Latest news with #cybercriminals
Daily Mail
an hour ago
- Business
- Daily Mail
Amazon issues warning to Prime users over cyber scams
Amazon is alerting its 200 million Prime members to a sharp rise in cyber scams just weeks before its biggest-ever Prime Day event, set to begin July 8. The online retail giant says fraudsters are ramping up efforts to steal customer accounts and payment details. Amazon found that impersonation scams spiked by 80 percent during Prime Day in 2024, and similar schemes are already underway this year. The most common tactics involve fake emails and text messages designed to look like official Amazon communications, often containing malicious links or requests for personal information. Cybercriminals are seizing on the hype and urgency surrounding the four-day sales event to lure unsuspecting shoppers. With global sales expected to break records, shoppers are urged to be cautious, avoid clicking suspicious links, and report any suspicious messages to Amazon. 'Independent sellers sold more than 200 million items during Prime Day,' Amazon said in a statement. 'Prime members in the US chose to consolidate their deliveries on millions of orders, saving an estimated 10 million trips.' This year's Prime Day event will run in 26 countries, including the US, UK, India, and Canada. Ireland and Colombia are joining the list for the first time. To counter these attacks, Amazon said it removed more than 55,000 phishing websites and 12,000 fraudulent phone numbers last year. Scammers rely on urgency and fear, often warning users their account will be locked or charged unless they act immediately. Victims are frequently asked to verify account details or resolve fake issues by providing gift card numbers, passwords, or one-time passcodes, methods Amazon states it never uses. In November, the company found that 94 percent of global impersonation scams came through email, text messages, or phone calls. Two-thirds of those scams focused on fake account issues. To verify if a text message is truly from Amazon, go to the Message Center under 'Your Account.' Only legitimate communications from Amazon will appear there. Moreover, before clicking on email attachments, review the sender's address. Legitimate Amazon emails will come from an '@ address. Check the 'From' name in your email to see the full sender address and check for misspellings or suspicious characters. In March, the company tweeted on X that impersonation scams on social media have jumped 33 percent since December 2024. 'Scammers monitor customer complaints on comments, then respond using fake accounts,' Amazon said. The company emphasizes it never asks customers to click external links or move conversations to private messages. While earlier fraud attempts focused on account access, by May 2025, payment fraud had become the most reported scam, accounting for 38 percent of cases. Amazon reminds users: 'We will never call or email you requesting sensitive information like passwords.' The company has issued clear safety steps: Always access your account through the official app or website, never respond to suspicious messages, and report scam attempts through Amazon's help center or self-reporting tool. Additionally, Amazon encourages customers to enable two-factor authentication, avoid reusing passwords across websites, and turn on app notifications to confirm legitimate account activity. 'Count to ten before you act,' Amazon advises, stressing that any message pushing urgent action is a red flag. In March, Amazon also warned about 'Membership Renewal Scams,' messages prompting users to renew services by entering payment details on fake websites. To avoid delivery scams, Amazon recommends buying directly from the company instead of third-party sellers whenever possible. Items shipped and sold by Amazon are more likely to qualify for fast Prime shipping, arrive as advertised, and offer easier returns. Some customers report receiving refunds for defective items without needing to return them, due to Amazon's streamlined internal process.
Daily Mail
2 hours ago
- Business
- Daily Mail
Amazon issues urgent warning to all Prime users over hack stealing accounts: Delete these emails NOW
Amazon is alerting its 200 million Prime members to a sharp rise in cyber scams just weeks before its biggest-ever Prime Day event, set to begin July 8. The online retail giant says fraudsters are ramping up efforts to steal customer accounts and payment details. Amazon found that impersonation scams spiked by 80 percent during Prime Day in 2024, and similar schemes are already underway this year. The most common tactics involve fake emails and text messages designed to look like official Amazon communications, often containing malicious links or requests for personal information. Cybercriminals are seizing on the hype and urgency surrounding the four-day sales event to lure unsuspecting shoppers. With global sales expected to break records, Shoppers are urged to be cautious, avoid clicking suspicious links, and report any suspicious messages to Amazon. 'Independent sellers sold more than 200 million items during Prime Day,' Amazon said in a statement. 'Prime members in the US chose to consolidate their deliveries on millions of orders, saving an estimated 10 million trips.' This year's Prime Day event will run in 26 countries, including the US, UK, India, and Canada. Ireland and Colombia are joining the list for the first time. To counter these attacks, Amazon said it removed more than 55,000 phishing websites and 12,000 fraudulent phone numbers last year. Scammers rely on urgency and fear, often warning users their account will be locked or charged unless they act immediately. Victims are frequently asked to verify account details or resolve fake issues by providing gift card numbers, passwords, or one-time passcodes, methods Amazon states it never uses. In November, the company found that 94 percent of global impersonation scams came through email, text messages, or phone calls. Two-thirds of those scams focused on fake account issues. To verify if a text message is truly from Amazon, go to the Message Center under 'Your Account.' Only legitimate communications from Amazon will appear there. Moreover, before clicking on email attachments, review the sender's address. Legitimate Amazon emails will come from an '@ address. Check the 'From' name in your email to see the full sender address and check for misspellings or suspicious characters. In March, the company tweeted on X that impersonation scams on social media have jumped 33 percent since December 2024. 'Scammers monitor customer complaints on comments, then respond using fake accounts,' Amazon said. The company emphasizes it never asks customers to click external links or move conversations to private messages. While earlier fraud attempts focused on account access, by May 2025, payment fraud had become the most reported scam, accounting for 38 percent of cases. Amazon reminds users: 'We will never call or email you requesting sensitive information like passwords.' The company has issued clear safety steps: Always access your account through the official app or website, never respond to suspicious messages, and report scam attempts through Amazon's help center or self-reporting tool. Additionally, Amazon encourages customers to enable two-factor authentication, avoid reusing passwords across websites, and turn on app notifications to confirm legitimate account activity. 'Count to ten before you act,' Amazon advises, stressing that any message pushing urgent action is a red flag. In March, Amazon also warned about 'Membership Renewal Scams,' messages prompting users to renew services by entering payment details on fake websites. To avoid delivery scams, Amazon recommends buying directly from the company instead of third-party sellers whenever possible. Items shipped and sold by Amazon are more likely to qualify for fast Prime shipping, arrive as advertised, and offer easier returns. Some customers report receiving refunds for defective items without needing to return them, due to Amazon's streamlined internal process. To verify a product is sold by Amazon, look for 'Ships from and sold by under the price or beneath the 'Add to Cart' and 'Buy Now' buttons. On the Amazon app, this information appears directly below those same buttons. 'As deals drop, consumers may also drop their guards,' an Amazon spokesperson said. 'Stay vigilant, trust only verified sources, and think twice before clicking that link or answering that call.'
The Sun
5 hours ago
- The Sun
Shocking Netflix ‘hijacking' that uses convincing trick to empty your bank account exposed as TV fans told ‘be careful'
NETFLIX users are being warned of a scam that could see them vulnerable to having their personal data stolen. Cyberprotection company, Malwarebytes, issued the serious warning for people who search for tech support numbers online and that hackers were using sponsored ads to fool unsuspecting punter. The company explained that "cybercriminals frequently use ads directing to a malicious site to take advantage of our trust in sponsored search results for popular brands." It found in a recent ruse, that support scammers were hijacking the results of legitimate sites. How they pull off their scam is that they will pay for a sponsored ad on Google pretending to be a major brand and while that will usually lead to a fake website, there were some cases people were to a brand's legitimate site, "but with one small difference." The company used photos showing how the address bar on a website that a person was taken to after unknowingly clicking on one of these dodgy ads looked legitimate, but "the results had been poisoned to display the scammer's phone number instead of the business' real number." "When you call the scam number, the scammers will pose as the brand with the aim of getting you to hand over personal data or financial information, or even allow them remote access to your computer," Malwarebytes wrote on X, formerly Twitter. It then showed examples of how scammers had manipulated the real Netflix site but a "fake number appears in what looks like a search result, making it seem official." "This is able to happen because Netflix's search functionality blindly reflects whatever users put in the search query parameter without proper sanitization or validation," the company explained. "This creates a reflected input vulnerability that scammers can exploit." Netflix was just one example of the scammers' grit, Malwarebytes also found other brands that were targeted included, PayPal, Apple, Microsoft, Facebook and HP. Malwarebytes suggested people install browse guards on their computers to protect them from the elaborate scams. Netflix reveal huge list of movies and TV shows being axed next month – with some children's favourites in the mix Outside of installing the browser guard, people can also protect themselves from this kind of scam in a number of different ways. Red flags to look out for include, a phone number in the URL, suspicious search terms like 'Call Now' or 'Emergency Support' in the address bar of the browser, an excess of encoded characters alongside the characters,such as, %20 (space) and %2B (+ sign) along with phone numbers. Other warning signs include, the website showing a search result before you entered one, an in-browser warning for known scams, and urgent language displayed on the website. How to spot a dodgy app Detecting a malicious app before you hit the 'Download' button is easy when you know the signs. Follow this eight-point checklist when you're downloading an app you're unsure about: Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake. Research the developer - do they have a good reputation? Or, are totally fake? Check the release date - a recent release date paired with a high number of downloads is usually bad news. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities. Check the icon - look closely, and don't be deceived by distorted, lower-quality versions the icons from legitimate apps. All of this information will available in both Apple's App Store and the Google Play Store. "And before you call any brand's support number, look up the official number in previous communications you've had with the company (such as an email, or on social media) and compare it to the one you found in the search results. If they are different, investigate until you're sure which one is the legitimate one," said Jérôme Segura, senior director of research of Malwarebytes. "If during the call, you are asked for personal information or banking details that have nothing to do with the matter you're calling about, hang up." 2
Finextra
2 days ago
- Business
- Finextra
Beyond the Firewall: Rethinking Payment Data Security: By James Richardson
In today's digital economy, protecting sensitive business payment data is no longer just the responsibility of IT or treasury departments — it's a strategic business imperative. While enterprise systems like ERP and CRM often have strong security protocols, these systems don't operate in a vacuum. Payment data is frequently copied, stored, and used across spreadsheets, shared drives, and supplier portals — far beyond the safety of core systems. That's where the real risk lies. Why Traditional Defences Fall Short Historically, businesses have relied on layered security controls like encryption, firewalls, and access policies to protect payment information. But these measures alone don't eliminate the inherent risks of decentralised data. Payment details often reside in multiple locations across an organisation — from shared folders to manual payment files — making it hard to track who has access, where data is stored, and how it's being used. In these uncontrolled environments, human error, system design gaps, and cybercriminals can easily exploit weaknesses. And the stakes are high. Data breaches involving bank account details not only damage reputations and erode customer trust but can also expose organisations to direct financial loss, fraud recovery efforts, and regulatory scrutiny. The Rise of Payment Tokenisation To address this growing threat, an additional and effective approach is gaining traction in B2B payments security: payment tokenisation. Tokenisation replaces sensitive bank account information with a secure, randomised token — a placeholder with no exploitable value. These tokens are stored and managed outside the business's systems, in highly secure external environments. The original bank data stays protected, while the business uses the token for processing payments as if it were the real thing. In practice, this means organisations can continue to run payments efficiently — but without ever holding the real account data internally. Even if a breach occurs, attackers get meaningless tokens rather than actionable payment credentials. Strategic Benefits Beyond Security The appeal of tokenisation goes beyond protecting against fraud. It simplifies compliance and risk management by centralising sensitive data into a single, tightly controlled location. That eliminates data sprawl, reduces audit complexity, and gives finance teams greater peace of mind. Organisations embracing tokenisation also gain operational resilience. Instead of relying solely on internal controls, they reduce systemic risk by shifting sensitive data management to dedicated, security-hardened infrastructure. That's especially valuable for large businesses managing thousands of payments a day or navigating complex multi-supplier networks. From Niche to Necessity While tokenisation is already well established in card payment systems, its adoption for bank account data is only just beginning. There's no regulatory requirement — yet — but that's starting to shift. Standards like PCI DSS don't currently mandate tokenisation for bank details, but forward-thinking organisations aren't waiting for legislation to catch up. Rising fraud, evolving cyber threats, and increasing expectations from partners and regulators are all pushing tokenisation from a niche solution to a best-practice standard. For financial operations teams, it's a proactive step that protects both reputation and revenue. The Strategic Imperative Tokenisation isn't just a cybersecurity tactic — it's a smarter, more resilient way to handle business payment data in a landscape where breaches are inevitable and reputational risk is high. It streamlines compliance, enhances governance, and dramatically lowers the threat posed by internal errors, third-party risks, and increasingly sophisticated attacks. The time to act is now. Businesses that wait for regulation, a major breach, or a mandate from a banking partner are already on the back foot. Forward-looking organisations are proactively removing sensitive bank account data from their systems — not simply to protect it, but to eliminate the need to hold it in the first place. Don't wait for a crisis to rethink your approach. Tokenisation is fast becoming a defining feature of modern payment security strategy. If your business handles payments, it's time to ask: why hold the risk at all?
Forbes
2 days ago
- Business
- Forbes
As Americans Worry About Trump Policies, Fake Investment Scams Spread
Economic tensions in the U.S., including concerns over the relationship between Donald Trump and Elon Musk, are driving a big boom in "get rich quick" schemes online, with criminals rushing to register malicious domains. With more than of Americans admitting to living paycheck to paycheck, said Forex broker comparison firm BrokerChooser, searches for get rich quick schemes have shot up by 150% over the past month. And scammers are exploiting this concern - along with current political internal U.S. political tensions. According to PreCrime Labs, the threat research team at BforeAI, large numbers of domains related to hypothetical conflicts between Donald Trump and Elon Musk are appearing. These domains are often mimicking betting platforms, fake giveaways or crypto multipliers, while promising victims huge returns. "In the case of the Donald Trump and Elon Musk feud, once Musk publicly voiced his distaste for Trump's 'big beautiful bill' on June 4, 2025, cybercriminals leapt into action, creating at least 39 new domains aimed at scamming and defrauding internet users," said the researchers. "All of these new domains were registered in the following two days, on June 5 and 6, 2025." The scammers are using a wide range of low-cost and under-regulated top level domains, said the firm, including '.xyz', '.space', '.wtf', '.live', '.info', '.fun', '.store', '.icu', and '.online'. Many URLs contain keywords like 'trumpvselon', 'elonvstrump', 'elonprivateaccess', 'trumploveselon', 'trumpmuskfeud', along with keywords such as 'crypto', 'billiondollar', 'betting', 'private access', and 'game'. Meanwhile, domains are being configured to leverage Telegram's messaging API, either by auto-redirecting visitors or by presenting a Telegram bot interface. This is done through client-side scripting or meta-refresh tags, directing individuals to a specific Telegram handle or channel. "This method is frequently observed in campaigns designed to funnel victims into fraudulent investment schemes, as the domain promotes crypto or facilitates impersonation-based scams", the researchers said. "The presence of Telegram integrations and fake app stores used in this campaign represents a shift to multi-channel attack vectors. There is a strong potential that we will continue to see scams spreading to other popular social media platforms, where media consumption and redirection are high." In 2024 alone, investment scams netted at least $5.7 billion from American victims, BrokerChooser said. "Before parting with your money, always verify a company's license directly on the official regulator's website and don't trust links or contact details from emails or messaging apps. Search the company's name with terms like 'scam' or 'complaints,' read verified reviews, and check for regulatory warnings", said Adam Nasli, head analyst at BrokerChooser. "Be wary of promises like 'guaranteed returns' or 'risk-free' profits, which are classic red flags. Real investments carry risk, and legitimate firms will be upfront about that. If it sounds too good to be true, it probably is."
