Latest news with #scams
Forbes
9 hours ago
- Business
- Forbes
As Amazon Prime Account Hacks Surge — Here's What You Need To Do
Beware of these Amazon Prime scams. AFP via Getty Images Update, June 20, 2025: This story, originally published on June 19, has been updated to include more advice from Amazon, including the best contact methods if you are concerned someone might be trying to access your Prime account, as well as details of an anti-scam web browser you might like to try when shopping online. If there's one truism above all others when it comes to cybercriminal hackers, it has to be that they follow the money and the crowd. That is why we see so many attacks that target the likes of Gmail accounts, the Microsoft Windows operating system and, most recently, Facebook passwords. Amazon, as you might expect given its status in the world of online retail, is not immune to this attention. With the retail giant announcing that this year's Prime Day sales will span four days in July, hackers will already be making their nefarious plans. The badness is that last year, Prime Day attacks increased by 80% over the year before. The good news is that Amazon is ready. Here's what you need to know. Forbes 16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now By Davey Winder You couldn't make this up. As I was writing this very article, I received a call from a scammer impersonating Amazon, asking if I had ordered an iPhone 13. Yes, seriously. Precisely the kind of threat that Amazon is warning about, at precisely the moment that I write about hackers making their plans for this year. Obviously, I didn't fall for it, and neither will you if you take the advice from Amazon that follows shortly. As Amazon has now confirmed that Prime Day 2025 will take place July 8 through July 11, you can expect to be on the end of such calls, text messages and emails yourself. An Amazon spokesperson told me that 'as deals drop, consumers may also drop their guards, making them more susceptible to scams.' And Amazon has the numbers to make the hairs on your back stand up to support this: 'In the weeks surrounding Prime Day in 2024,' the spokesperson said, 'Amazon customers reported an 80% increase in all impersonation scams that claimed there was an issue with their account.' Unsurprisingly, as in my case, the top threat tactics included claiming to be from Amazon support and warning that there was a problem with your order, account, or payment. 'Impersonation scams via phone calls,' Amazon said, 'more than doubled during Prime Day' last year. Ensure your Amazon account is protected by two-step verification, also known as two-factor ... More authenticion or 2FA. Amazon Forbes Use These Secret Gmail Addresses To Prevent Hack Attacks — Here's How By Davey Winder Amazon Advice For Customers To Prevent Account Scam Attacks Amazon has shared the following advice for shoppers, both before and during the Prime Day 2025 sales, on how to stay safe from brand impersonation hackers: Never share your Amazon credentials with any third-party tools, websites or, well, anyone. They don't need to know. Only use tools and sites that support the secure Login With Amazon authentication process. Verify purchases directly on Amazon, do not respond to a message, click on a link or give account information over the phone. Never place an order by email with a seller. Amazon will only ever ask for payment in its app or on the website, and never by email or phone. Do not be fooled by scammers creating a sense of false urgency. Count to ten and apply the advice at the top of the list. Amazon will never ask you to purchase a gift card. Keep your operating system and the Amazon app updated to the latest version to ensure the best security protections are in place. Ensure your Amazon account is protected by two-step verification, also known as two-factor authentication or 2FA Ensure your Amazon account is protected by two-step verification, also known as two-factor ... More authentication or 2FA. Amazon You might also want to look at the browser that you use to access Amazon, especially as the privacy-centric DuckDuckGo has just updated its offering specifically with anti-scam protections that include online shopping threats. Available and active as soon as you fire up the web browser, DuckDuckGo has a built-in Scam Blocker function that protects against phishing sites and malware. Of particular interest, and new in this latest update, is that it now also guards against 'sham e-commerce sites, fake cryptocurrency exchanges, scareware that falsely claims your device has a virus, and other sites known to advertise fake products or services,' according to Peter Dolanjski from DuckDuckGo. Find out more about how Amazon protects customers from scams and the best way to report an incident here. Forbes FBI Warns Smartphone Users — Do Not Click On SMS Links By Davey Winder
Malay Mail
12 hours ago
- Business
- Malay Mail
Securities Commission intensifies crackdown on scams, adds 59 to investor alert list in just the first quarter of 2025
KUANTAN, June 20 — The Securities Commission Malaysia (SC) added 59 names to its Investor Alert List in the first quarter (1Q) of this year, said chairman Datuk Mohammad Faiz Azmi. He said this move is part of ongoing efforts to combat the increasingly rampant scams, alongside blocking fraudulent websites and social media pages. 'In 2024, we added 273 names to the Alert List, and in the 1Q this year, we added another 59,' he said during his opening remarks at the launch of the Bersama InvestSmart@Pahang 2025 programme. The event was officiated by Pahang Investment, Industrial Development, Science, Technology and Innovation Committee chairman Datuk Mohamad Nizar Mohamad Najib. Mohammad Faiz added that the SC also collaborates closely with the Malaysian Communications and Multimedia Commission (MCMC) to block these deceptive sites. 'Last year, we blocked 153 websites and 261 social media pages. In the 1Q, we blocked 29 websites and 91 social media pages. These numbers show how much illicit activity we are fighting daily,' he said. As of May 2025, he said, the SC had received 1,218 complaints and enquiries about scams. Mohammad Faiz also reminded the public to be cautious of scams that claim to be Shariah compliant, using religious sentiment to gain trust. Bersama InvestSmart@Pahang 2025 is a three day programme starting today, bringing together government officials, capital market industry players, and regulators under one roof as part of the SC's investor outreach initiative. More than 40 exhibitors are participating in the event, themed 'Bijak Labur, Hidup Makmur'. — Bernama
Yahoo
a day ago
- Business
- Yahoo
AI Deepfakes Responsible For 40% Of $4.6B Lost To Crypto Scams Last Year, Report Says
Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below. Some $4.6 billion was lost to cryptocurrency scams in 2024, according to a joint report from cryptocurrency exchange Bitget and cryptocurrency-focused security firms SlowMist and Elliptic released last week. Deepfakes were the most used tactic, accounting for "nearly 40% of high value fraud," the report said. Using deepfakes, scammers created the illusion of official authority for scam projects, the firms said. They cited deepfaked videos of Singapore Prime Minister Lee Hsien Loong and Deputy Prime Minister Lawrence Wong endorsing supposed "government-endorsed crypto investment" platforms as examples. The report also said Tesla (NASDAQ:TSLA) CEO Elon Musk was regularly featured in fraudulent giveaway schemes. Don't Miss: — no wallets, just price speculation and free paper trading to practice different strategies. Grow your IRA or 401(k) with Crypto – . Beyond impersonating public figures the report said deepfakes are used to bypass know your customer verification systems to steal customer funds, create virtual identities as covers for investment fraud and launch phishing attacks through fake video meeting platforms that implant backdoors in the computers of targets. "Five years ago, avoiding scams meant 'don't click suspicious links.' Today, it's 'don't trust your own eyes,'" the report said. Meanwhile, AI is also being leveraged to make more traditional scams, like Ponzi and pyramid schemes, more sophisticated. Using face-swapping and deepfake technology, scammers are able to fake images and videos to bolster confidence in the schemes. The report cited a February scheme that saw scammers hijack the X account of Tanzanian billionaire Mohammed Dewji to promote a fake Tanzania token using deepfake videos. The project raised over $1.4 million in the first 24 hours. "The biggest threat to crypto today isn't volatility—it's deception," Bitget CEO Gracy Chen said in a statement. "AI has made scams faster, cheaper, and harder to detect." Trending: New to crypto? on Coinbase. With the pace of AI advancement likely to continue to accelerate, the current dominance of AI-based cryptocurrency scams promises to be the new reality, making it necessary for projects and individuals to develop countermeasures. Some suggestions in the report include establishing a single platform for information sharing and using on-chain signatures for easy verification. The report also warned users against blindly trusting familiar faces and voices, urging them to verify information across multiple platforms before acting. Other tips included being skeptical of unsolicited contact, not running code or installing files from unknown sources, bookmarking official sites, and using scam detection plug-ins. The scourge of deepfakes is not limited to the cryptocurrency space. President Donald Trump in May signed the Take It Down Act, which criminalizes deepfake pornography and requires tech firms to remove them upon request. Read Next: A must-have for all crypto enthusiasts: . Maker of the $60,000 foldable home has 3 factory buildings, 600+ houses built, and big plans to solve housing — Image: Shutterstock This article AI Deepfakes Responsible For 40% Of $4.6B Lost To Crypto Scams Last Year, Report Says originally appeared on Sign in to access your portfolio
The Verge
a day ago
- The Verge
DOJ files to seize $225 million in crypto from scammers
The Department of Justice reported yesterday that it filed a civil complaint to seize roughly $225.3 million in cryptocurrency linked to crypto investment scams. In a press release, the DOJ said it traced and targeted accounts that were 'part of a sophisticated blockchain-based money laundering network' dispersing funds taken from more than 400 suspected victims of fraud. The 75-page complaint filed in the US District Court for the District of Columbia lays out more detail about the seizure. According to it, the US Secret Service (USSS) and Federal Bureau of Investigation (FBI) tied scammers to seven groups of Tether stablecoin tokens. The fraud fell under what's typically known as 'pig butchering:' a form of long-running confidence scam aimed at tricking victims — sometimes with a fake romantic relationship — into what they believe is a profitable crypto investment opportunity, then disappearing with the funds. Pig butchering rings often traffic the workers who directly communicate with victims to Southeast Asian countries, something the DOJ alleges this ring did. The DOJ says Tether and crypto exchange OKX first alerted law enforcement in 2023 to a series of accounts they believed were helping launder fraudulently obtained currency through a vast and complex web of transactions. The alleged victims include Shan Hanes (referred to in this complaint as S.H.), the former Heartland Tri-State Bank president who was sentenced to 24 years in prison for embezzling tens of millions of dollars to invest in one of the best-known and most devastating pig butchering scams. The complaint lists a number of other victims who lost thousands or millions of dollars they thought they were investing (and did not commit crimes of their own). An FBI report cited by the press release concluded overall crypto investment fraud caused $5.8 billion worth of reported losses in 2024.
Fox News
a day ago
- Fox News
Android malware poses as fake contacts to steal your personal data
Hacking keeps evolving, just like any other profession. Cybercriminals are always upgrading their tools, especially malware, to find new ways to scam people and steal data or money. The old tricks no longer work as well. Basic phishing rarely fools anyone twice, so hackers constantly look for new ways to break in. They rely on whatever grabs your attention and doesn't raise suspicion, things like social media ads, fake banking apps or updates that look completely normal. One of the fastest-growing threats in this space is Crocodilus. First detected in early 2025, this Android banking Trojan takes over your contact list to make its scams look more legitimate and harder to spot. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. The Crocodilus malware was first documented by ThreatFabric cybersecurity researchers in late March 2025. They highlighted its extensive data theft and remote control capabilities. Crocodilus uses Facebook to infect devices. It appears in ads that look normal, but once clicked, the malware installs itself on your device. In some cases, it mimicked banking and e-commerce apps in Poland, promising users free points in exchange for downloading an app. The link led to a fake site that delivered the malware. Although the ad was only live for a few hours, it still reached thousands of users, most of whom were over 35, a group more likely to have money in the bank. Smaller but growing campaigns have also been reported in the United States, where Crocodilus disguised itself as crypto wallet tools, mining apps and financial services. These fake apps are often distributed through social media ads or phishing links, targeting Android users who are less likely to question a "legit-looking" financial app. While not yet widespread, the presence of Crocodilus in the U.S. underscores its global reach and rapidly evolving tactics. The Trojan has also been spotted in Spain, where it disguised itself as a browser update, targeting nearly every major Spanish bank. In Turkey, it posed as an online casino app. And the threat doesn't stop there. One of the biggest concerns with Crocodilus is its ability to add fake contacts to your phone, inserting entries like "Bank Support" into your contact list. So, if an attacker calls pretending to be from your bank, your phone may not flag it because it appears to be a trusted number, making social engineering scams much more convincing. The latest version also includes a more advanced seed phrase collector, especially dangerous for cryptocurrency users. Crocodilus monitors your screen and uses pattern matching to detect and extract sensitive data, such as private keys or recovery phrases, all before quietly sending it to the attacker. Crocodilus shows us what the next wave of mobile threats might look like. It uses real ads to get into your phone. It blends into your digital life in ways that feel familiar. It does not need flashy tricks to succeed. It just needs to appear trustworthy. This kind of malware is designed for scale. It targets large groups, works across different regions and updates fast. It can pretend to be a bank, a shopping app or even something harmless like a browser update. The scary part is how normal it all looks. People are not expecting something this malicious to hide inside something that looks like a gift. The creators of Crocodilus understand how people think and act online. They are using that knowledge to build tools that work quietly and effectively. And they are not working alone. This kind of operation likely involves a network of developers, advertisers and distributors all working together. 1. Avoid downloading apps from ads or unknown sources: Crocodilus often spreads through ads on social media platforms like Facebook. These ads promote apps that look like banking tools, e-commerce platforms or even crypto wallets. If you click and install one, you might be unknowingly downloading malware. Always search for apps directly on trusted platforms like the Google Play Store. Do not install anything from random links, especially those shared through ads, messages or unfamiliar websites. 2. Avoid suspicious links and install strong antivirus protection: Crocodilus spreads through deceptive ads and fake app links. These can look like legitimate banking tools, crypto apps or browser updates. Clicking on them may quietly install malware that hijacks your contacts, monitors your screen or steals login credentials. To stay safe, avoid clicking on links from unknown sources, especially those that promise rewards or warn of urgent problems. Installing strong antivirus software on your Android device adds another layer of protection. It can scan downloads, block malicious behavior and warn you about phishing attempts before they become a bigger issue. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Review app permissions carefully before and after installation: Before you install an app, take a moment to look at the permissions it asks for. If a shopping app wants access to your contacts, messages or screen, that is a red flag. After installing, go to your phone settings and double-check what permissions the app actually has. Malware like Crocodilus relies on overreaching permissions to steal data and gain control. If anything seems unnecessary, revoke the access or uninstall the app entirely. 4. Keep your Android device updated at all times: Security patches are released regularly to block known vulnerabilities. Crocodilus is designed to take advantage of outdated systems and bypass newer Android restrictions. By updating your phone and apps regularly, you reduce the chances of malware slipping through. Set your device to install updates automatically when possible and check manually every so often if you are not sure. 5. Consider using a data removal or monitoring service: While not a direct defense against malware, data removal services can help minimize the damage if your information has already been leaked or sold. These services monitor your personal data on the dark web and offer guidance if your credentials have been compromised. In a case like Crocodilus, where malware may harvest and transmit banking info or crypto keys, knowing your data exposure early can help you act before scammers do. Check out my top picks for data removal services here. 6. Turn on Google Play Protect: Google Play Protect is a built-in security feature on Android phones that scans your apps for anything suspicious. To stay protected, make sure it's turned on. You can check this by opening the Play Store, tapping your profile icon and selecting Play Protect. From there, you can see if it's active and run a manual scan of all your installed apps. While it may not catch everything, especially threats from outside the Play Store, it's still an important first layer of defense against harmful apps like Crocodilus. 7. Be skeptical of unfamiliar contacts or urgent messages: One of the newer tricks Crocodilus uses is modifying your contact list. It can add fake entries that look like customer service numbers or bank helplines. So, if you receive a call from "Bank Support," it might not be real. Always verify phone numbers through official websites or documents. The same applies to messages asking for personal details or urgent logins. When in doubt, do not respond or click any links. Contact your bank or service provider directly. Crocodilus is one of the most advanced Android banking Trojans seen so far. It spreads through social media ads, hides inside apps that look real and collects sensitive data like banking passwords and crypto seed phrases. It can also add fake contacts to your phone to trick you during scam calls. If you use Android, avoid downloading apps from links in ads or messages. Only install apps from trusted sources like the Google Play Store. Keep your phone updated, and be careful if something looks too good to be true because it probably is. Who should be held accountable when malware like Crocodilus spreads through platforms like Facebook? Let us know by writing to us at For more of my tech tips anbd security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
