Latest news with #Guardio
Forbes
15 hours ago
- Forbes
Delete Any Message On Your Smartphone If You See This Word
American smartphone users are under attack from billions of malicious text messages courtesy of organized criminal gangs in China. Whether unpaid tolls, undelivered packages or DMV motoring offenses, the theme is the same. An urgent threat with a payment link that directs to a fake website which steals your financial details. Proofpoint warns that 'there was a 2,534% increase' in such threats last year, and nothing has changed since. Guardio has just detected 'a new wave of DMV scam texts hitting the U.S. In just the past week, its team has spotted a 56.8% rise in DMV scam texts, with August 11 marking the peak so far.' While it's easy to avoid these malicious texts if you know to beware a particular lure. Unpaid tolls and DMV offenses have generated a tidal wave of publicity, and most Americans will have seen at least some of this by now. But these lures can be easily changed. The one thing that doesn't change, though, is the use of a malicious link. Sometimes that's enough to raise a red flag. While there are clever ruses, where attackers design URLs that use dashes to form a '[.TEXT]-COM' which might trick a cursory glance into thinking it's a genuine .COM address. But usually it's much easier to quickly detect the issue and determine the text is a malicious fake (1,2,3). In the most recent 'Ranking of TLDs by Phishing Domains,' from May through July this year, the top level domain (TLD) that stands out more than any other is .XIN. And URLs under that TLD are a driving force behind many of these attacks. It's not the most popular TLD, but it's the one that's almost guaranteed to be a scam. Every single time. Almost 22,000 of the near 50,000 .XIN top level domains are 'phishing domains.' That compares to just 35,000/1,350,000 for .VIP or 115,000/4,500,000 for .TOP, two other phishers' favorites. Nothing comes close to .XIN when it comes to its relative threat. That's why this TLD tops the phishing domain score with 4421 versus 16 for .COM. .XIN is a Chinese domain operated out of Hong Kong. The word means 'new' and claims to be aimed at Chinese tech innovators. Instead it's the most obviously and openly dangerous TLD in the world. If you see .XIN in any link in an email, social media post or especially a text, delete the message right away — certainly never click it. 'For many of us,' Proofpoint says, 'our smartphone contains the keys to both our personal and professional lives. Unsurprisingly, cybercriminals have recognized this is a two-for-one opportunity and increased their targeting of mobile devices. When it comes to attacking users across multiple devices, URL-based threats are the perfect tool.'
Fox News
6 days ago
- Fox News
CAPTCHAgeddon signals a dangerous shift
What looks like a simple "Are you human?" check is now one of the most dangerous tricks on the internet. Fake captchas have evolved into full-blown malware launchpads, thanks to a sneaky new method called ClickFix. It copies commands to your clipboard and tricks you into running them, without ever downloading a file. This shift in attack tactics is so big that researchers are calling it "CAPTCHAgeddon." It's not just a new scam. It's a viral malware delivery system that's more convincing, stealthy, and widespread than anything before it. Let's break down how this new wave of attacks works and what makes it so hard to stop. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Back in 2024, security experts warned about fake browser update pop-ups. Victims were told to download files that turned out to be malware. But those tricks are now outdated. Enter ClickFix. Instead of asking users to install something, ClickFix loads a fake CAPTCHA screen. It looks legit, just like Google reCAPTCHA or Cloudflare's bot checks. But when you click "verify," it secretly copies a malicious PowerShell or shell script to your clipboard. From there, you're just one paste away from installing malware that steals your accounts, passwords, and files. This new trick is more convincing than any old download prompt. And it's spreading like wildfire. Fake captchas didn't stay in sketchy ad pop-ups for long. Attackers realized they could hide these tricks in places people already trust: Each attack blends into the site or service it mimics. Some CAPTCHAS even display site logos, making the trick look like it came from the page itself. This isn't a spray-and-pray scheme anymore. It's targeted social engineering wrapped in sleek design. These aren't low-effort scams. Attackers constantly evolve their tactics to avoid detection. Here's what makes this malware so stealthy: Attackers also serve the payloads through trusted-looking domains and even legitimate-looking JavaScript libraries. Security researchers at Guardio didn't just look at one attack. They analyzed thousands. By clustering command structures, domains, and payload patterns, they identified multiple threat actors using similar tactics, each with a slightly different twist. Some groups use heavily obfuscated code. Others go for speed with clean, readable scripts. But all of them rely on the same core trick: fooling you into clicking something that seems harmless. These new ClickFix scams are stealthy, convincing, and hard to detect, but you can stay safe with the right habits and tools. Here's what to do immediately: Always run the latest version of your browser and operating system. Updates patch security holes that attackers exploit. Also, use a strong antivirus software and keep it updated. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at If a site asks you to paste a command into your terminal or browser console, stop. That's the main delivery method for ClickFix malware. Legitimate services will never ask you to do this. Phishing campaigns are hiding fake CAPTCHAs in legit-looking URLs on Reddit, GitHub, and even news sites. Always hover over links before clicking and double-check the domain, especially if prompted to "verify you're human." These attacks often target users whose emails or personal details are already circulating online. These services can reduce your digital footprint by requesting removal from data broker sites. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap - and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting a free scan to find out if your personal information is already out on the web: Modern browsers like Brave, Chrome, Firefox, Safari, and Opera offer real-time protection that blocks malicious websites, including fake CAPTCHA pages. Microsoft Edge also includes strong phishing defenses through its SmartScreen filter. Make sure features like Enhanced Safe Browsing or SmartScreen are turned on. These tools detect threats before you click, giving you a critical layer of defense. Password managers don't just store your logins; they can also alert you when a site looks suspicious. If your manager won't autofill a password on a CAPTCHA screen or login page, that's a red flag. It usually means the site isn't recognized as legitimate. This small moment of hesitation can help you avoid falling for a scam. Check out the best expert-reviewed password managers of 2025 at If you land on a shady CAPTCHA page, don't just close the tab; report it. Most browsers have a "Report a security issue" option, or you can use Google Safe Browsing ( Flagging malicious pages helps stop the scam from spreading and protects others from falling victim to the same trap. Most people don't know about these clipboard-based attacks. Share this article and talk about it. Raising awareness can stop the scam from spreading. CAPTCHAgeddon marks a turning point. Malware isn't just hiding in shady downloads anymore. It's hiding in plain sight, on familiar websites, in trusted apps, and inside the buttons you click every day. This trend replaces the fake browser update scam entirely. It's smarter, faster, and harder to detect. And unless we understand how it spreads, it will only grow. Security now means thinking twice about the everyday. Even a CAPTCHA. Have you ever encountered a suspicious CAPTCHA or a strange prompt online? What tipped you off, or did you almost fall for it? Let us know by writing to us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Forbes
05-08-2025
- Forbes
This ‘Real World Virus' Is ‘Widespread And Dangerous' And Will Attack Your PC
It's spreading like wildfire as 'one of the most widespread and dangerous browser-based threats today.' It will 'run malicious commands, steal login info, crypto wallets and more.' If you know what to look for, you will prevent it. If not, you won't. The security team at Guardio has delved into the horror show ClickFix has become, tracking its evolution as 'cybercriminals tweak it to target users in smarter, more convincing ways.' It is, the team says, spreading like a 'real world virus." This all started as a fake captcha lure, that preyed on our casual ambivalence when it comes to the array of 'prove you are human' or prove you're not a robot" challenges. This popup is more convincing and harder to detect than fake app updates, but it's just as powerful. Once you follow these malicious instructions, your PC can be hijacked. 'What began as a niche red-team trick posing as a harmless captcha challenge, rapidly mutated into one of today's most dominant attack methods," Guardio says. 'Removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure. The result — a wave of infections ranging from mass drive-by attacks to hyper-targeted spear-phishing lures.' All of which means 'multiple threat actors are adopting and evolving this new weapon, each shaping their own flavor of CAPTCHAgeddon.' There are multiple variants of these intrusive, malicious popups. What started as a human challenge has morphed into a fake technical issue or a secure website or document that requires a settings step to open. But the common denominator is the attack itself, which instructs you to copy and paste some text (a script) into a Windows command and then run this on your PC. What happens next can vary, but it's never good. You have in effect let the attackers inside. The messages themselves are also evolving, Guardio says. 'early prompts were generic ('Please verify you are human'), but they quickly became more persuasive, adding urgency or suspicion cues like: 'Your IP address seems suspicious. Please verify' or 'Unusual activity detected. Confirm your identity'.' And those prompts may be branded as well. For example., a ' support, warning property owners of account issues or urgent customer requests. The email linked to a Booking-branded login page, but instead of asking for credentials directly, it swiftly redirected to a Booking-themed fake captcha.' Guardio mapped recent attacks and noted the way in which ClickFix is spreading virally across the world. "The fake captcha isn't just another attack vector; it's a next-gen mutation. What began as the fake browser update trick has now been outcompeted and effectively replaced by a more contagious variant. By mimicking real user flows and eliminating the need for downloads or obviously malicious payloads, fake captchas became the stealthier, more successful strain, pushing the older tactic into extinction." You have been warned — any mutation of this copy and paste lure is an attack.
Forbes
27-07-2025
- Forbes
Amazon Warns Attacks Underway—Update Your Account Now
Don't leave it too late — update now. Amazon has confirmed its users are now under attack. Fraudulent emails that seem to come from Amazon actually open 'a fake Amazon login page.' This steals your username and password, enabling attackers to gain access to your account. Those emails, Amazon warns, claim 'Amazon Prime subscriptions will automatically renew at an unexpected price,' and have been personalized with stolen data 'to appear legitimate.' The warning was issued to more than 200 million customers. If that's not worrying enough, the security at team at Guardio has also just warned that a separate attack is also surging — up 5000% in just two weeks. This time its texts instead of emails, and fake refunds instead of fake price increases. But the result is the same — a fake login page stealing your credentials to access your account. Amazon says it has taken down '55,000 phishing websites and 12,000 phone numbers' in the last year, 'as part of impersonation schemes.' But still the attacks come. Amazon has now issued '6 practical tips to help you stay safe and avoid impersonation scams.' America's FTC warns 'scammers are pretending to be Amazon again. This time, they're sending texts claiming there's a problem with something you bought.' But there is no refund. 'Instead, it's a phishing scam to steal your money or personal information.' Amazon is keen to stress that it invests heavily to prevent users falling victim to these attacks. Its responsiveness to these latest attacks is impressive. But the reality is that the only way for account holders to stay safe is to update the security on their accounts. You should do two things to secure your account and you should do both today. First, ensure you have 'two-step verification (2SV)' enabled from within the 'Login & Security' settings, which you can find when you click on 'Accounts & Lists.' The default option is to use your primary mobile number to send one-time passcodes by SMS. This is the worst form of 2SV. Instead you should use an authenticator app from a major provider — Apple's Passwords or Google's Authenticator for example. If you already have SMS 2SV enabled, 'you'll need to clear your two-step verification settings' to use an app instead. 'To do so, tap or click disable, then tick the box next to 'Also clear my two-step verification settings' on the window that appears. Lastly, re-enable two-step verification using your authenticator app as your preferred method.' With that done, your account is much safer. But there's still a chance an attacker can trick you into sharing a one-time passcode through a fraudulent sign-in page. So you should also add a passkey to your account and use that as your default. Passkeys are 'phishing resistant.' They link your Amazon sign-in to your physical device's security — for example, the biometrics or PIN on your phone. There is no 2SV code to steal or bypass or trick a user into sharing. You can find instructions on adding an Amazon passkey here. If you make these changes, it's not possible for an attacker to steal your username and password and gain access to your account. At a minimum they would need you to open your authenticator app and share the code. They will not know you're using an app. Passkeys are still better. And if you make a rule to never use anything but your passkey on one of your trusted devices, you cannot be compromised. Change those settings today, given that attacks are underway. Don't leave it too late.
Forbes
23-07-2025
- Forbes
If You See This Message, Your Amazon Account Is Under Attack
Attacks suddenly surge 5000%. A new warning has just been issued for millions of Amazon users, as a new wave of attacks on accounts has suddenly surged 5000%. This will come at you by text message, which is nothing new. Between undelivered packages, unpaid tolls and motoring fines, the scale of text attacks sweeping the U.S. and Europe is 'out of control.' The team at Guardio tells me that these new 'Amazon refund scam texts' have surged 'more than 50 times in the past two weeks.' Even in the world of text message attacks, that's some increase. 'These texts began appearing shortly after Prime Day, which started two weeks ago on July 8,' and spawned plenty of other attacks as well. The texts are nothing to do with Amazon, and the attackers do not even know you have an account. They're just playing a numbers game and most of you do. 'The link in the message leads to a fake Amazon site designed to steal your account details and hack it.' Amazon warns that 'scammers may send text messages claiming to be Amazon,' and that account holders should be 'mindful' if they 'receive a text message for orders or deliveries that you are not expecting.' It's the same for refunds. Fake Amazon texts and login But again this is a numbers game. The attackers assume you will have made a recent purchase on Amazon and who doesn't want an unexpected refund? The link is a short-code to beat Amazon's other warning to watch for misspelled URLs. If you receive this text, and many millions of you will. delete it immediately per the advice from the FBI and state and local police forces. If you have any doubts, log into your Amazon account using your app or usual methods and check there. These text attacks are now an industry with billions of messages sent. Campaigns are being driven by organized criminal gangs, largely out of China and beyond the reach of U.S. law enforcement. The telecoms networks filter out plenty of texts, but attackers use farms of normal phones and SIMs to bypass normal checks. The hope is that there will be a technical solution at some point. Google's AI-driven scam detection is one such hope, as are new solutions from elsewhere. Trend Micro warns that '30% of consumers have been scammed online, nearly 40% didn't realize it until they'd already lost money and most didn't use any tech to verify the scam — relying on instinct alone.' Its new ScamCheck tech is another potential bandaid.
