Skip to playerSkip to main content
Rizzle
  • 7 hours ago
Transcript
00:00Payroll pirates are hijacking ads to steal your logins and paychecks.
00:05Cyber crooks dubbed the payroll pirates are ramping up their game,
00:09hijacking search ads to pilfer your work logins and security codes,
00:13as reported by 9to5mac.
00:17These digital buccaneers are spoofing over 200 legit HR, payroll, credit union, and trading sites,
00:24potentially harming half a million users worldwide.
00:28Troy Hunt, a Microsoft regional director, who also runs the site Have I Been Pawned,
00:34claims this to be the biggest breach in existence.
00:37I hate hyperbolic news headlines about data breaches,
00:40but for the 2 billion email addresses headlined to be hyperbolic,
00:46it'd need to be exaggerated or overstated, and it isn't.
00:49It's rounded up from the more precise number of 1,957,476,021 unique email addresses.
01:01But other than that, it's exactly what it sounds like.
01:05Search for your payroll portal on Google or Bing,
01:08and a slick ad lures you to a phony login page.
01:10Attackers capture your username, password, and multi-factor authentication codes,
01:17nullifying the extra security.
01:19After going quiet late last year,
01:21the crew resurfaced mid-2024 with souped-up phishing kits.
01:26Microsoft's security team tracks them as Storm2-657,
01:31targeting universities and other organizations.
01:33Checkpoint found the campaign now uses Telegram bots to steal one-time codes in real-time,
01:41backed by a revamped system that hides data theft.
01:44Activity appears in Kazakhstan and Vietnam using cloaked, age domains.
01:49Logs show at least four admins, including one who boasted in a video from Odessa.
01:55Pirates are adapting fast.
01:57Pro tip, double-check URLs, avoid ad-driven links for logins,
02:02and report suspicious sites.
02:05Use Have I Been Pawned to check your email,
02:08change your passwords, enable two-factor authentication,
02:11review your Gmail security activity,
02:14and update any reused passwords.
Be the first to comment
Add your comment

Recommended

Following Your Stolen Data Through The Dark Web
WIRED
6 weeks ago
Researchers say AI browsers are a cybersecurity mess.
Rizzle
3 weeks ago
The Psychology Behind Phishing Attacks and How to Outsmart Them
Rizzle
4 weeks ago
Protecting Yourself From Cybersecurity Attacks
Stringr
5 years ago
Busting Cybersecurity Myths | Delhi Police Cybersecurity Awareness Month | OneIndia News
Oneindia
2 years ago
Companies to report ransomware attacks under new proposal
ABC NEWS (Australia)
1 year ago
Cybersecurity: Hackers threaten critical infrastructure
DW (English)
3 years ago
Websites being used to test stolen credit card numbers
ABC NEWS (Australia)
2 years ago
Hackers Take Over PA Systems At Several Airports
Rizzle
4 weeks ago
Cybercriminals Infiltrate Trucking Systems To Steal High-Value Cargo
Benzinga
11 hours ago
Max B – “No More Tricks”
Rizzle
7 hours ago
YFN Lucci – “Already Legend” [“Thank You” Deluxe Edition]
Rizzle
7 hours ago
Summer Walker earns her third straight top 2 album with “Finally Over It”
Rizzle
7 hours ago
Ja Rule explains backstage scuffle at Brandy and Monica’s Barclays concert after three men sucker-punched him before his set; Denies Max B's involvement
Rizzle
7 hours ago
Who’s next in Apple’s CEO hot seat after Tim Cook?
Rizzle
7 hours ago
TikTok gives you the power to turn down the AI
Rizzle
7 hours ago
WhatsApp finally tests multi-account support on iPhone
Rizzle
7 hours ago
YouTube is testing in-app DMs
Rizzle
7 hours ago
Apple Vision Pro now supports PSVR2 controllers
Rizzle
7 hours ago
OpenAI reportedly shares 20% of its revenue with Microsoft
Rizzle
7 hours ago
Roomba is dying and your dusty old broom might be making a comeback
Rizzle
7 hours ago
OpenAI gives teachers their own ChatGPT
Rizzle
7 hours ago
Google’s Private AI Compute brings cloud power without the creepy snooping
Rizzle
7 hours ago
Amazon’s satellite project gets a makeover
Rizzle
7 hours ago
Apple owes $634 million to Masimo for blood-oxygen tech
Rizzle
7 hours ago