their knowledge The answer is to always be vigilant and not immediately click on a site, even if it seems trustworthy
Comments