Meta And PayPal Users Warned Of Instant Account Takeover Attack
Beware this instant account takeover attack.
Oh boy, here we go again: another hacking campaign that security experts say is surging, and this one can see your Meta or PayPal account compromised in real-time and almost instantly. While attacks against the Meta family, such as the newly reported automated checker threat to Instagram users, or the 48-hour security alert targeting PayPal accounts, are not uncommon, this latest one is particularly alarming given the delivery method and the speed at which it can strike. The campaign combines everything from polymorphic identifiers, advanced man‑in‑the‑middle proxy mechanisms and two-factor authentication bypass techniques into one razor-sharp threat. A threat that can harvest your password and 2FA codes, compromising your account in a heartbeat. Here's what you need to know.
I have been given an advanced look at a new report to be published by KnowBe4 on May 23 and permission to warn my readers ahead of that date, as the threat is really rather alarming. If you will excuse the Joker reference, why so serious? The dangerous attack is, I am reliably informed, surging for one. For a second, it's being described as one of the most sophisticated Meta-themed phishing campaigns ever, courtesy of its ability to take over an account almost instantly. Thirdly, the emails that are being deployed in this campaign are sent using a legitimate Google-owned domain. And fourthly, in just a single day, KnowBe4 has confirmed that 11% of all the global email threats it neutralised were sent from this domain, and 98% of them impersonated Meta, the remainder impersonated PayPal.
The KnowBe4 Threat Labs report will be worth a read in full on Friday, but here's my advance TL;DR version. The phishing threat is exploiting Google's AppSheet platform, its workflow automation processes enabling the attackers to not only operate at scale, but use a trusted and legitimate domain, noreply@appsheet.com, so as to bypass protections relying upon strict domain authentication and reputation checks. Although the vast majority of the campaign emails were impersonating Meta, a small percentage also targeted PayPal users. It should come as absolutely no surprise that urgent warnings about account security are employed by the attackers, leveraging fear of compromise to, oh, the horrible irony, enable account compromise.
The aim is to get the reader to click a malicious 'submit an appeal' link. If they do, then they are redirected to the guts of the hacking campaign, where passwords and 2FA codes can be stolen. A double-prompt is also used, with the fake site falsely claiming the first attempt was incorrect. KnowBe4 said that this is to encourage accurate entry of credentials, introduce confusion to impact critical thinking and allow the attacker to compare both inputs for added validity.
I have reached out to Google, Meta and PayPal for a statement.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Judge wrestles with far-reaching remedy proposals in US antitrust case against Google
WASHINGTON (AP) — The fate and fortunes of one of the world's most powerful tech companies now sit in the hands of a U.S. judge wrestling with whether to impose far-reaching changes upon Google in the wake of its dominant search engine being declared an illegal monopoly. U.S. District Judge Amit Mehta heard closing arguments Friday from Justice Department lawyers who argued that a radical shake-up is needed to promote a free and fair market. Their proposed remedies include a ban on Google paying to lock its search engine in as the default on smart devices and an order requiring the company to sell its Chrome browser. Google's legal team argued that only minor concessions are needed and urged Mehta not to unduly punish the company with a harsh ruling that could squelch future innovations. Google also argued that upheaval triggered by advances in artificial intelligence already is reshaping the search landscape, as conversational search options are rolling out from AI startups that are hoping to use the Department of Justice's four-and-half-year-old case to gain the upper hand in the next technological frontier. It was an argument that Mehta appeared to give serious consideration as he marveled at the speed at which the AI industry was growing. He also indicated he was still undecided on how much AI's potential to shake up the search market should be incorporated in his forthcoming ruling. 'This is what I've been struggling with,' Mehta said. Mehta spoke frequently at Friday's hearing, often asking probing and pointed questions to lawyers for both sides, while hinting that he was seeking a middle ground between the two camps' proposed remedies. 'We're not looking to kneecap Google,' the judge said, adding that the goal was to 'kickstart' competitors' ability to challenge the search giant's dominance. Mehta will spend much of the summer mulling a decision that he plans to issue before Labor Day. Google has already vowed to appeal the ruling that branded its search engine as a monopoly, a step it can't take until the judge orders a remedy. Google's attorney John Schmidtlein asked Mehta to put a 60-day delay on implementing any proposed changes, which Justice prosecutor David Dahlquist immediately objected to. 'We believe the market's waited long enough,' Dahlquist said. While both sides of this showdown agree that AI is an inflection point for the industry's future, they have disparate views on how the shift will affect Google. The Justice Department contends that AI technology by itself won't rein in Google's power, arguing additional legal restraints must be slapped on a search engine that's the main reason its parent company, Alphabet Inc., is valued at $2 trillion. Google has already been deploying AI to transform its search engine i nto an answer engine, an effort that has so far helped maintain its perch as the internet's main gateway despite inroads being made by alternatives from the likes of OpenAI and Perplexity. The Justice Department contends a divestiture of the Chrome browser that Google CEO Sundar Pichai helped build nearly 20 years ago would be among the most effective countermeasures against Google continuing to amass massive volumes of browser traffic and personal data that could be leveraged to retain its dominance in the AI era. Executives from both OpenAi and Perplexity testified last month that they would be eager bidders for the Chrome browser if Mehta orders its sale. The debate over Google's fate also has pulled in opinions from Apple, mobile app developers, legal scholars and startups. Apple, which collects more than $20 billion annually to make Google the default search engine on the iPhone and its other devices, filed briefs arguing against the Justice Department's proposed 10-year ban on such lucrative lock-in agreements. Apple told the judge that prohibiting the contracts would deprive the company of money that it funnels into its own research, and that the ban might even make Google even more powerful because the company would be able to hold onto its money while consumers would end up choosing its search engine anyway. The Cupertino, California, company also told the judge a ban wouldn't compel it to build its own search engine to compete against Google. In other filings, a group of legal scholars said the Justice Department's proposed divestiture of Chrome would be an improper penalty that would inject unwarranted government interference in a company's business. Meanwhile, former Federal Trade Commission officials James Cooper and Andrew Stivers warned that another proposal that would require Google to share its data with rival search engines 'does not account for the expectations users have developed over time regarding the privacy, security, and stewardship' of their personal information. Mehta said Friday that compared to some of the Justice Department's other proposals, there was 'less speculation' about what might happen in the broader market if Google were forced to divest of Chrome. Schmidtlein said that was untrue, and such a ruling would be a wild overreach. 'I think that would be inequitable in the extreme,' he said. Dahlquist mocked some of the arguments against divesting Chrome. 'Google thinks it's the only one who can invest things,' he said.
Forbes
an hour ago
- Forbes
Ride Review: Honda Grom 125 Minimoto With A Belt Drive Upgrade
The Honda Grom is the little motorbike that can... get you anywhere in a city and quickly. It's a ... More real-deal motorcycle with a clutch and gears, but fun-sized and affordable. In 2014, Honda debuted an oddly named, somewhat unusual but instantly popular new motorcycle: a half-sized street bike called the Honda Grom 125. What's a 'grom?' It's slang for a young or newbie action sports participant, which is probably a good description for many Honda Grom owners. Back in the day, we called Honda's half-pint motorcycles 'minibikes,' but those were 50cc buzzers more at home in the dirt than on the street, even though they were street legal. The Grom somehow has adult-sized ergonomics, and Honda sells these affordable urban fun machines - now called 'minimotos' - by the shipload for $3,599 each. To be clear, Groms are not scooters or mopeds and require clutch and shifter skills to operate a five-speed gearbox. They are actual motorcycles and require an endorsement on the rider's license in most U.S. states. The Grom has some style points with its gold forks, angular bodywork and exposed mechanicals. Too small and slow to ride on freeways but absolutely aces in town, the Grom (and a growing roster of other 125cc retro-terrific siblings from Honda and others) have become a gateway to motorcycle fun for thousands of first-time riders and returning veterans alike. Urban Grom riding groups are popular, and customizing Groms is an industry unto itself, as evidenced by the numerous custom Groms on display at the most recent edition of the popular One Motorcycle Show in Portland. While enjoying the One Moto Show in my hometown, I connected with some folks from Gates Corporation, specialists in carbon belt drives, and rode a Grom customized with a Gates belt drive conversion kit, which is still in development but nearing production. For comparison, I rode both a stock chain-driven Grom and the belt drive conversion bike seen in these photos. This Grom is converted to belt drive from chain, but it's hard to spot the change and that's ... More intended. All motorcycles use one of three different final drive systems to transfer engine power to the rear wheel: chains, shafts, or belts. Chain drive systems remain the most common because of their reliability and high strength. However, chains require near-constant maintenance, including regular lubrication and adjustments to tension and sag. In contrast, shaft drive systems need less maintenance but present issues with drivetrain behavior, which typically restricts them to cruisers and adventure machines, such as BMW's popular GS models. Electric motorcycle manufacturer Zero exclusively uses Gates belts, while Harley-Davidson transitioned from chain drive to Gates belt drives in the mid-1980s. BMW utilizes shaft drive on nearly every bike it produces. Italian brands like Ducati and Aprilia, along with all Japanese manufacturers, primarily employ chain drives on most bikes, especially high-performance models; some cruiser models feature shaft drive. Currently, none use belt drive on any models. More recently, many e-bike makers are offering models with belt drive to reduce maintenance needs, weight, and simplify drive systems. A Gates carbon belt is a complex product with multiple layers of materials designed for long life ... More and quiet operation. Ironically, early 20th-century motorcycles all used belt drive systems—except that back then, the belts were made of leather and tended to break, which led to the eventual widespread use of chain and shaft final drives. Modern belt drive systems, such as those from Gates, are made of a complex mixture of materials (above) that provide a service life far longer than a chain, operate in near silence, and require little to no maintenance, apart from periodic tension adjustments. A close-up view of the Grom's belt drive. New Gates belts are skinnier and work with smaller ... More sprockets. With a motorcycle like the Grom, which Honda designed for a life of minimal maintenance and heavy use, it seems a belt drive system would be an excellent fit, both literally (above) and figuratively. With a 50,000-mile service life and infrequent adjustment needs, you'd think Honda would be eager to eliminate 'chain maintenance' from the Grom's already short upkeep list and implement a belt drive. But so far, no luck. The upcoming Gates refit kit should bring those benefits to bear for Grom owners. On city streets, the Grom has no problem keeping up with traffic, but you do feel... a bit small and ... More exposed. Best to ride in packs. That all said, is there a difference in the riding experience between a chain and the Gates belt conversion on a Honda Grom? We took to the streets of Portland's hilly West Side to find out. Full disclosure: This was my first time at the controls of a Grom. I'm not sure how Honda made a motorcycle that looks like it could fit in the back of most hatchbacks actually fit a large human like me, but it does. The fuel-injected 125cc air-cooled motor is peppy and fun, and the Grom even includes a shift light for those low-speed stoplight races. Flat out in 5th gear, the Grom can just top 50 mph. Freeways are a no-no for the Grom and its 125cc friends, but on city streets, the light weight, small wheels and zippy motor are highly entertaining, and the Grom is easy to ride. It can change direction quickly, you put both feet flat on the ground at stops, clutch engagement is highly forgiving, and the Grom feels well-made and solid underway. I can see the appeal! I rode the chain-driven Grom first, and the experience was pretty much as expected, which is to say, normal regarding drivetrain feel and action. Switching to the Grom with the belt drive kit, the riding experience is… pretty much the same as with a chain, which is not a demerit. However, there are some small differences. Since the belt drive has more elasticity than a chain, transitions on and off the throttle have a bit more smoothness as the belt absorbs some of the transitional energy. Other than that, the experience is identical to a chain, which is the point, to a large degree. Clean, light and quiet, the Gates belt drive conversion kit should be a popular item for Grom ... More customizers. The real advantage of the Gates belt drive conversion over the stock chain drive lies in all the benefits mentioned earlier: lighter weight, a much longer service life, and minimal maintenance aside from a periodic tension adjustment (it should be checked annually). Forget about the need to remember to oil a chain, constantly check for chain sag, look for wear, and replace sprockets when changing the chain. Weight, time, and money are saved by opting for a belt (which includes a belt-specific sprocket replacement kit that retains stock gearing ratios). A Gates representative told me that new advances in belt construction allow for tighter rotation around sprockets, allowing for smaller, thinner, more 'normal' looking belt drive systems that previously required large, wide sprockets for proper tension and operation. Without those advancements, an install on a small bike like the Grom might not be possible. As noted, the Gates Grom belt drive conversion kit (and possibly additional kits for other motorcycles) is still being finalized for production specifications and pricing. If Honda were smart, they'd either offer it as a kit, a factory option, or simply make the Gates belt drive standard equipment on their popular minomotos. Because simpler is always better. Let's hear your feedback! Subscribing to enables you to leave comments and supports contributors like me. Subscribe and follow me for notifications on new articles. You can also connect with me on Facebook and LinkedIn. All of my content is human-generated.
Yahoo
an hour ago
- Yahoo
Weigel's names new CEO
This story was originally published on C-Store Dive. To receive daily news and insights, subscribe to our free daily C-Store Dive newsletter. Weigel's, which operates 85 convenience stores in Tennessee, has appointed Douglas Yawberry as CEO, the company announced on Friday. Weigel's CEO position had been vacant since former leader Ken McMullen passed away in 2021, although Yawberry has been 'running everything' since that time, a spokesperson said in an email. Yawberry has been Weigel's president and chief operating officer since 2017. He now assumes leadership of the company that has placed foodservice and tech-driven loyalty programs at the forefront of its business in recent years, highlighted by its food-focused store design, evolving menu, and customer and employee rewards platforms. Yawberry joined Weigel's as director of operations in 2008 and held the role for three years before becoming vice president of operations. During his time with the convenience retailer, Weigel's has nearly doubled its store count and, in 2023, opened its largest location to date. This 6,400-square-foot store model features open-production kitchens and the Weigel's Kitchen food program, offering items like fried chicken, pizza, salads, sub sandwiches, breakfast burritos and meat-filled biscuits. Prior to joining Weigel's, Yawberry was a vice president with Midwest retailer Huck's Convenience Stores for over a decade and then worked for oil company Valvoline for five years, according to his LinkedIn bio. He was also a market manager for KFC earlier in his career. Besides his duties with Weigel's, Yawberry serves on both the NACS and Ambest Travel Centers boards of directors. In 2024, he was named the NACS Fuel Innovator of the Year. Recommended Reading Weigel's rolls out $6 menu Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
