Daily Dot: Don’t click that USPS text you just got—it’s a scam

Daily Dot: Don’t click that USPS text you just got—it’s a scam. “Receiving USPS text messages about an unclaimed package? Don’t click the link. Text messages purporting to be from the United States Postal Service (USPS) have been hitting phones all across the country this week, asking recipients to claim a package. But the texts are not from the USPS and are part of a wide-scale phishing scam, designed to steal users’ personal information.”

BBB Scam Alert: Photo sharing message phishes for your Google password (Better Business Bureau)

Better Business Bureau: BBB Scam Alert: Photo sharing message phishes for your Google password. “Don’t let your curiosity get the better of you. A new scam appears to be an email from Google, informing you that someone has shared a photo album with you. But it’s really a phishing scheme that’s after your password.”

CNET: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams

CNET: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams. “Targeted attacks, also called spear-phishing, aim to trick you into handing over login credentials or downloading malicious software. That’s what happened at Twitter in July, where the company says hackers targeted employees on their phones. Spear-phishing attacks also often take place over email. Hackers usually send targets an ‘urgent’ message and include credible-sounding information specific to you, like something that could have come from your own tax return, social media account or credit card bill. These scams aim to override any red flags you might notice about the email with details that make the sender sound legitimate.”

CNET: Democrats are warned that hackers are after their Facebook accounts, report says

CNET: Democrats are warned that hackers are after their Facebook accounts, report says. “An alert from the committee’s security team, reported by CNN, said emails designed to look as if they’re from Facebook tell users that their pages have been deactivated because of a term violation. The email then directs those users to a fake Facebook website, where they’re told to provide personal information to appeal the deactivation.”

BuzzFeed News: A Security Breach Exposed More Than One Million DNA Profiles On A Major Genealogy Database

BuzzFeed News: A Security Breach Exposed More Than One Million DNA Profiles On A Major Genealogy Database. “First GEDmatch, the DNA database that helped identify the Golden State Killer, was hacked. Then email addresses from its users were used in a phishing attack on another leading genealogy site.”

Tom’s Guide: Don’t fall for this Google Chrome email update scam

Tom’s Guide: Don’t fall for this Google Chrome email update scam. “The latest wave of attacks involved 18,000 malicious emails sent in June and July to recipients in Canada, France, Germany, Italy, the U.K. and the U.S. The emails prompt the recipient to visit a website of interest to persons in that chosen field. The site is legitimate, but it has been corrupted by an injection of the malicious JavaScript-based framework known as SocGholish, or TA569.”

Bleeping Computer: Persuasive Office 365 phishing uses fake Zoom suspension alerts

Bleeping Computer: Persuasive Office 365 phishing uses fake Zoom suspension alerts. “Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins.”

PR Newswire: Cofense Launches Free Resource Center and Searchable Database Highlighting the Latest Phishing Attacks that Bypass Email Security Technologies (PRESS RELEASE)

PR Newswire: Cofense Launches Free Resource Center and Searchable Database Highlighting the Latest Phishing Attacks that Bypass Email Security Technologies . “Cofense®, the global leader in intelligent phishing defense solutions, today launched a comprehensive resource center and easy-to-use Real Phishing Threats searchable database to help organizations see the phishing threats that slip past their secure email gateways (SEG).”

The Asian Age: Google detects coronavirus-themed phishing attacks by firms in India posing as WHO, banks

The Asian Age: Google detects coronavirus-themed phishing attacks by firms in India posing as WHO, banks. “Hack-for-hire firms, many of them based in India, are creating accounts spoofing the World Health Organisation (WHO) and targeting business leaders in financial services, consulting, and healthcare corporations in the US, the UK and Bahrain among other countries amid the COVID-19 pandemic, according to a report by Google.”

The Register: To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

The Register: To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it. “Code hosting biz GitLab recently concluded a security exercise to test the susceptibility of its all-remote workforce to phishing – and a fifth of the participants submitted their credentials to the fake login page.”

BetaNews: COVID-19 scam sites pass quarter of a million

BetaNews: COVID-19 scam sites pass quarter of a million. “The first quarter of this year has seen a massive growth in phishing and counterfeit pages, with around a third of them related to COVID-19. A new report from fraud prevention company Bolster shows that it detected 854,441 confirmed phishing and counterfeit pages and four million suspicious pages, with more than a quarter of a million devoted to COVID-19.”

The Verge: Hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing scams

The Verge: Hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing scams. “Hackers have registered domains posing as Zoom, Microsoft Teams, and Google Meet-related URLs, according to a new report from Check Point Research. As significantly more people are using these videoconferencing services during the COVID-19 pandemic, the domains could be used to pose as official links, potentially tricking people into downloading malware or accidentally giving a bad actor access to personal information.”

Neowin: Google is blocking 18 million coronavirus-related scam emails on a daily basis

Neowin: Google is blocking 18 million coronavirus-related scam emails on a daily basis. “Amidst the coronavirus crisis, there has been a lot of misinformation going around, including fake virus cures, deceptive ads, and attempts to link the virus to 5G networks. In that vein, Google has detected a spike in phishing attacks in which criminals attempt to deceive users into revealing personal information. “