Latest news with #Malwarebytes
New York Post
14 hours ago
- Business
- New York Post
Amazon warns all 220 million Prime members of scammer attacks
Prime customers are being warned about phishers sending fake Amazon correspondence. In these Prime membership scams, scammers are impersonating Amazon to target users and steal personal information such as social security numbers, bank information or Amazon account details. In 2024, Amazon took down more than 55,000 phishing websites and 12,000 phone numbers that were used as part of impersonation schemes — and they've noticed an uptick. Scammers are impersonating Amazon to target users and steal personal information. tashatuvango – Amazon said in an email earlier this month that there had been an increase in reports about fake emails, and over two-thirds of scams claimed to be related to order or account issues. Reports often included calls, texts or emails from scammers claiming that the user made a purchase that they didn't actually make and asking for account information to 'verify' the order. 'Scammers who attempt to impersonate Amazon put consumers at risk,' Dharmesh Mehta, Amazon's vice president of Selling Partner Services, said in the notice. 'Although these scams take place outside our store, we will continue to invest in protecting consumers and educating the public on how to avoid scams.' Malwarebytes also issued a warning noting that scammers are sending fake emails claiming a user's Amazon Prime subscription will automatically renew at an unexpected price. Amazon said in an email earlier this month that there had been an increase in reports about scams. Gorodenkoff – These emails may include personal information they obtained from other sources to appear legitimate, and they might also include a 'cancel subscription' button that leads to a fake Amazon login page. If a user logs in using the fake page, the scammer will have their details and can use it to login to the actual Amazon site — as well as any other online account that has the same username and password. The fake login page might also ask for payment information and other sensitive information, which would ultimately go to the scammer. Amazon is also hoping to educate consumers on how to avoid scams. To start, Amazon adopted a secure email capability for users using Gmail, Yahoo! and other common email providers. These users will see the Amazon smile logo icon in their inbox. They also noted that it's important to verify purchases on Amazon, trust the app and website, know that they will never ask for payment over the phone or email, be wary of false urgency; they will never ask you to purchase a gift card, and if you're unsure, contact Amazon directly.
Daily Mirror
20 hours ago
- Daily Mirror
Everyone using Chrome must check their web browser and restart it immediately
Chrome users are being urged to check they have the latest update installed to keep their Chrome browser safe. If Chrome is your favoured browser then you should head to the settings, check which version you are running and restart this popular software without delay. This new advice has been issued after Google released an update which fixes a total of 6 vulnerabilities within its Chrome browser. If that wasn't bad enough, it's also been confirmed that one of the bugs has been given the dreaded zero-day rating. That basically means cyber crooks are already aware of the flaw and are actively exploiting it. Things have now been fixed but it's vital that make sure you are running the latest version - 138.0.7204.157/.158 for Windows, Mac and 138.0.7204.157 for Linux. "Google has released an update for its Chrome browser to patch six security vulnerabilities, including one zero-day," the security experts at Malwarebytes explained. "This update is crucial since it addresses one actively exploited vulnerability, which can be abused when the user visits a malicious website. It doesn't require any further user interaction, which means the user doesn't need to click on anything in order for their system to be compromised." To check your browser, simply click on Chrome in the menu bar and select About Chrome. If you see any updates that are pending your should restart the software without delay. This latest alert comes after users were also urged to update their browsers early this month due to another zero-day bug being found. These aren't the only concerns, as security experts also confirmed that millions of Chrome users had also been targeted by fake extensions that could leave them open to attack. Those affected have been urged to fully reset their Chrome software and clear all browsing data. Google says that it has since removed all the affected extensions, so no new users should be infected.
Tom's Guide
5 days ago
- Business
- Tom's Guide
200 million Amazon Prime customers targeted by scammers trying to steal their accounts — how to stay safe
Prime Day may be over but you're going to want to pay close attention to any emails claiming to come from Amazon as there has been a surge in scammers impersonating the company in recent weeks. According to a new blog post from Malwarebytes, the company sent out an alert to its 200 million customers warning them of an ongoing Prime membership scam. The timing of these phishing attacks makes a lot of sense too as customers would likely be concerned about losing access to their memberships ahead of one of the biggest sales events of the year. In its message, Amazon explained that scammers are contacting Prime members via email to alert them that their subscription will soon automatically renew. However, this renewal comes at a higher price which is the perfect way to lure unsuspecting users into opening and interacting with this fake email. Here's everything you need to know about this new online scam along with some tips and tricks on how you can keep your Amazon Prime and other accounts safe from scammers. These fake emails impersonating Amazon use the company's logo and style to appear more convincing. However, the scammers behind this campaign have also gone the extra mile by including personal information obtained from other sources to make them appear even more legitimate. Given that most people don't want to pay more for the same subscription without any clear benefits, potential victims that receive one of these fake emails may be inclined to cancel their Amazon Prime membership. Well, the scammers have thought of that too which is why they include a 'cancel subscription' button at the bottom of their messages. As you may have guessed, clicking on this button doesn't take you to Amazon's official site. Instead, it takes you to a fake Amazon login screen where you're prompted to enter your credentials. Doing so leaves the scammers behind this campaign with your username and password which they'll then use for all manner of malicious activities as well as committing fraud by buying things from Amazon. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Another real danger comes from password reuse though. If you've used the same password for your Amazon account with any of your other online accounts, the scammers will try to login and take over them as well. To make matters worse, that fake Amazon landing page may also request payment information and other personal info. If you enter any of it here, just like with your Amazon password, it will end up in the hands of scammers to be used in other attacks. Given the sheer amount of spam and phishing emails that are sent out each day, you always need to be extra careful when checking your inbox as one wrong click or reply could have serious looking at a suspicious email, there are few things you should check first. For starters, you always want to look at the sender's email address. If the email address doesn't look like one of these below, then you can be fairly certain you're dealing with a scammer: As for changes to your Prime account and auto-renewal notices, Amazon doesn't typically send these types of messages via email. Instead, they'll appear on the company's website or in its app. Some other things to look out for in scam emails are a sense of urgency and the inclusion of personal details like in the scam described above. Hackers and scammers will often use urgent language to get you to act quickly and by including other personal details, they can make their fake emails more believable. In order to keep your Amazon account safe from scammers and other cybercriminals, you want to make sure that you're using a strong and complex password. If you have trouble coming up with one on your own or just want a place to securely store all of your passwords, then you should look into the best password managers. Keep in mind though, all of your online accounts should have their own unique password too. If you come across a suspicious email, you absolutely want to avoid clicking on any links it may contain or downloading any attachments since fake emails can take you to malicious sites spreading malware. For this reason, you want to ensure that you're using the best antivirus software on your Windows PC or the best Mac antivirus software on your Apple computer. As one of the biggest online retailers in the world, Amazon is one of the most impersonated companies out there. However, by keeping a level head and carefully scrutinizing any emails claiming to come from the company, you can avoid falling victim to this and other online scams. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Forbes
7 days ago
- Business
- Forbes
Amazon Warns 220 Million Customers Of Prime Account Attacks
Beware this Prime account attack, Amazon warns customers. I know better than most that Amazon Prime subscribers are under attack: I have been on the sharp end of multiple phone calls and email-based threats in the last four weeks alone. I have the advantage of being a cybersecurity insider, and so you would expect me to be aware of such threats and deal with them accordingly. Not everyone is so well informed, however, which is why Amazon has warned all 220 million Prime customers as attackers strike. Here's what you need to know and do. Amazon Warns Hundreds Of Millions Of Customers As Attackers Strike Pieter Arntz, a malware intelligence researcher at Malwarebytes, has issued a timely July 16 reminder that 'scammers are impersonating Amazon in a Prime membership scam.' I say timely, quite besides regular reminders of such attack threats being most welcome, because I have experienced not one, but two of these this week. Both were telephone calls, which I only answered as I was expecting to hear from the hospital and was in bed, ill at the time. The cause of Arntz's reminder, and the underlying Amazon warning to all 220 million Prime customers, however, was a spike in email attacks claiming that subscription rates are about to rise, along with a cancel subscription button that would lead to Prime account credential theft. The phone calls I took, by the way, were similar in outcome but differed in that they wanted me to believe someone had purchased an iPhone 13, of all things, using my account. The warning emails from Amazon, which I received on July 4 and wrote about at Forbes on the very same day, started with a stark alert that Amazon has become aware of 'an increase in customers reporting fake emails about Amazon Prime membership subscription.' These emails are particularly dangerous because, as Amazon said, they 'might include personal information in the emails, obtained from other sources, in an attempt to appear legitimate.' This came on top of earlier warnings from security researchers that more than 120,000 fake Amazon domains and web pages had been set up in the weeks and months before Prime Day, one assumes to be used to help in such attacks. How To Mitigate Prime Attacks, According To Amazon The attack warning email from Amazon included a number of mitigation recommendations, including: You can find further advice from Amazon online regarding how it protects customers from scams, along with the best ways to report an attack.
Daily Mirror
16-07-2025
- Daily Mirror
Everyone using Chrome placed on red alert and told to clear browsing data immediately
Anyone who uses Chrome to surf the web must be on high alert and check they haven't downloaded and rogue browser extensions. There's a worrying alert for those using Google's popular Chrome web browser, and it's not something anyone should ignore. It appears that a number of extensions have been released that come laced with malware, and it could give hackers the ability to spy on daily browsing sessions. That means online crooks might be able to see exactly what Chrome users are looking at online, along with stealing highly personal data. The rogue extensions were first spotted by the team at Koi Security, and they use a clever tactic to avoid detection. When first released and downloaded, they appear completely clean of any viruses. However, once users have installed the extensions, hackers then add the data-stealing spyware at a later date. It's a concerning issue, especially as it's thought that over 2 million people are thought to be affected. A total of 18 Chrome extensions have been found to have the malware, with many getting top reviews and even appearing on Google's own Chrome store. They include emoji keyboards, weather services, YouTube extras and more. Here's the full list of affected extensions, with some also targeting the Chrome-powered Edge browser. • Emoji keyboard online (Chrome) • Free Weather Forecast (Chrome) • Unlock Discord (Chrome) • Dark Theme (Chrome) • Volume Max (Chrome) • Unblock TikTok (Chrome) • Unlock YouTube VPN (Chrome) • Geco colorpick (Chrome) • Weather (Chrome) • Unlock TikTok (Edge) • Volume Booster (Edge) • Web Sound Equalizer (Edge) • Header Value (Edge) • Flash Player (Edge) • Youtube Unblocked (Edge) • SearchGPT (Edge) • Unlock Discord (Edge) If you think you may have installed any of the extensions above, then you need to act now. In fact, the security team at Malwarebytes is urging those affected to clear their browsing data without delay. "Clear all browsing data (history, cookies, cached files, site data) to remove any tracking identifiers or session tokens that may have been stolen or set by the malicious extension," Malwarebytes explained. Chrome users are also being advised to check for any suspicious activity on accounts and make sure they enable two-factor authentication. Another top tip is to reset the browser. "Reset your browser settings to default," Malwarebytes explained. "This can help undo any changes the extension may have made to your search engine, homepage, or other settings. Note: this will also undo any changes you have made manually. Alternatively, look for signs like unexpected redirects, changed search engines, or new toolbars."
