Wired: How Hackers Hijacked Thousands of High-Profile YouTube Accounts. “SINCE AT LEAST 2019, hackers have been hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they simply auction off access to the account. Now, Google has detailed the technique that hackers-for-hire used to compromise thousands of YouTube creators in just the past couple of years.”
Associated Press: Feds warn companies: Fake online reviews could lead to fines. “Federal regulators say they are cracking down on ‘an explosion’ of businesses’ use of fake reviews and other misleading messages to promote their products and services on social media. The Federal Trade Commission said it has warned hundreds of major corporations and smaller businesses that they could face fines if they use bogus endorsements to deceive consumers.”
Malwarebytes Labs: “Free Steam game” scams on TikTok are Among Us. “What we sometimes see on TikTok is gaming-themed accounts making many of the same promises you see on other platforms. Free games, free items, free stuff. Everything is definitely free with no strings attached. Would RandomAccountGuy3856 lie to you? The answer is, of course, ‘Yes, RandomAccountGuy3856 absolutely would lie to you’.”
Miami Herald: Subject of Miami Herald PPP investigation charged with COVID-19 relief fraud. “A Texas man flagged in a 2020 Miami Herald investigation whose companies were approved for millions in suspicious loans through the Paycheck Protection Program has been charged with multiple counts of wire fraud and making false statements to a bank. The federal charges in the Eastern District of Texas stem from three loans received by companies tied to Sinoj Joseph that totaled more than $3 million.”
Washington Post: Read that link carefully: Scammers scoop up misspelled cryptocurrency URLs to rob your wallet. “Wwwblockchain.com isn’t a typo. Nor is hlockchain.com or blpckchain.com. Those sites are set up to dupe Internet users trying to reach Blockchain.com, a website that lets users buy and sell cryptocurrency. And there’s big money in little typos.”
OCCRP: How a Russian Mobile App Developer Recruited Phones into a Secret Ad-Watching Robot Army. “In 2015, Russian-language tutorials began appearing on YouTube, Facebook, Twitter, and niche forums, blogs, and websites showing how Net2Share, a software tool developed by Adeco Systems, could be downloaded and used even by someone with zero programming skills to clone mobile apps. All a user had to do was download a regular mobile app, replicate it in Net2Share, and upload the duplicated copy to app stores. In exchange, they would get a cut of the revenue earned from ads displayed by the cloned apps. But Net2Share had a hidden feature that even its ethically dubious users didn’t know about.”
The Guardian: How fraudsters can use the forgotten details of your online life to reel you in . “In the first half of this year, £355m was lost in the UK to authorised push payment fraud, where people transferred money to scammers’ accounts. Some of these crimes began with fraudsters socially engineering victims they had met on dating sites. Others with people being contacted by someone pretending to be from a bank’s fraud department, and manipulating them that way.”
Washington Post: A flood of unknown products is making online shopping impossible . “If you’ve tried to buy something through online ads on Facebook or Instagram, or through a site such as Amazon, Google and Walmart, chances are you’ve encountered a mix of brands you’ve heard of and even more you haven’t. Between the reputable products and the counterfeits is a sea of mysterious companies selling goods of unknown origin and quality.”
CBC: Google agrees to government request to pull ads linking to fake travel sites. “ArriveCan is the app the government uses to record international visits for the purposes of tracking COVID-19. Both Canadian residents and foreign visitors are required to have it. But scammers have taken advantage of that requirement by seeking to divert travellers onto fake ArriveCan websites and charging them for the service.”
The Conversation: The rise of dark web design: how sites manipulate you into clicking. “Dark design has proven to be an incredibly effective way of encouraging web users to part with their time, money and privacy. This in turn has established ‘dark patterns’, or sets of practices designers know they can use to manipulate web users. They’re difficult to spot, but they’re increasingly prevalent in the websites and apps we use every day, creating products that are manipulative by design, much like the persistent, ever-present pop-ups we’re forced to close when we visit a new website.”
Talos: A wolf in sheep’s clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus . “Amnesty International recently made international headlines when it released a groundbreaking report on the widespread use of Pegasus to target international journalists and activists. Adversaries have set up a phony website that looks like Amnesty International’s — a human rights-focused non-governmental organization — and points to a promised anti-virus tool to protect against the NSO Group’s Pegasus tool. However, the download actually installs the little-known Sarwent malware.”
Associated Press: Scammers got nearly 30% of Arizona virus unemployment pay. “Scammers were able to pocket nearly 30% of the $16 billion in unemployment insurance payments sent out by Arizona since the start of the coronavirus pandemic, the director of the state agency overseeing the program said Thursday.”
Wired: Hundreds of Scam Apps Hit Over 10 Million Android Devices. “GOOGLE HAS TAKEN increasingly sophisticated steps to keep malicious apps out of Google Play. But a new round of takedowns involving about 200 apps and more than 10 million potential victims shows that this longtime problem remains far from solved—and in this case, potentially cost users hundreds of millions of dollars.”
The Daily Swig: Social media scam: Twitter bots are tricking users into making PayPal and Venmo payments into fraudsters’ accounts. “The bots appear to be activated when a legitimate user asks another for their payment information, presumably discovering these tweets via a search for keywords such as ‘PayPal’, ‘Venmo’, or other services. They masquerade as the other user by scraping their profile picture and adopting a similar username, before supplying them with false payment information in the hopes the original tweeter will pay into this account.”
ProPublica: Facebook Grew Marketplace to 1 Billion Users. Now Scammers Are Using It to Target People Around the World.. “It hit 1 billion users a month this spring, and the company recently told investors that it’s one of its most promising new sources of revenue. That growth has been built, in part, on the company’s assurances about the safety of its platform…. That confidence may be misguided. Facebook says it protects users through a mix of automated systems and human reviews. But a ProPublica investigation based on internal corporate documents, interviews and law enforcement records reveals how those safeguards fail to protect buyers and sellers from scam listings, fake accounts and violent crime.” You mean Facebook’s oversight of its Marketplace platform is as ineffective as the oversight of its main product? I’M (not really) SHOCKED!
