serisec

Category: scams

  • That data breach alert might be a trap

    That data breach alert might be a trap Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot. Go to eset

  • Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

    Recovery scammers hit you when you’re down: Here’s how to avoid a second strike If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. Go to eset

  • Faking it on the phone: How to tell if a voice call is AI or not

    Faking it on the phone: How to tell if a voice call is AI or not Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers. Go to eset

  • Is Poshmark safe? How to buy and sell without getting scammed

    Is Poshmark safe? How to buy and sell without getting scammed Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches. Go to eset

  • Taxing times: Top IRS scams to look out for in 2026

    Taxing times: Top IRS scams to look out for in 2026 It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy. Go to eset

  • OfferUp scammers are out in force: Here’s what you should know

    OfferUp scammers are out in force: Here’s what you should know The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. Go to eset

  • Common Apple Pay scams, and how to stay safe

    Common Apple Pay scams, and how to stay safe Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead Go to eset

  • Telegram Hosting World’s Largest Darknet Market

    Telegram Hosting World’s Largest Darknet Market Wired is reporting on Chinese darknet markets on Telegram. The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger than ever before, according to a new analysis from the crypto tracing firm Elliptic. Despite a brief drop after Telegram…

  • LinkedIn Job Scams

    LinkedIn Job Scams Interesting article on the variety of LinkedIn job scams around the world: In India, tech jobs are used as bait because the industry employs millions of people and offers high-paying roles. In Kenya, the recruitment industry is largely unorganized, so scamsters leverage fake personal referrals. In Mexico, bad actors capitalize on the…

  • Using AI-Generated Images to Get Refunds

    Using AI-Generated Images to Get Refunds Scammers are generating images of broken merchandise in order to apply for refunds. Bruce Schneier Go to bruce schneier

  • A brush with online fraud: What are brushing scams and how do I stay safe?

    A brush with online fraud: What are brushing scams and how do I stay safe? Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow. Go to eset

  • FBI Warns of Fake Video Scams

    FBI Warns of Fake Video Scams The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence towards the loved one…

  • Scam USPS and E-Z Pass Texts and Websites

    Scam USPS and E-Z Pass Texts and Websites Google has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people…

  • Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming

    Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data Go to eset

  • Cybercriminals Targeting Payroll Sites

    Cybercriminals Targeting Payroll Sites Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then divert direct deposits into accounts that they control. Sometimes they do other things to make it harder for the victim to realize what is happening. I feel like this kind of…

  • Fraud prevention: How to help older family members avoid scams

    Fraud prevention: How to help older family members avoid scams Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically Go to eset

  • Social Engineering People’s Credit Card Details

    Social Engineering People’s Credit Card Details Good Wall Street Journal article on criminal gangs that scam people out of their credit card information: Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid…

  • Cryptocurrency ATMs

    Cryptocurrency ATMs CNN has a great piece about how cryptocurrency ATMs are used to scam people out of their money. The fees are usurious, and they’re a common place for scammers to send victims to buy cryptocurrency for them. The companies behind the ATMs, at best, do not care about the harm they cause; the…

  • Use of Generative AI in Scams

    Use of Generative AI in Scams New report: “Scam GPT: GenAI and the Automation of Fraud.” This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and…

  • Details of a Scam

    Details of a Scam Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here’s an almost: Then he added, “Here at Chase, we’ll never ask for your personal information or passwords.” On the contrary, he gave me more information—two “cancellation codes” and a long case number with four letters and 10…

  • Baggage Tag Scam

    Baggage Tag Scam I just heard about this: There’s a travel scam warning going around the internet right now: You should keep your baggage tags on your bags until you get home, then shred them, because scammers are using luggage tags to file fraudulent claims for missing baggage with the airline. First, the scam is…

  • Investors beware: AI-powered financial scams swamp social media

    Investors beware: AI-powered financial scams swamp social media Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think. Go to eset

  • The “Incriminating Video” Scam

    The “Incriminating Video” Scam A few years ago, scammers invented a new phishing email. They would claim to have hacked your computer, turned your webcam on, and videoed you watching porn or having sex. BuzzFeed has an article talking about a “shockingly realistic” variant, which includes photos of you and your house—more specific information. The…

  • Task scams: Why you should never pay to get paid

    Task scams: Why you should never pay to get paid Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams. Go to eset

  • Ghostwriting Scam

    Ghostwriting Scam The variations seem to be endless. Here’s a fake ghostwriting scam that seems to be making boatloads of money. This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans with false hopes of publishing bestseller…

  • DoorDash Hack

    DoorDash Hack A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created. Devagiri would then mark the…

  • Update: Cybercriminals still not fully on board the AI train (yet)

    Update: Cybercriminals still not fully on board the AI train (yet) A year after our initial research on threat actors’ attitudes to generative AI, we revisit some underground forums and find that many cybercriminals are still skeptical – although there has been a slight shift Matt Wixey Go to sophos

  • Scams Based on Fake Google Emails

    Scams Based on Fake Google Emails Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post. Bruce Schneier Go to bruce schneier