As criminals become more creative, it's essential to stay updated on the latest scams targeting employees and consumers.

From fake captcha attacks to fraudulent PayPal notifications and Signal account exploits, these scams are designed to trick users into compromising their data or downloading malware. Here's a look at some of the most recent threats you should be aware of and how to protect yourself and your organisation.

Fake Captcha are increasing 

Cyber criminals are using fake captcha verification pages to trick employees into downloading malware.

How the Scam Works

1. An employee receives an email or text, often posing as a security alert or business-related message.
2. The message directs them to a fake login page that looks legitimate.
3. Next, the website displays a message like “Verify You Are Human.” However, instead of the usual captcha such as selecting images or typing a code the user is instructed to copy and paste a malicious script. A newer variation of the scam tells them to press the Windows key + R, which opens the Windows Run dialog. From there, they are prompted to paste (CTRL+V) the script and press Enter, unknowingly executing the malware.
4. In short, the goal is to get the employee to download the malware themself, rather than the attacker putting it in place.

What can you do? 

• Make sure to include fake captcha scam warnings in your regular security training. The message to employees should be to never paste commands into your computer unless you’re 100% sure it’s safe. 
• Limit PowerShell access - only let the people who truly need it use it.
• Disable the Windows Run command - restrict it for non-admin or non-dev machines to stop regular users from running malicious scripts.
• Turn off browser password saving - it helps prevent infostealers from grabbing saved credentials.
• Enable phishing-resistant two-factor authentication in case credentials are stolen.
• Use an endpoint detection and response (EDR) solution this will help block any malicious scripts before they can cause harm.
• Make sure that staff are using standard user accounts for their day to day work - this ensures that any script that requires administrator privileges will not be able to run.

Signal 

Recent reports show that Russian state-aligned threat actors are actively targeting Signal accounts.

These threat actors are currently exploiting Signal’s "linked devices" feature by creating malicious QR codes. When users scan these codes, their accounts become linked to devices controlled by the attackers, enabling real-time surveillance of their communications.

To safeguard Signal, consider implementing/reviewing the following:

1.  Review Linked Devices https://lnkd.in/ey9c3MP6

Threat actors often try to link new devices to your Signal account for surveillance. In Signal, Navigate to Settings > Linked Devices. Remove any unknown devices

2.  Enable Registration Lock (PIN) https://lnkd.in/eJdBWesD

This feature prevents attackers from registering your phone number on another device by requiring a PIN that only you know. In Signal, navigate to Settings > Account Enable "Registration Lock"

3.  QR Codes

Be wary of scanning QR codes from unverified sources, especially those claiming to be group invitations or device pairing requests

4.  External Links

Avoid clicking on unsolicited links or downloading files from unknown sources, as they may be phishing attempts designed to compromise your account

PayPal 

A sneaky new scam is doing the rounds, using PayPal’s own system to trick people into handing over remote access to their computers.

For the past month, people have been receiving genuine emails from service@paypal.com confirming a new address was added to their account alongside a fake MacBook purchase notification. The email urges you to call a number if you didn’t authorise it.

What’s really happening?

1. No address has actually been added - scammers are abusing PayPal’s 'gift address' feature by inserting fake purchase details into the 'Address Name' field. This makes PayPal’s system-generated emails look like an official purchase confirmation.
2. Because the email comes directly from PayPal, it bypasses spam filters, making it seem even more convincing.
3. If someone calls the number, scammers will try to trick them into downloading remote-access software, which could result in stolen money, personal data theft, or a malware infection.

How to protect yourself

1. Ignore the email - if concerned, log into PayPal directly to check your account.
2. Never call the number - it’s a scam line designed to manipulate you.
3. Report the scam to PayPal and help spread the word.