Latest news with #Malwarebytes
The Star
18 hours ago
- The Star
Phone users being bombarded by scamming 'onslaught,' survey finds
More than half of people say they're being hit with attempted scams every day in a dispiriting "onslaught" that is making it tougher to tell fake messages from genuine, research shows. — Photo: Bernd Diekjobst/dpa LOS ANGELES: Owning a mobile phone is increasingly troublesome and irritating as dangerous scams and spam become ever more prevalent, according to new survey results from Malwarebytes. The internet security company found more than half the people asked complain they are hit with attempted scams every day in a dispiriting "onslaught" that is making it tougher to tell fake messages from genuine and to which one in four phone users appear to have surrendered. "Phishing texts arrive from endless new phone numbers, deepfake extortion threats upend lives, and scams everywhere now mimic routine interactions – hiding behind QR codes, imposter websites, and even high-ranking Google ads," Malwarebytes warned, publishing findings that will likely resonate with many smartphone users. The survey, which was carried out in Austria, Germany, Switzerland, the UK and the US, indicated that users' "everyday habits" leave them more vulnerable to attack as almost all "trade data for deals" and for what looks at first glance to be convenience, handing over personal data to applications and granting permissions for deep-reaching access to devices. And while almost eight out of ten people asked said they worry about such risks, around 25% of say they no longer care, seeing scams as "an inevitable cost of being online." Financial loss, fraud, account and device lockout, identity theft and privacy leaks were among the risks people said they worried about while using their devices - threats that are likely to get worse as artificial intelligence becomes more widely used. "Malicious texts pose as package delivery notifications, phishing emails impersonate trusted brands and unknown calls hide extortion attempts, virtual kidnapping schemes," Malwarebytes said. The survey authors warned that "routine phone habits" such as clicking tracking links and comparing prices "open the door to fraud," with younger phone-addicted age groups such as Generation Z and millennials more likely to click though on phones than others or those who use computers regularly. – dpa
The Sun
2 days ago
- The Sun
Shocking Netflix ‘hijacking' that uses convincing trick to empty your bank account exposed as TV fans told ‘be careful'
NETFLIX users are being warned of a scam that could see them vulnerable to having their personal data stolen. Cyberprotection company, Malwarebytes, issued the serious warning for people who search for tech support numbers online and that hackers were using sponsored ads to fool unsuspecting punter. The company explained that "cybercriminals frequently use ads directing to a malicious site to take advantage of our trust in sponsored search results for popular brands." It found in a recent ruse, that support scammers were hijacking the results of legitimate sites. How they pull off their scam is that they will pay for a sponsored ad on Google pretending to be a major brand and while that will usually lead to a fake website, there were some cases people were to a brand's legitimate site, "but with one small difference." The company used photos showing how the address bar on a website that a person was taken to after unknowingly clicking on one of these dodgy ads looked legitimate, but "the results had been poisoned to display the scammer's phone number instead of the business' real number." "When you call the scam number, the scammers will pose as the brand with the aim of getting you to hand over personal data or financial information, or even allow them remote access to your computer," Malwarebytes wrote on X, formerly Twitter. It then showed examples of how scammers had manipulated the real Netflix site but a "fake number appears in what looks like a search result, making it seem official." "This is able to happen because Netflix's search functionality blindly reflects whatever users put in the search query parameter without proper sanitization or validation," the company explained. "This creates a reflected input vulnerability that scammers can exploit." Netflix was just one example of the scammers' grit, Malwarebytes also found other brands that were targeted included, PayPal, Apple, Microsoft, Facebook and HP. Malwarebytes suggested people install browse guards on their computers to protect them from the elaborate scams. Netflix reveal huge list of movies and TV shows being axed next month – with some children's favourites in the mix Outside of installing the browser guard, people can also protect themselves from this kind of scam in a number of different ways. Red flags to look out for include, a phone number in the URL, suspicious search terms like 'Call Now' or 'Emergency Support' in the address bar of the browser, an excess of encoded characters alongside the characters,such as, %20 (space) and %2B (+ sign) along with phone numbers. Other warning signs include, the website showing a search result before you entered one, an in-browser warning for known scams, and urgent language displayed on the website. How to spot a dodgy app Detecting a malicious app before you hit the 'Download' button is easy when you know the signs. Follow this eight-point checklist when you're downloading an app you're unsure about: Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake. Research the developer - do they have a good reputation? Or, are totally fake? Check the release date - a recent release date paired with a high number of downloads is usually bad news. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities. Check the icon - look closely, and don't be deceived by distorted, lower-quality versions the icons from legitimate apps. All of this information will available in both Apple's App Store and the Google Play Store. "And before you call any brand's support number, look up the official number in previous communications you've had with the company (such as an email, or on social media) and compare it to the one you found in the search results. If they are different, investigate until you're sure which one is the legitimate one," said Jérôme Segura, senior director of research of Malwarebytes. "If during the call, you are asked for personal information or banking details that have nothing to do with the matter you're calling about, hang up." 2
Forbes
4 days ago
- Forbes
You Must Never Call These Numbers On Your Smartphone
Do not call any of these numbers. We are now being repeatedly warned that legitimate infrastructure is being hijacked by attackers. This includes spoofed Google support addresses, Gmail passwords and even federal agency phone numbers. Now there's another such attack to beware. Malwarebytes warns that scammers are crafting malicious search engine results that link to legitimate sites — such as Netflix or Microsoft, but then open a webpage that includes a search box with a dangerous phone number inserted. The team says this could be called 'a search parameter injection attack, because the scammer has crafted a malicious URL that embeds their own fake phone number into the genuine site's legitimate search functionality.' If you call the number, the handler will pretend to represent the brand you called from, 'with the aim of getting their victim to hand over personal data or card details, or even allow remote access to their computer.' If that brand is a financial firm such as PayPal or Bank Of America, scammers will try to empty accounts. Malicious phone numbers on real website Malwarebytes says users should watch for these red flags: This follows another warning this week from Netcraft, that threat actors are 'exploiting [search engine] While Netcraft says SEO poisoning usually 'promotes malicious or fraudulent websites by exploiting the ranking systems of platforms like Google,' in these injection attacks the websites are real, making it much harder for users to immediately detect the threat. The phone numbers can even appear in the search engine results themselves. What's interesting is there has been so much focus from Google, the FBI and others on not responding to proactive technical or account support calls, that this puts the onus back on users, following official advice to find numbers for themselves before contacting any support desk. But adhere to those red flags and you'll be fine.
Newsweek
11-06-2025
- Newsweek
Gen Z Most Likely to Suffer Extortion Scams
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. While Gen Z might have grown up immersed in technology, they are now the number one target for extortion scammers, according to a new report. In Malwarebytes's new Mobile Scam Report, Gen Z was deemed the top extortion target, with 28 percent of the age group experiencing extortion scams. This was far higher than both Gen X and baby boomers, at 15 and 7 percent, respectively. Why It Matters Extortion scams are criminal schemes where the fraudster attempts to blackmail a victim for money or personal information. While scammers might threaten physical harm, the digital age has ushered in a new type of scammer, with many targeting younger people with threats of releasing sexually explicit photographs or videos to the world. They also may claim to be the police, requesting money or personal data if the victim wants to avoid arrest. In this photo illustration, a 13-year-old boy looks at an iPhone screen display on May 21 in Bath, England. In this photo illustration, a 13-year-old boy looks at an iPhone screen display on May 21 in Bath, To Know In 2023, the FBI reported 48,000 extortion victims, a 22 percent jump from 2022, and many of the victims are Gen Zers. Those born in the generation—from 1997 to 2012—were more likely to encounter extortion scams than older age groups. Roughly 58 percent of Gen Z and 52 percent of millennials had countered an extortion scam, whereas only 35 percent and 23 percent of Gen X and boomers had, according to the new Malwarebytes report. Gen Z was also much more likely to actually fall for the scams, with 28 percent experiencing one. Roughly 13 percent of these scams were virtual kidnapping, while another 13 percent were attributed to deepfakes. Sextortion cases made up 11 percent. "The woman asked for a small amount of money which I was reluctant to give, but she harassed me, so I decided to," one Gen Z survey respondent said. "Then she wanted to send me money to send to her friend. I accepted the money, but then alarms went off and I never sent it to her friend. I later learned about money mules. She then threatened to kill me because I had taken $1k when she only got $300. I then blocked her and called the police because I was scared." Much of the higher risk for Gen Z and millennials comes down to how they use their digital devices. By sharing personal data with apps and websites, fraudsters are able to more easily target them. "This isn't a Gen Z problem - it's a societal and political failure," Bryan Driscoll, HR consultant who specializes in generational differences, told Newsweek. "Parents, schools, tech companies, and policymakers have dropped the ball. We failed to teach boundaries, privacy, or skepticism. Instead, we taught them to post everything, trust algorithms, and chase validation in likes and follows." Roughly 90 percent of mobile users shared deep levels of personal data with apps and websites, according to the survey. And younger users were the most permissive, with 91 percent of Gen Zers and millennials saying they grant apps access to their location, camera, photo library, and/or contacts compared to 80 percent for Gen X and older. "A generation - and society - that normalizes surveillance, has a fractured sense of privacy, and is increasingly vulnerable to manipulation is doomed," Driscoll said. "If we don't build genuine protections - and it doesn't look like we're going to based on current federal policy proposals to explicitly ban any AI regulation for a decade - this will only get worse." What People Are Saying Alex Beene, financial literacy instructor for the University of Tennessee at Martin, told Newsweek: "There's a misconception that older Americans are most in danger when it comes to mobile scams. The reality is Gen Z finds themselves at the top of most rankings when it comes to falling for digital deception. While they may be younger and more tech savvy, Gen Z are also connected to their devices more frequently and may fall for scams based on impulse." Driscoll also told Newsweek: "I'm not surprised Gen Z is the top target. It's the logical outcome of growing up with the world at your fingertips without appropriate digital literacy or regulation to match. The platforms Gen Z has known their entire lives are designed to manipulate behavior, harvest data, and reward oversharing. We've handed them the internet with no roadmap or guardrails and then act shocked when predators, scammers, and AI exploit that vulnerability." Drew Powers, founder of Illinois-based Powers Financial Group, told Newsweek: "When you first hear this, it may seem counterintuitive given that Gen Z has grown up with the Internet, social media, and mobile communications, but it actually makes perfect sense. Baby Boomers and Generation X can vividly recall the days before the Internet, and therefore we have a built-in distrust around most anonymous electronic communications. Gen Z on the other hand, is far more comfortable with and trusting of these platforms." What Happens Next To lower the rate of younger Americans falling for extortion scams, an increased emphasis likely needs to be on teaching literacy for younger generations. Just because they grew up with technology does not mean they are more prepared against scams, Beene said. "We need to quit assuming this group can navigate through digital waters because of their youth and experience with technology," Beene said. "If anything, the younger you are, the more you need to go through training on potential scams that could target your identity and money."
Forbes
10-06-2025
- Automotive
- Forbes
You Will Probably Get This Text Message—You Must Delete It
Delete this message immediately. There is a new attack targeting your phone. After months of warnings to pay overdue road tolls that have swept across America, that scam is finally on the decline. But there's a new threat taking its place — and this one is worse. 'The unpaid toll scam texts have seen a significant decline recently,' Guardio told me, 'with the peak number of messages sent occurring around March - April.' But they have been replaced with 'more sophisticated' DMV texts, which are 'longer messages tailored to each state,' and which are also 'more threatening.' Guardio says its team 'spotted a 773% surge in DMV scam texts during the first week of June,' which shows no signs of slowing. 'These scam texts lead to phishing websites designed to steal people's credit card information and make unauthorized charges.' That means you are likely to get this text at least once, probably many times. According to Malwarebytes, '44% of people encounter a mobile scam every single day, while 78% encounter scams at least weekly.' The FBI has warned users to delete all such texts on their phones, and multiple U.S. police forces and agencies (1,2,3) have issued warnings this week given new attacks. Just as with the unpaid tolls, these are driven by Chinese criminal gangs, outside the reach of U.S. law enforcement. DMV text surge The DMV texts claim an outstanding traffic violation fine needs to be paid, they threaten to suspend vehicle registrations and even enforce driving bans if it remains unpaid. The link in the text purports to open a payment website for the state's DMV. 'Scammers generate a new domain for almost every DMV text they send,' Guardio says. 'The format is usually the name of a state followed by a generic domain. Sometimes they include '.gov' as part of the URL to make the website appear legitimate.' The top-level domains used are clearly not associated with any state DMV, and if you can spot them within the link you will know it's a scam for sure. 'The top three domain extensions they use across most links are .cc, .icu, and .vip.' DMV texts Here are some example links, to give you an idea of what you're likely to see: The DMV scam has not yet rooted into the public consciousness in the same way as unpaid tolls — albeit that took more than a year and still claims victims to this day. But DMV warnings are now being publicized by agencies and law enforcement and this scam will now surge week by week until it's everywhere. Just as with the toll texts, these will hit every major city and state in time. Fox News reports that it is already 'targeting drivers in states like Connecticut, Pennsylvania, Georgia, Florida, New York, California, Illinois, New Jersey, Virginia, Colorado, Vermont, Texas, North Carolina and even Washington, D.C.' And it is only just getting started.
