We look at a scam campaign on Facebook that continues to do the rounds, and how you can recover your compromised account.

Recently I wrote about a malvertising campaign on Facebook that has been going on for almost a year. Apparently Facebook is struggling to stop this campaign, so now this type of campaign is showing up in other languages than English.

I have seen two different types in German.

**First Facebook scam**

_Translation: Deadly accident on highway causes several fatalities_

Notable about this one is that it was posted as a fundraiser and does not allow comments, which blocks me from posting a warning that this is a scam.

I reached out to the person that owns the account to find out if he knew how his account got compromised. He had no idea, but told me that it seemed like a lot of people were having the same issues. Not only did he see the same type of posts, but he also got a lot of Messenger messages prompting him to click a link.

In the past we’ve seen campaigns on Messenger where clicking such a link would install a Facebook app that required posting permissions. These apps would then spread further from the compromised user account.

The host storage.googleapis.com gives the link a legitimate feel, but that feeling is not justified. Although googleapis.com is a legitimate service provided by Google, it’s being abused by all sorts of cybercriminals for phishing, tech support scams, and in this case fingerprinting. The script on that site looks at your IP address, your type of machine and whether you are using a VPN. Based on the analysis of that information you are forwarded to the type of scam that is likely to be the most profitable.

An example of a redirect URL shows some of the elements that were fingerprinted.

https://byxzz.altairaquilae[.]top/?pl=Yyo1IAH5aE2Q4g9YuOImuw&click_id=da5d3q51mm737150e7&sub_id=18222478-Edge%20(Chromium)%20for%20Windows-Windows

Malwarebytes has already blocked the windyplentiful.com domain for Malvertising.

_Malwarebytes Premium blocks the domain windyplentiful.com_

**Second Facebook scam**

The second example is easier to identify as a fake. Both the ambulance and the wrecked motorcycle hail from California, so this highly unlikely to have happened on the German autobahn.

_Translation: Accident causes several victims including a child_

Not only is the picture clearly not German, the grammar used in the sentence is another sign as it’s a bad translation.

When I set my VPN to pretend I was located in Germany, the script identified it as an anonymous proxy and stopped there.

Switching back to the Netherlands I got to “enjoy” sites with explicit content, scam sites where celebrities encourage investing in cryptocurrencies, and websites offering browser push notifications.

These browser push notifications are a very annoying type of advertising, often associated with tech support scams, explicit content, gambling, and anything else that pays a handsome referral bonus.

Several attempts on both images led to different domains as well. Other blocks we encountered during our research:

_Malwarebytes Premium blocks 188.114.96.0_

_Malwarebytes Premium blocks the subdomain oyglk.altairaquilae.top_

**How to recover from a Facebook scam**

You can recognize this type of scam because they usually tag several friends of the victim. And although the image looks like a click will start a video, it never has for me. The images were hosted at media.discordapp.net/attachments and although the pages contain a link to Vimeo, the videos there have already been removed or were never even there.

If you find your account has posted a message like this, you should assume that someone else has full control over your Facebook account. Simply changing the password is not always enough.

1.  Check for unknown and unused Facebook apps.
    *   Click your profile picture.
    *   Select **Settings & Privacy**, then click **Settings**.
    *   Click **Apps and Websites**.Go to the app or game you want to remove, then next to the name of the app or game, click **Remove**.
    *   Click **Remove** again to confirm.
2.  Enable two-factor authentication (2FA)
    *   Go to your **Security and Login Settings**.
    *   Scroll down to **Use two-factor authentication** and click **Edit**.
    *   Choose the security method you want to add and follow the on-screen instructions.
3.  Change your password on Facebook if you’re already logged in:
    *   Click your profile picture.
    *   Select **Settings & Privacy**, then click **Settings** (or **Accounts Center** if you’re on your phone).
    *   Click **Security and Login** (or **Password and Security** if you’re on your phone).
    *   Click **Edit** next to **Change password** (or just **Change password** if you’re on your phone).
    *   Enter your current password and new password.
    *   Click **Save Changes**.

If you’re logged in but have forgotten your password or it has been changed to something you don’t know, follow the steps above to change your password, then click **Forgot your password?** and follow the steps to reset it. Keep in mind that you’ll need access to the email associated with your account.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

 Facebook fatal accident scam still rages on 

The State of Malware 2024 report covers some topics that are of special interest to home users: privacy, passwords, malvertising, banking Trojans, and Mac malware.

Released today, the Malwarebytes State of Malware 2024 report takes a deep dive into the latest developments in the world of cybercrime. 

As home users, many of the threats we cover will only affect you second hand, such as disruptions after a company suffers a ransomware attack, or when your private information is sold online after a data breach. Sadly, there’s not a lot you can do to prevent incidents like these yourself, other than stay on top of the news and protect yourself against identity theft. 

But other threats you can do something about. So in this article we’ll focus on what threats affect you directly and how you can protect yourself. 

**Privacy **

In the last year, the UK’s Online Safety Act attempted to challenge the status quo for social media and messaging companies. The act was widely interpreted as a demand that companies scan users’ messages for illegal material, and is a first warning about the directions in which privacy may continue to be threatened in the name of greater good.  

It also acts as a reminder to be careful about what you share, even if you are under the impression that you are using the internet securely. We have seen news of ChatGPT leaking user’s information and law enforcement asking for backdoors in encryption routines. 

**Passwords **

Google and Microsoft made good on their promise to back passkeys, an encryption-based alternative to passwords that can’t be stolen, guessed, cracked, or phished.

We’d like to see more companies embrace new methods of authentication and wave passwords goodbye: Too many breaches have shown us that user education only works for those that were already doing the right things. Keeping track of the hundreds of passwords an average user has, along with the relative complexity of using a password manager have convinced us it’s time for a better alternative. 

**Malvertising **

If the last year has taught us something, it’s that scammers and malware peddlers can afford to buy sponsored search results and outbid the brand owner so that their links come out on top. Cybercriminals create Google Search ads mimicking popular brands, which lead to highly realistic, replica web pages where users are scammed or tricked into downloading malware. 

Despite efforts on the side of search providers like Google, the cybercriminals remained one step ahead, able to consistently bypass ad verification checks all year. The type of malware that’s used varies with each campaign but infostealers (which gather information from your computer, such as usernames and passwords) were the most common type. 

**Banking Trojans **

Banking trojans are one of the most serious threats facing Android devices. Banking trojans come disguised as regular apps like QR code scanners, fitness trackers, or even copies of popular apps like Instagram. 

The malicious app asks the user for permissions that allow it to monitor what happens in other apps and will then create overlay screens for legitimate apps. This allows them to capture login credentials and even multi-factor authentication (MFA) tokens.

**Mac malware **

The days of “my Mac is safe” and “Macs don’t get malware” are definitely over. There are many signs that criminals are taking note of the platform’s increasing popularity by enabling attacks to target both Windows and Mac users at the same time. 

Contrary to outdated beliefs, malware for Macs has always existed, it was just considered less serious since most Mac malware was adware or potentially unwanted programs (PUPs). This is changing. For example, in September, 2023, Malwarebytes discovered a cybercriminal campaign spreading Atomic Stealer (AMOS) malware to Mac users through malicious ads. AMOS malware can steal passwords from browsers and Apple’s Keychain, as well as grab files.

**Malwarebytes  **

Malwarebytes has solutions to safeguard individuals’ data and identities. We can protect your Android and iOS devices, Macs, Chromebooks, and Windows systems. We also have software to protect your identity, safeguard your online privacy, and block unwanted ads and trackers.

 State of Malware 2024: What consumers need to know 

Big Game ransomware is just one of six threats resource-constrained IT teams need to pay attention to in 2024.

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is “Big Game” ransomware, the most serious cyberthreat to businesses all around the world.

Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both. The report reveals that, awash with money, the number of known Big Game attacks surged by 68% in 2023, thanks to Ransomware-as-a-Service groups like LockBit and ALPHV.

Known ransomware attacks July 2022 – December 2023

Big Game ransomware is just one part of a thriving and highly organized cybercrime business—a multi-billion-dollar mirror to the legitimate economy it feeds off. Its ecosystem supports entire supply chains, dotted about with specialized organizations like access brokers and malicious software vendors. It has brand names, PR stunts, HR departments, incentive schemes, and “employees of the month.”

And like broader, law-abiding “Business” at large, cybercrime has settled on a collection of tools that work. Its activity is built around evergreen techniques like phishing, software exploits, and password guessing, along with mature malicious technologies like info stealers, trojans, and ransomware.

For years, the latest iterations of these ideas have only offered marginal improvements on their predecessors. As a result, innovation in cybercrime has increasingly shifted towards tactics—advancements that focus more on how attacks can succeed and less on what malware can do. The 2024 State of Malware report also details how ransomware gangs use Living of the Land (LotL) techniques to hide in plain sight, and how one gang, CL0P, turned to automated zero-day attacks to break ransomware’s scalability barrier.

The report also explains how cybercriminals turned to a tactic called “malvertising” in 2023, using search ads and disposable websites that mimic legitimate brands to distribute malware as an alternative to malicious emails and document macros.

And as Macs continued to buck the trend in declining PC sales, some criminals began to add Mac malware, like Atomic Stealer, to their Windows distribution channels.

As we enter 2024, malware is as dangerous as ever, but when it is used, it is just one link in an attack chain of multiple different threats. IT and security teams now face active adversaries, zero-day exploits, compromised accounts, social engineering, and a range of other threats that don’t meet the traditional definition of malware. Against this backdrop, security budgets are shrinking while resource-constrained IT and security teams firefight ever more complex environments.

When it comes to security, “more of the same” will not work in 2024, so this year’s report also outlines what effective cyberdefense in the year ahead will require.

To learn more about the most serious threats facing IT teams in 2024, and how to combat them, download the 2024 State of Malware report.

 Known ransomware attacks up 68% in 2023 

Safer Internet Day is all about raising awareness about a safer and better internet for all, and especially for children and young people.

February 6, 2024 is Safer Internet Day. When I was asked to write about the topic, I misunderstood the question and heard: “can you cover save the internet” and we all agreed that it might be too late for that. While we laughed about it, it made me think.

The internet has been around for quite some time now, and most of us wouldn’t know what to do without it. Personally speaking, I would not have this job, I would not be able to work from home, I would not have met a great many online friends, and I would have to go shopping in person a lot more.

When I started actively using the internet in 1996, it looked completely different than it does today. There were no social media sites to speak of, companies were selling antivirus and anti-Trojan solutions, but nobody cared about adware, PUPs, and assorted nuisances. Firewalls on the other hand were considered a lot more important back then.

The reasons why people get infected with malware have not changed that much though:

*   **Free stuff**. Why pay when you can get it for free? Well, basically, because you always end up paying a price. Whether that free version displays ads or comes bundled with other software which you didn’t want. Or maybe because it’s not even what they promised it would be: not the game, movie, TV show, or software you were looking for.
*   **Fear**. Alarming messages on the screen make us think that we must be doing something wrong and convince us to install fake security software or fall prey to tech support scammers.
*   **Phishing emails**. Emails telling us that we urgently need to respond to prevent something or get rich, healthy, and happy, so we feel we have to click that link or open that attachment.

But in our defense, criminals have gotten a lot better at convincing us to do the “wrong” things. Social engineering has become a science that cybercriminals are masters at, although the Nigerian prince that keeps telling me about the blocked fortune he has waiting for me is still around.

With the help of Artificial Intelligence (AI) these techniques will become even better and can be fine-tuned so they can be adapted to the intended victim and become more targeted. Only recently we learned about a finance worker that paid out $25 million after a supposed video call with his chief financial officer, that turned out to be a deepfake. After reading that story, I felt very sorry for that finance worker. Even knowing that almost everyone would have fallen for that setup, probably doesn’t relieve you of the guilty feeling.

Social media has gone from a way to keep in touch with distant friends to gigantic money making machines that are all about advertising and algorithms that keep you busy on the platform for as long as they possibly can. Governments are now scrambling to protect at least the children of this generation against the ruthless environment that these social media platforms have become.

At some point, celebrities like Angelina Jolie and Brad Pitt hired online bodyguards to monitor the internet and social media content that their children, who ranged from ages 6 to 13 at the time, encounter. Unfortunately, we don’t all have the funds to follow their example, so we have to be our children’s internet guardians.

Other government actions concerning the internet and social media are more focused on trying to limit the power of the tech giants, rather than on our online safety and privacy.

For now, it seems we have to rely on our own solutions to guard our online privacy and protection. For some pointers, check out our internet safety tips. You may find some useful nuggets that you hadn’t come up with yourself.

Safer Internet Day takes place on the same day in February each year to raise awareness about a safer and better internet for all, and especially for children and young people. Let’s make the internet a safer place. If not for us, then for our children.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Safer Internet Day, or why Brad Pitt needed an internet bodyguard 

Clorox has reported losses of $49 million following a cyberattack in mid-2023.

Cleaning products maker Clorox has reported losses of $49 million in connection to a cyberattack it suffered in August of last year.

On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems. Despite a business continuity plan, the incident resulted in wide-scale disruptions to the company’s operations throughout the quarter, which ended September 30, 2023.

Clorox says it expects operational impacts from the cyberattack to continue into the second quarter, though the majority of order processing operations have returned to automated processes. Among other consequences of the cyberattack, net sales are expected to decrease between about $487 million and $593 million.

The company never revealed the nature of the attack, but based on a brief description, we must assume it was a ransomware attack. Ransomware experts have attributed the attack to ALPHV/BlackCat, but attribution is hard. This is especially true when the victim decides to pay the ransom, because their details aren’t made public by the attackers. When an organization refuses to pay, the attacking ransomware group will typically publish the organization’s details, along with its data, on their leak site, which are our main source of information about who did what to who.

The ALPHV ransomware gang is arguably the second most dangerous “big game” ransomware operator, as you can see in many of our monthly ransomware reviews.

The costs of the cyberattack, which included payments to third-parties that were hired to help investigate and remediate the attack amounted to $49 million.

Clorox was forced to shut down many of its systems due to the attack, which triggered order processing delays and significant product outages.

The fact that the disruptions lasted as long as they did, does not bode well for the business continuity plan. Add to that the suspicion that the ransom was paid, and we can conclude that backups were perhaps insufficient or not readily deployable.

These are things that, however cumbersome, need to be tested. Waiting for the actual emergency as the first test is never a good idea. Another indication that things may not have been up to par was the chief information security officer (CISO) leaving in November, while the company was still recovering from the cyberattack.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 Clorox counts the cost of cyberattack 

A list of topics we covered in the week of January 29 to February 4 of 2024

February 2, 2024 - CISA has ordered all FCEB agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products.

February 2, 2024 - The FBI has removed malware from hundreds of routers in an effort to disrupt threat actors linked to the Chinese government.

January 31, 2024 - The MOAB may not be just recycled data after all.

January 31, 2024 - Threat actors are using all the tools at their disposal to deliver malware. Malicious ads are only one step in the chain, with compromised sites providing the free hosting and changing capabilities that can evade detection.

January 31, 2024 - Actions by the FCC and FTC have led to a decrease in unsollicited and scammy calls

 A week in security (January 29 &#8211; February 4) 

CISA has ordered all FCEB agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products.

In an emergency directive, the Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024.

Besides the Ivanti vulnerabilities actively exploited in massive numbers we wrote about on January 11, 2024, alerts sounded about two new high severity flaws on January 31, 2024.

CISA has taken this drastic step after noticing widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Policy Secure solutions with severe consequences:

> “Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems.”

Based on that, CISA determined that these conditions pose an unacceptable risk to Federal Civilian Executive Branch (FCEB) agencies and requires emergency action.

FCEB agencies using Ivanti Connect Secure and Ivanti Policy Secure solution will find a list of required actions in the emergency directive Supplemental Direction V1: Emergency Directive 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities.

These actions include threat hunting on any systems connected to—or recently connected to—the affected Ivanti device. CISA notes that agencies running the affected products must assume domain accounts associated with the affected products have been compromised.

Agencies have permission to reconnect devices only if they’ve been factory reset and updated according to Ivanti’s instructions.

**How did it come this far?**

On January 10, 2024 Ivanti released advisories about two actively exploited vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways. Active exploitation dates back as far as December 3, 2023. These vulnerabilities were listed as CVE-2023-46805 and CVE-2024-21887.

Ivanti provided a workaround and said patches would be released on a schedule based on versions, with the first coming out in the week of January 22. The last version will come out the week of February 19.

Soon after, reports started surfacing about several groups exploiting the vulnerabilities amassing as many as 1,700 compromised devices, with 7,000 more that remained vulnerable. Also, some security firms noticed a Chinese APT was able to bypass the mitigations.

New vulnerabilities came to light on January 31, 2024 listed as CVE-2024-21888 and CVE-2024-21893 where Ivanti remarked that it was aware of “a small number of customers who have been impacted by CVE-2024-21893 at this time.” Customers can read this KB article for detailed instructions on how to apply the new mitigation and how to apply the patch as each version becomes available.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 CISA: Disconnect vulnerable Ivanti products TODAY 

The FBI has removed malware from hundreds of routers in an effort to disrupt threat actors linked to the Chinese government.

The FBI has used a court order to remove malware from hundreds of routers across the US, and alter the routers’ settings to prevent reinfection.

The routers are malware-infected NetGear and Cisco small office/home office (SOHO) devices that no longer receive updates because they have reached their End-of-Life.

The FBI did this because it believed the threat actor behind the botnet of routers is an Advanced Persistent Threat (APT) group known as “Volt Typhoon.”

The US Cybersecurity and Infrastructure Security Agency (CISA) warned US businesses in May, 2023 about Volt Typhoon, an elite squadron of hackers with ties to the Chinese government, that targets high-value entities like governments, large corporations, and critical infrastructure.

On January 31, 2024, FBI  director Christopher Wray warned in a House committee hearing that “cyber hackers working for the Chinese government are preparing to wreak havoc on the US.”

To stop this from happening, the FBI used court-authorized operations to take control of hundreds of routers that Volt Typhoon had been using as gateways to get inside sensitive infrastructure. They used the routers to hide the actual origin of malicious attempts to reach inside the utilities and other targets.

The FBI says it tested the malware removal extensively on the relevant Cisco and NetGear routers, as specified in the court documents, to avoid any impact on the legitimate functions of the hacked routers.

The FBI will inform owners of the affected routers, or their providers if the owner’s contact information is not available.

A router’s owner can reverse these mitigation steps by restarting the router. However, a restart that is not accompanied by mitigation steps similar to those the court order authorized will make the router vulnerable to reinfection.

The FBI warns that:

> “The remediated routers remain vulnerable to future exploitation by Volt Typhoon and other hackers, and the FBI strongly encourages router owners to remove and replace any end-of-life SOHO router currently in their networks.”

At the same time, Wray let the House committee know that US cyberdefense is badly outnumbered.

> “If you took every single one of the FBI cyber agents, intelligence analysts and focused them exclusively on the China threat, China’s hackers would still outnumber FBI cyber-personnel by at least 50 to 1.”

According to CISA Director Jen Easterly, who also testified before the House select committee on the Chinese Communist Party, it’s likely we’re only seeing the tip of the iceberg.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 FBI removes malware from hundreds of routers across the US 

In a hearing with the CEOs of the five most used social media platforms the  Senate Judiciary Committee found common ground for the need to protect children online

In an unusually emotional and unified setting, the Senate Judiciary Committee found common ground for the need to protect children online yesterday.

On January 31, 2024, the CEOs of the most widely used social media platforms appeared before the Committee. Meta’s Mark Zuckerberg, X’s Linda Yaccarino, TikTok’s Shou Chew, Snap’s Evan Spiegel, and Discord’s Jason Citron listened to accusations and answered questions about what they were doing to protect children using their platforms.

The main concerns about children on these platforms center around sexual abuse and mental health. The parents that were present in the room had direct experience of children with either or both issues, as the senators pointed out.

In his opening statement, Ranking Member Senator Lindsey Graham held Mark Zuckerberg and the other CEOs to immediate account:

> “Mr. Zuckerberg, you and the companies before us, I know you don’t mean it to be so but you have blood on your hands. … You have a product that’s killing people.”

Meta CEO Mark Zuckerberg addressed the families of children who died as a result of online suffering:

> “It’s terrible. No one should have to go through the things that your families have suffered. And this is why we invest so much and are going to continue doing industry-leading efforts to make sure that no one has to go through the things your families have had to suffer.”

In November 2023, a Meta whistleblower revealed some shocking numbers around children’s experiences of its platforms. He told Congress that his research showed that 13% of Instagram users younger than 16 were subjected to unwanted sexual advances in a given seven-day period.

In response to the Committee’s questions, the social media CEOs largely agreed upon hiding inappropriate content and some sort of age verification. More substantial were the promises of Snap and X, who both publicly endorsed a prominent bipartisan bill, the Kids Online Safety Act (KOSA).

KOSA was introduced in February 2022 and aims to enhance children’s safety online. It is thought to be the child online safety bill with the best chance of passing Congress.

One of the main points of KOSA is to set up accountability for social media platforms to act in preventing and mitigating content that could harm minors. Such content includes the promotion of unlawful products for minors (e.g. gambling and alcohol), self-harm, substance abuse, eating disorders, sexual exploitation, and suicide.

We’ve heard from whistleblowers that algorithms are consistently used to prioritize the companies own profits over users’ health and safety. Those profits are large, as Senator Klobuchar pointed out:

> “Social media platforms generated $11 billion in revenue in 2022 from advertising directed at children and teenagers, including nearly $2 billion in ad profits derived from users age 12 and under.”

In that light we see welcome steps forward, both with the promise made by TikTok to increase its investment in safety by $2 billion—although it was a bit vague—and X’s commitment to support the Strengthening Transparency and Obligations to Protect Children Suffering from Abuse and Mistreatment Act (STOP CSAM) — a bill giving child sexual exploitation victims the right to sue online platforms.

Unfortunately, legislative efforts at the national level have mostly failed, but state legislators have introduced more than 100 bills across the country that aim to regulate how children interact with social media.

We asked Oren Arar, Malwarebytes’ VP of Consumer Privacy how he felt about these developments.

> “Recent congressional hearings highlight the efforts social media companies are making to mitigate these dangers. However, their business models do not primarily focus on safety, which often relegates such critical concerns to the back burner. Consequently, the onus of protection falls heavily on parents and guardians.
> 
> In an age where children gain access to social media and online platforms at an increasingly young age, the importance of safeguarding their privacy and security cannot be overstated. The virtual landscape, while offering numerous benefits, also harbors risks from malevolent actors who may disguise themselves as harmless peers. These risks are not solely external; they can also emanate from within a child’s own social circles in the form of cyberbullying.
> 
> To fortify our children against these virtual threats, a two-pronged approach is essential: relentless awareness and privacy-centric technology.
> 
> Awareness is pivotal. It necessitates ongoing, open conversations with our children to instill a deep-seated wariness of strangers online and to reinforce the dangers of in-person meetings with online acquaintances. Doubts and unusual encounters should be brought to an adult’s attention without hesitation. Vigilance through regular check-ins is imperative, not just to monitor online interactions but to detect any behavioral shifts that could signal cyberbullying. Immediate and supportive intervention is crucial to maintain a child’s sense of security and wellbeing.
> 
> While parental control tools might not be favored by all, the use of privacy-led technology is a substantial defense mechanism. Ensuring that social media accounts are locked down with robust privacy settings, particularly disabling automatic geolocation sharing, is a start. Strong, unique passwords and two-factor authentication add a layer of security to prevent unauthorized access. Advising children against sharing personal information and encouraging the use of VPNs can also significantly enhance their online privacy.”

**Tips to keep your children safe online**

To keep your children safe there are several things you can do up front.

*   Keep webcams covered when not in use.
*   Use parental controls and features like SafeSearch.
*   Familiarize yourself with the platform your child uses, so you know the options and pitfalls.
*   Look at the privacy settings of the device, the browser, and frequently used apps.
*   Be open in communication with your children and lead by example.

What you should teach your children:

*   Do not fill out personal information online. Pay special attention to not giving away your location.
*   Be careful who you share pictures with, especially when asked.
*   Steer away from threatening environments and private conversations with strangers.
*   Don’t let others use your device(s).
*   Ask a trusted grown-up whenever you’re worried about something.
*   Get permission before you install new apps.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.

 &#8220;You have blood on your hands.&#8221; Senate Committee calls for action by social media giants to protect children online 

Watch out for malicious ads tricking you as you prepare to file your taxes.

The Internal Revenue Service has announced that the 2024 tax filing season has officially begun, with an expected 146 million individual tax returns to be filed. While it is costly and complex for the IRS to process so many digital and paper documents, it can also be a headache for many Americans.

Unsurprisingly, this is also the time of year where we see an increase in tax-related scams. From unsolicited phone calls claiming you owe money to the IRS to bogus tech support with your accounting software, fraudsters are just one step away from robbing you.

In this blog post, we will focus on the dangers of looking for assistance online and the numerous malicious ads trying to reel you in.

**Calling the IRS**

People will often go on Google to search for a phone or contact number for a business they are trying to get in touch with. Scammers are very well aware of this and will purchase ads to appear at the top of the search results.

Sometimes, somewhere in the fine prints such advertisers will say they are merely a third-party company providing services. But most people don’t read the fine print, and besides, the tactics used here are generally high deceiving.

A search for ‘IRS support’ returns the following ad claiming to be the “IRS Support Line”:

The website tied to this ad is shown with the corresponding advertiser (left), while a different website from a different advertiser is seen (right). Both have the same template. Which one is the real one? Are any of these identities even real?

A testimonial mentioning the aforementioned website seen in the ad claims that it existed back in 2016 while whois records show the domain name was only created in 2023. To add insult to injury, the same testimonial was also used to promote a different domain. Did the same person prepare their taxes on two different sites in 2016, when neither of them actually existed yet?

**Tax software**

There are a number of programs to help you file your taxes. As intuitive as they can be, it is quite common for people to have a problem with the software itself or a specific question related to taxes.

Scammers buy ads on search engines that often show before the product’s official website. Those ads are extremely misleading for the average user who’s looking for assistance.

One technique they use to bypass ad validation checks is using special or similar-looking characters in the particular brand they are impersonating.

Victims end up on the phone with someone in a large call center, typically located in a foreign country. While the pitch varies, a common scam consists of selling expensive support plans, such as in this example below which is for the first advert seen earlier:

**AI-assisted taxes**

AI has been all the rage in the past year or so. We are seeing a number of dubious services advertised online that claim to give quick answers after paying a small fee.

With AI comes a lot of potential for abuse and scammers are already leveraging this tool to automate a lot of interactions that seem human-like. It becomes less human when two different sites with a different expert assistant answer the exact same way.

We did not investigate these services fully, so we won’t be showing their full name. However, please beware that they are highly suspicious.

**Avoiding scams**

These days it has become increasingly difficult to navigate online without being exposed to a scam. People have become accustomed to trust their search engine and naturally follow the different paths laid in front of them.

While some websites look obviously fake to someone, they may fool someone else. At the same time, the tools to build convincing schemes are readily available to anyone for free.

*   Before calling a number, ensure that it is legitimate by visiting the official site directly.
*   Beware of unsolicited phone calls or emails, especially those that ask you to act immediately.
*   Beware of impersonators which may hide behind sponsored results and instead click on organic search results.
*   Always check the website you visit by looking at the address bar. If in doubt, close the page and open a new one.
*   If a website asks you for a small fee upfront it likely is trying to get your credit card to sell you more expensive services.
*   Use security software that blocks phishing domains and other scam sites. Malwarebytes Premium does this, leaving your computer and financial assets protected.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Source

Malwarebytes