The continuous press review of online scams: new alerts, data and patterns updated every day from official sources (FBI, Europol, NCSC, Postal Police, FTC...). The same sources used by banks, insurers and law enforcement.
Mule betting (or third-party betting account) scams recruit ordinary people into opening gambling accounts in their own name. Criminals then use those accounts to place bets,...
Cybercriminals are abusing GitHub to distribute malware by uploading repositories that impersonate well-known brands like Malwarebytes, LastPass, and AppleCare+. These pages often...
A Kaspersky investigation uncovered a large-scale campaign distributing malicious installers that masquerade as popular free software such as OBS Studio, DNS Jumper, DS4Windows,...
U.S. prosecutors have charged two suspects with laundering over $43 million stolen through online investment fraud scams, also known as pig butchering. Between 2020 and 2022, the...
CrashStealer is a new macOS infostealer that impersonates Apple's CrashReporter component, uses a notarized installer to slip past Gatekeeper, and tricks users into typing their...
The FBI is warning that cyber criminals are increasingly weaponizing Traffic Distribution Systems (TDS) to silently steer everyday internet users from legitimate-looking ads,...
Criminals are using unsolicited FaceTime calls to impersonate Apple Support, banks, or financial institutions, pressuring victims into sharing card details, online banking...
Looking for health insurance? Some shady sellers disguise medical discount plans as full coverage, leaving you with huge bills after a hospital visit. These scams often pop up...
Military families searching for housing during a PCS move are prime targets for rental scammers who post fake listings with below-market rent and compelling photos. Scammers know...
Researchers at Arctic Wolf uncovered a campaign in which 292 fake GitHub repositories posed as well-known security products, cryptocurrency tools, developer utilities, and other...
Scammers increasingly use AI tools to create deceptively realistic images for phishing emails, fake shop websites, social media profiles, and fraudulent product listings. The NCSC...
Scammers build polished lookalike crypto-to-gift-card storefronts that mimic real platforms (dark theme, trust badges, "Pay with crypto" buttons) to steal your Bitcoin or...
Researchers at SANS Internet Storm Center have observed a new twist on credential-stealing phishing: HTML attachments padded with thousands of HTML comments to swell the file to...
On July 7 Meta launched Muse Image, an AI model that lets anyone type your Instagram handle into a prompt and generate synthetic images using your public likeness. Meta will not...
Law enforcement and Google recently disrupted the NetNut residential proxy botnet, which was built on millions of hijacked consumer devices, including routers, smartphones, and...
A new phishing-as-a-service platform called Forg365 is helping scammers steal Microsoft 365 credentials using adversary-in-the-middle (AiTM) proxies and Microsoft device-code...
Crypto prediction and betting platforms are surging around major sporting events like the World Cup. Researchers found scammers launch fake ticketing sites, fixed-match betting...
Scammers are sending letters from fake law firms claiming you are the heir to a life insurance policy worth millions, just because you share a last name with the deceased. They...
A wave of voice-phishing (vishing) calls is targeting Microsoft 365 users across multiple sectors. The caller pretends to be internal IT or a security analyst and pressures the...
Attackers published malicious packages on the Node Package Manager (NPM) and the Python Package Index (PyPI) impersonating legitimate SDKs for Paysafe, Skrill, and Neteller...
The Postal Police is reporting a new smishing campaign impersonating Trenitalia: an SMS notifies the passenger that their train arrived late and that they are entitled to a travel...
The Postal Police reports a new phishing campaign targeting Italian users of the real estate portal idealista.it. Those searching for a home or renting a property receive...
A malicious Chrome Web Store extension called "Search for perplexity ai" impersonated the real Perplexity AI service while secretly routing every search query, autocomplete...
Scammers are using AI image generators to sell seeds for plants that do not exist, listing them on eBay, Amazon, and Etsy. Listings promote flowers that supposedly bloom in the...
Attackers are using a clever phishing trick that abuses Microsoft’s own legitimate login page (microsoft.com/devicelogin). Instead of sending you to a fake site, they trick you...
The holiday season is peak time for cybercriminals. Fake booking platforms, fraudulent ticket websites, and stolen smartphones can quickly turn a planned break into a major source...
Email accounts are a top target because they control password resets for nearly every other online service you use. With a single compromised inbox, attackers can intercept...
Scammers now use AI-generated images to fabricate emotional stories and trick people into sending money or sharing personal data. From fake lost-pet posts to fundraising appeals...
Attackers are impersonating recruiters from Netflix, Coca-Cola, FIFA and Adidas to lure marketing professionals into fake job interviews. Victims receive a scheduling or interview...
The false report scam is a pure social engineering attack targeting Reddit and Discord users. A stranger claims someone reported your account (or that they accidentally reported...
The FTC is warning that scammers are targeting service members with fraudulent "military debt forgiveness" programs. These fraudsters promise to eliminate or reduce your debt,...
A new phishing campaign is impersonating over 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, by sending fake job interview invitations designed to steal...
Meta now lets WhatsApp users pick a public username instead of sharing their phone number, but reusing the same handle you have on Facebook or Instagram makes it trivially easy...
Modern cybercrime no longer forces its way in. It quietly hijacks everyday habits: clicking CAPTCHAs, accepting cookie prompts, pressing keyboard shortcuts, or dragging a link...
ARToken / EvilTokens: device code phishing against Microsoft 365 Security researchers at Cisco Talos uncovered ARToken , a phishing-as-a-service platform linked to the EvilTokens...
Cybercriminals are weaponizing trusted platforms like X and Microsoft to steal accounts and infect devices. A sponsored ad from a verified X account lured Mac users to a fake...
A new phishing campaign is targeting MetaMask wallet users by tricking them into handing over their secret recovery (seed) phrase. The fraudulent email pressures victims by...
Cybercriminals are exploiting trust in video conferencing platforms by sending fake Zoom invitations that prompt victims to download a supposed "required update." In reality, the...
Scammers frequently target service members, veterans, and their families with schemes designed to steal money, benefits, and personal information. The FTC's Military Consumer...
A wave of unsolicited SMS messages impersonating an Amazon recruiter named "Sophia" (sometimes "Grace") promises $250–$500 per day for only 60–90 minutes of remote "product...
Check a suspicious case for free
The continuous press review of online scams: new alerts, data and patterns updated every day from official sources (FBI, Europol, NCSC, Postal Police, FTC...). The same sources used by banks, insurers and law enforcement.