Over the years, cybercriminals have found several ways to bamboozle users into submitting personal information so that they can harvest and use it to their own malicious acts.
Now, these fraudsters have adapted a new form of trickery – pushing fake data breach notifications for big company names to distribute malware and scams.
As reported, these crooks are upping their game when it comes to stealing data and damaging the users’ computer systems. They’re mixing black-hat SEO, Google Sites, and spam pages to direct them to dangerous locations.
When the process is finalized, the victims land on pages/websites with fake download offers, giveaways, and more as they follow the malicious links picked up by Google Alerts. Once they follow the link, they’ll encounter a text specifically created to promote a fake data breach or a “page not found” message.
What’s going on and what does the research done by Bleeping Computer show us about this data breach? Here’s what you need to know.
Fake Scamming Alerts – The Process
To kick it off, these scams are not spreading on their own. In fact, Google Alerts helps them as it monitors the search results for user-defined keywords.
The scammer creates a page or uses an already-compromised website to combine “data breach” with well-known brands.
According to Bleeping Computer, these popular brands include the likes of Chegg, Canva, EA, Dropbox, Hulu, Shein, Ceridian, PayPal, Target, Hautelook, Mojang, InterContinental Hotel Group and Houzz.
Imagine if the targets are Hulu users? More than 32.2 million subscribers in the United States would be at risk.
Now, alongside the websites mentioned above, it’s also believed that the scammers are sending malicious links to people with an iPhone 11 device for a fake giveaway.
In this scam, the link claims to be set up by Google as part of a “Membership Rewards Program.” The link also claims that the reward the user gets is sent exclusively to Verizon Fios users.” Well, it’s not true, but it’s the way it is to make it believable.
In the end, the target has to fill out a survey. Once the information is submitted, the scammer will gain full control of their money.
In case you want a closer look at how fake Breach Alerts would look like, here’s an image provided by Bleeping Computer:
One final scamming method is through the use of Fake Adobe Flash update notifications. In fact, this method is very common and a lot have fallen victim to the scam.
The fake update alert usually pops up on Chrome and Mozilla Firefox, notifying users that they won’t be able to access their content before updating the software.
The only way to avoid this scam is to never click on these unknown links, to begin with. Most online users just click on whatever pops up on their screens or agree to any terms their presented with without taking the time to read it.
That’s not how it should be. In fact, when it comes to the scam at hand, Consumers who use Google Alerts should go directly to the source (the purported breached entity). Don’t take the short way just to spare yourself some time and clicks.
Take the long road and prevent a huge data breach in your systems. Your sensitive is too valuable, which is why scammers are targeting it.
Scams have been around for a long time now, and millions have been affected ever since. The best way to avoid them is to educate yourself and learn all about the security practices you can perform.
There are a lot of websites such as The VPN Guru that help users out and provide easy-to-read guides on how to maintain one’s privacy. Give them a read, and protect yourself while browsing the web.