Latest news with #AbhishekKarnik
The Sun
12-05-2025
- Business
- The Sun
All PayPal users warned their banks risk being emptied instantly as experts reveal costly ‘one-click' account mistake
Sean Keach, Head of Technology and Science Published: Invalid Date, ANYONE with a PayPal account needs to watch out for a dastardly email that could empty your bank account in seconds. Security professionals have warned about a "dramatic spike" in the costly criminal scheme. Experts say scammers have "evolved their tactics", warning over a series of devastatingly effective scam emails that could turn up in your email inbox. These messages are highly convincing, look just like official PayPal messages, and raid your profile in just "one click". Security giant McAfee says it has tracked a "dramatic seven-fold increase" in this type of scam since January. And PayPal has become a "prime target for cybercriminals looking to steal personal information and money", McAfee's Abhishek Karnik explained. One of the main email types is headlined with "Action Required". This demands that you update your profile details urgently – usually within 48 hours – or your account risks being banned. It'll warn that PayPal has previously tried to contact you, and says you'll be locked out of your account if you don't reply. McAfee says that this particular scam campaign is focusing on email – rather than text or social media. Another kind of "real-world" scam that McAfee has seen is a promise of a reward. One email says you can bag a cash gift for completing a short survey. Deepfakes more 'sophisticated' and dangerous than ever as AI expert warns of six upgrades that let them trick your eyes In both cases, you click through – and then you're at the mercy of the crooks. There's no account problem or cash reward. Instead, you end up handing your log-in details to crooks when you sign in or fill in details. That can give criminals blanket access to your PayPal account, allowing them to steal your info and even funds. The security experts warned that there are four other types of PayPal scam email that might turn up, all with similarly costly outcomes. They include: Fake PayPayl gift card offers Phoney invoices for purchases Customer support scams (including billing issues) Fake payment requests or confirmations Thankfully it's easy to stay safe by following some simple rules. "Never click links in emails or texts claiming to be from PayPal," Karnik explained. TURN TWO-STEP VERIFICATION ON FOR PAYPAL Here's how to enable this important security feature... "PayPal's 2-step verification (two-factor authentication) gives you an extra layer of security when accessing your account," PayPal explains. "This process can only be done through your web browser and not through the PayPal App. "You can set up 2-step verification using an authenticator app (like Google authenticator and Microsoft authenticator)." Log in to PayPal, then choose the Settings option. Now go to Security > Set Up (next to 2-step Verification). Choose how to get a code – for instance, via an authenticator app. Then click Set It Up and follow the instructions. Picture Credit: PayPal 4 "Instead, open a new browser window and log in directly at or use the official PayPal app to check for notifications. "If you need to contact PayPal support, use only the official contact methods listed on their website." Karnik also added: "Legitimate companies don't typically threaten immediate account closure or demand urgent action within short timeframes like 28 hours." McAfee recommended that all PayPal users turn on two-factor authentication, meaning you'll need a code to log in to your account in addition to a password.
Forbes
04-05-2025
- Forbes
New PayPal Warning As Attacks Spike By 600% — Take Action Now
PayPal scams rise by 600% since the start of 2025. No doubt, you will have read the recent news articles about hackers trying to steal your Gmail account password, or maybe the spray and pray campaign targeting your Windows account, because cybercriminals follow the money. Both the Gmail and Windows user bases, which are often one and the same thing, provide the opportunity to compromise huge numbers of passwords and gain access to the data that sits behind them. What's more, those accounts can also be used to leverage social engineering attacks. And that, dear reader, is where the phishing and money parts of the story intersect: it has been reported that PayPal attacks have risen by 600% since January. Here's what you need to know and why you must take action now. Let's get two things out of the way before digging deeper into the recent spike in PayPal-related attacks. Firstly, PayPal hacks and scams are nothing new. From the use of legitimate PayPal emails in one nasty threat campaign that I wrote about in February, to the dangerous PayPal invoice that could bypass security protections in May. And, secondly, PayPal actually does take your security very seriously indeed. So, in relation to that last attack, for example, PayPal told me it is constantly evolving its fraud detection tools, including adding fraud reminder notices with advice for customers on all global invoice requests and peer-to-peer money requests. But, and it's a big one, that doesn't mean that the PayPal attack landscape isn't expanding or can be ignored. Far from it, in fact. A McAfee security report by Abhishek Karnik, McAfee's director for threat research and response, has confirmed a massive 600% spike in fraudulent PayPal-related scam emails since January. 'The recent surge has been traced to a single, highly effective campaign where attackers send official-looking emails with 'Action required' warnings,' Karnik warned, 'demanding users update their account details within 48 hours or face account suspension.' I have approached PayPal for a statement, but in the meantime, users are advised to take the following mitigation steps to prevent becoming a victim of this or other PayPal phishing scams: Do not pay any unexpected or suspicious invoices or payment requests. Do not respond to any of the above requests. Enable two-factor authentication for your PayPal account. Report any phishing emails to the PayPal security team by forwarding them to phishing@ and then deleting them.
Forbes
11-04-2025
- Business
- Forbes
How To Spot And Avoid AI-Powered Tax Scams
Scammers are using AI to impersonate the IRS—learn how to spot the fakes and protect your identity ... More before it's too late. Tax scams are nothing new, but in 2025, they're no longer the domain of clumsy phishing emails or suspicious phone calls with thick accents. Today's tax fraud campaigns are fueled by generative AI, deepfake audio, and smart social engineering that make scams nearly indistinguishable from legitimate IRS communications. The game has changed—and the stakes are higher than ever. As the April 15 filing deadline approaches, cybersecurity experts are seeing a spike in sophisticated tax-themed phishing campaigns designed to exploit anxiety and urgency. According to Abhishek Karnik, head of threat research at McAfee, 'Generative AI gives scammers the tools to create more realistic emails, texts, and even voice-based messages.' A recent McAfee survey found that nearly half of Americans (48%) have received fake IRS messages, and over half (55%) believe these scams are more convincing than ever before. Generative AI is now doing the heavy lifting for cybercriminals. As Truman Kain, a security researcher at Huntress, explained, 'Attackers can now clone the look and feel of an official IRS message with almost perfect accuracy.' Gone are the days of spelling errors and awkward phrasing. Today, an attacker can feed a prompt to an AI model and generate a convincing phishing email or even a voicemail in seconds—complete with personalized details. AI-generated voice messages are especially dangerous. Using deepfake audio, scammers can now sound like IRS agents or tax preparers, delivering threats or refund offers with chilling realism. Kain warns, 'Just because it looks like the IRS is calling doesn't mean that it is.' Phone numbers can be spoofed, and attackers are banking on the fact that victims won't pause to verify. Beyond email and voice, scammers are using increasingly deceptive methods to deliver malware and steal credentials. Chris Simpson, director of the National University Center for Cybersecurity, notes that malicious actors are now leveraging QR codes, URL shorteners, and infected PDFs to distribute malware strains like GuLoader, Latrodectus, and AHKBot. QR codes, in particular, are on the rise. 'They're harder to vet than regular links,' says Kain. 'You can't hover over them to see where they lead, and they move the interaction to your phone, where people are less cautious.' Similarly, PDFs may appear harmless, but are often loaded with phishing links that redirect to fake IRS portals or credential-harvesting pages. What makes these attacks so effective isn't just the tech—it's the manipulation. Scammers exploit fear, urgency, and authority to push victims into fast decisions. According to Karnik, one of the biggest red flags is urgency: 'If a message asks for personal information or payment right away, it's a red flag.' Simpson agrees, adding that the IRS will never request payment via gift cards, wire transfers, or cryptocurrency. Legitimate IRS communication almost always comes by physical mail, not email or social media. So what can individuals do to protect themselves? Start by layering defenses: And above all, never click on links or scan QR codes in unsolicited emails or texts. 'Go directly to the source,' advises Karnik. 'If you're unsure, type in the official URL yourself. Don't trust the message.' While tax season is peak time for these scams, the risks don't end when April passes. Stolen personal information is resold on dark web markets and reused for unemployment fraud, synthetic identity creation and other financial crimes throughout the year. 'Staying safe online all year long doesn't have to be complicated,' Karnik notes. Regularly checking financial accounts, setting up account alerts, and reviewing credit reports are simple steps that go a long way. AI has transformed the cybercrime landscape, arming scammers with tools that were once the domain of Hollywood. As these threats evolve, so too must our defenses. Cybersecurity is no longer optional—it's personal self-defense. With layered protections, skepticism and a commitment to verifying before trusting, individuals can stay one step ahead of the scam artists who want to turn their tax season into a payday.
