IT News

Explore the MakoLogics IT News for valuable insights and thought leadership on industry best practices in managed IT services and enterprise security updates.

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

Earlier this week, we reported on a new type of scam that tells you your partner is cheating on you. However, we hit a dead end because we were unable to get hold of an original copy of the email.

That was until the scammers were “kind enough” to send one to one of our co-workers.

your partner is cheating on you and we have proof
your partner is cheating on you and we have proof

“Hi (target’s name],

[Partner’s name] is cheating on you. Here is proof.

As a company engaged in cyber security we’ve found information related to [partner’s name] that might interest you.

We made a full backup of [his/her] disk. (We have all [his/her] address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all [his/her] contacts) and are willing to give you a full access to this data. For more details visit our website.”

With this, we were able to investigate the scammers’ intentions.

All three of the links in the email (Here, website, and Check now) point to the same website. Through a landing page located at click[.]cardfoolops[.]com visitors are redirected to partnerleak[.]com.

The partnerleak[.]com domain was registered on August 1, 2024, with NameCheap anonymously. Anonymous registration doesn’t automatically mean the person registering is up to no good, but it did block us from researching this avenue any further.

The registration date, however, matches with the first complaints we started seeing about these emails.

Malwarebytes blocks partnerleak[.]com
Malwarebytes blocks partnerleak[.]com

During the redirection process, your email address is passed on, which means when you register at the site your email address is already filled out.

Email address is transmitted and pre-filled
Email address is transmitted and pre-filled

The PartnerLeak site itself says it offers anonymity, as well as “crucial insights” into the behaviour of the one you love.

“completely anonymous service leverages artificial intelligence and the vulnerabilities of popular smartphones to provide crucial insights into your partner’s behavior.”

website partnerleak part 1
partnerleak website part 2

Are You Concerned About Your Partner’s Honesty?

If you’ve decided to take a leap into a relationship but find yourself questioning your partner’s honesty, or if you’ve been together for a while and something feels off, we have a solution for you.

Our Service

Our completely anonymous service leverages artificial intelligence and the vulnerabilities of popular smartphones to provide crucial insights into your partner’s behavior. Here’s how it works:

Data Backup Access: You can download a backup from iCloud or Google, which includes:

  • Device location tracking
  • Movement history with timestamps
  • Correspondence from popular messaging apps like Telegram, WhatsApp, and iMessage
  • Photo and video materials stored on the smartphone

Social Media Analysis: Utilizing AI and extensive data, our service can:

  • Check user registration and analyze behavior on platforms like Facebook and Twitter
  • Investigate activity on popular dating apps such as Tinder, AdultFriendFinder, Hinge, and OkCupid

This comprehensive analysis helps you verify the reliability of your potential partner based on criteria that matter most to you.

Commitment to Anonymity and Privacy

  • Anonymous Transactions: We prioritize your anonymity by processing payments through cryptocurrencies, ensuring that your partner will remain unaware of your inquiries.
  • Data Privacy: Your privacy is of utmost importance. We offer the option to permanently delete any data related to you from our system.

Take control of your relationship concerns today with our discreet and effective service!”

Nowhere on the site does it specify how much such an investigation would cost, but after registration you can start a search at which point it will tell you to top up your balance.

You don’t have free search. Please top up balance or try use different email.
You don’t have free search. Please top up balance or try use different email.

To top up your balance there are three payment options:

  • Credit card
  • Bitcoin
  • Ethereum

We checked the balances on the cryptocurrency accounts they provided and we are happy to report that those are both dead in the water. We can only hope that the PartnerLeak revenue from credit cards looks the same, although that is probably wishful thinking on our part.

An empty and inactive Bitcoin wallet
An empty and inactive Bitcoin wallet
An empty Ethereum account
An equally empty Ethereum account

Our investigation into where the scammers were getting the necessary information always pointed in the same direction: The Knot, a wedding services company.

However, we couldn’t find any breaches of its site or any tangible evidence that it was anything more than just a source of information. Like many other similar sites, it is easy to find a partner name on the site if you already have the name and email of the other partner.

But since many victims, including our co-worker, used The Knot’s services, we contacted them and received this statement from a spokesperson:

“We were notified of user concerns, and after investigation by our cybersecurity team, determined there is no evidence of unauthorized access to our systems.”

Regardless of where the scammers are getting their data, let’s keep their balance at zero and spread the word.

How to react to your partner “is cheating on you” emails

First and foremost, never reply to emails of this kind. That tells the sender that someone is reading the emails sent to that address, and will lead to them trying other ways to defraud you.

  • If the email includes a password, make sure you are not using it any more on any account. If you are, change it as soon as possible.
  • If you are having trouble remembering all your passwords, have a look at a password manager.
  • Don’t let yourself get rushed into doing something. Scammers rely on time pressure that leads to people making quick decisions.
  • Do not open unsolicited attachments. Especially when the sender address is suspicious, or even appears to be your own.

Check your digital footprint

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Payment provider data breach exposes credit card information of 1.7 million customers

Payment provider Slim CD has disclosed a security incident that may have exposed the full credit card information of anyone paying at a merchant that uses Slim CD’s services.

The Florida-based gateway system, which allows merchants to take any kind of electronic payment, said on June 15 it noticed “suspicious activity” within its environment.

A subsequent investigation by a third-party specialist revealed that cybercriminals had access to Slim CD’s systems for 10 months, between August 17, 2023, and June 15, 2024. However, the company said the criminals only had access to credit card and other information between June 14 and June 15, 2024.

Slim CD said that the compromised information included full names, physical addresses, and credit card numbers including expiration dates.

The company said it is not aware of anyone yet using the exposed information:

“Although Slim CD presently has no evidence that any such information has been used to commit identity theft or fraud, Slim CD is providing information about the event, Slim CD’s response, and resources available to individuals to help protect their information from possible misuse.”

Even though there is no mention of credit card verification numbers being included in the breached data, Slim CD is still warning about the possible risks:

“We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors.”

Customers are often unaware which payment provider is used by their online shops, so a data breach notice may come as a surprise to many of the 1,693,000 affected people.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Your partner “is cheating on you” scam asks you to pay to see proof

As if they weren’t annoying enough already, scammers have recently introduced new pressure tactics to their sextortion and scam emails.

Last week we reported how cybercriminals are using photographs of targets’ homes in order to scare them into paying money. Now they’re throwing in the name of targets’ partners, telling the receiver that their partner is cheating on them.

The general outline of the scammy email looks like this:

“Hi (target’s name],

[Partner’s name] is cheating on you. Here is proof.

As a company engaged in cyber security we’ve found information related to [partner’s name] that might interest you.

We made a full backup of [his/her] disk. (We have all [his/her] address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all [his/her] contacts) and are willing to give you a full access to this data. For more details visit our website.”

For some people, the links in the mail lead to a site where you can “buy the data” for around $2500 in Bitcoin. Others report they were sent to a site that presented them with a login screen.

But where did the scammers get the partner’s name from?

Based on speculation among Reddit users, BleepingComputer contacted a wedding planning site called The Knot, which was listed as a possible source, but received no reply. Looking at our data, we can confirm that 3,677 users of The Knot have had their login credentials compromised at some point in time, but not all at once, so The Knot is not necessarily the source of the data.

There are many other ways that scammers can dig through or combine breached data to find out who your partner is and compose such a personalized email, or they could spend a small amount of time on social media to find out relatively quickly.

Regardless of where the scammers got the information, please don’t let this type of email ruin your relationship or even one minute of your day. Send the emails straight to the trash.

How to react to your partner “is cheating on you” emails

First and foremost, never reply to emails of this kind. That tells the sender that someone is reading the emails sent to that address, and will lead to them trying other ways to defraud you.

  • If the email includes a password, make sure you are not using it any more on any account. If you are, change it as soon as possible.
  • If you are having trouble remembering all your passwords, have a look at a password manager.
  • Don’t let yourself get rushed into doing something. Scammers rely on time pressure that leads to people making quick decisions.
  • Do not open unsolicited attachments. Especially when the sender address is suspicious, or even appears to be your own.

Check your digital footprint

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

What the arrest of Telegram’s CEO means, with Eva Galperin (Lock and Code S05E19)

This week on the Lock and Code podcast…

On August 24, at an airport just outside of Paris, a man named Pavel Durov was detained for questioning by French investigators. Just days later, the same man was charged in crimes related to the distribution of child pornography and illicit transactions, such as drug trafficking and fraud.

Durov is the CEO and founder of the messaging and communications app Telegram. Though Durov holds citizenship in France and the United Arab Emirates—where Telegram is based—he was born and lived for many years in Russia, where he started his first social media company, Vkontakte. The Facebook-esque platform gained popularity in Russia, not just amongst users, but also the watchful eye of the government.

Following a prolonged battle regarding the control of Vkontake—which included government demands to deliver user information and to shut down accounts that helped organize protests against Vladimir Putin in 2012—Durov eventually left the company and the country all together.

But more than 10 years later, Durov is once again finding himself a person of interest for government affairs, facing several charges now in France where, while he is not in jail, he has been ordered to stay.

After Durov’s arrest, the X account for Telegram responded, saying:

“Telegram abides by EU laws, including the Digital Services Act—its moderation is within industry standards and constantly improving. Telegram’s CEO Pavel Durov has nothing to hide and travels frequently in Europe. It is absurd to claim that a platform or its owner are responsible for abuse of the platform.”

But how true is that?

In the United States, companies themselves, such as YouTube, X (formerly Twitter), and Facebook often respond to violations of “copyright”—the protection that gets violated when a random user posts clips or full versions of movies, television shows, and music. And the same companies get involved when certain types of harassment, hate speech, and violent threats are posted on public channels for users to see.

This work, called “content moderation,” is standard practice for many technology and social media platforms today, but there’s a chance that Durov’s arrest isn’t related to content moderation at all. Instead, it may be related to the things that Telegram users say in private to one another over end-to-end encrypted chats.

Today, on the Lock and Code podcast with host David Ruiz, we speak with Electronic Frontier Foundation Director of Cybersecurity Eva Galperin about Telegram, its features, and whether Durov’s arrest is an escalation of content moderation gone wrong or the latest skirmish in government efforts to break end-to-end encryption.

“Chances are that these are requests around content that Telegram can see, but if [the requests] touch end-to-end encrypted content, then I have to flip tables.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)


Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

A week in security (September 2 – September 8)

Lowe’s employees phished via Google ads

In mid-August, we identified a malvertising campaign targeting Lowes employees via Google ads. Like many large corporations, Lowe’s has their own employe portal called MyLowesLife, for all matters related to schedule, pay stubs, or benefits.

Lowe’s employees who searched for “myloweslife” during that time, may have seen one or multiple fraudulent ads. The threat actor, who does not strictly limit themselves to Lowe’s but also targets other institutions, aims to gain access to the login credentials of current and former employees.

My Lowe’s Life ads

Combining ads with a phishing page is a proven recipe for success. Indeed, unsuspecting users often rely on Google Search to take them to the site they are looking for, rather than manually entering its full URL in the browser’s address bar. It is somewhat suspicious to see ads for an internal HR portal, but then again it could be easy to overlook that oddity.

We found two different advertiser accounts impersonating MyLowesLife, and in one instance, we even saw 3 malicious ads from both accounts one after the other. The URL listed for each ad is different, and does not match the legitimate one (myloweslife.com), a well-known technique of lookalikes criminals often employ.

image 5337dc

Phishing site built with AI

The threat actor registered several similarly looking domain names in order to trick their victims:

myloveslife[.]net
mylifelowes[.]org
mylifelowes[.]net
myliveloves[.]net
myloveslive[.]net
mylofeslive[.]net
myloweslove[.]com

What’s interesting is how the home page for each of those is not what you’d expect. In fact, what we see is a generic ‘retail store’ template which appears to have been built using AI.

image af0f79
image c55d0b

There is a simple reason for this: if anyone was to investigate those potentially fraudulent websites, they would not see anything malicious. As a result, it will be difficult to convince a domain registrar or hosting provider to take any action such as suspending the site.

Phishing page

When victims click on the Google ad, they are taken directly to the phishing page, contained within a directory named ‘wamapps’, which interestingly matches the structure of the real Mylowe’s Life website:

https://lius.myloweslife.com/wamapps/wamlogin

This an exact replica of the real Lowe’s portal that prompts users for their Sales Number and Password:

image ec1f4d

Looking at the page’s source code, we can see how these two fields are being sent back to the threat actor using a POST request via xxx.php, the phishing kit. After collecting this data, a second page asks users for their security question. This is presumably a feature used by Lowe’s to secure accounts if they detect unusual login activity:

image d8103b

Finally, after providing those details, victims are redirected to the real MyLowesLife website where they will be asked for their login details again. While that could raise suspicion, it’s possible many users will think it’s simply a glitch with the system and won’t look back again.

It’s unclear what the threat actor does with the stolen credentials, but likely they are a broker reselling them to other criminals.

Mitigations

Brand impersonation via Google ads is a very popular technique leveraged by threat actors of all kind. They know people will open up their default browser, do a quick search and that’s exactly where they can target them.

To avoid many of the phishing campaigns that abuse Google ads, we strongly recommend against clicking on sponsored results. You are better off scrolling down further and visiting the official websites directly.

For an online portal you regularly visit (bank, grocery store, etc.) it’s a good idea to bookmark the website into your browser’s favorites: it’s quicker and safer to visit a site that you trust in that manner.

We reported these malicious ads to Google and to our knowledge this ad campaign is no longer running. Malwarebytes customers were protected on day 1 via both the Malwarebytes Browser Guard and Malwarebytes Premium Security. If you suspect you have been a victim of identity theft, feel free to check out Malwarebytes Identity Theft Protection (also available to customers via our premium security products).

image

Planned Parenthood partly offline after ransomware attack

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group.

Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provides sexual health care services. It is not yet known whether any personal information about patients might have been stolen, but that could potentially be devastating.

The patients who rely on Planned Parenthood for care are frequently low-income and face health care disparities due to race, gender, sexuality, or because they live in underserved areas. Sometimes they are minors that have been in contact with the criminal justice system, and they are not eligible for insurance or depend on Medicaid Expansion for coverage.

The group behind the attack, Ransomhub, has claimed responsibility on their leak site where they threaten to publish stolen data to increase the leverage over their victims.

RansomHub's listing of Planned Parenthood on their leak site
Planned Parenthood listed on RansomHub’s leak site

“Intermountain Planned Parenthood, a leading nonprofit organization, is dedicated to empowering individuals in Montana to make informed decisions regarding their sexual and reproductive health.”

The listing on the leak site shows financial information, court papers, and insurance certificates. Ransomhub set a timer for Planned Parenthood. The timer counts to September 11 before the release of all the data.

On the leak site every entry has a timer running back to the time of release of the data if the victim doesn't pay
Timer before release of the data

Ransomhub listed the size of the data set at 93 GB, but ransomware groups have been known to exaggerate, lie, and mislead. They are criminals after all.

As laid out in a recent joint advisory by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS),  RansomHub is a relatively new but very active Ransomware-as-a-Service group known to target healthcare organizations and other critical infrastructure sectors.

According to a recent ThreatDown ransomware report, healthcare and education are the hardest hit sector after “Services” in the US, accounting for 60% and 71% of global attacks in these sectors, respectively.

And in the ThreatDown Ransomware Review of August 2024 we can see that Ransomhub was the gang responsible for the largest number of known attacks in July.

Known ransomware attacks by group, July 2024

This story will be updated once we find out more about the nature of the stolen data.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

After using passwords obtained from one of the countless breaches as a lure to trick victims into paying, the “Hello pervert” sextortion scammers have recently introduced two new pressure tactics: Name-dropping the infamous Pegasus spyware and adding pictures of your home environment.

They do this to add credibility to the false claims that the scammers have been watching your online behavior and caught you red-handed during activities that you would like to keep private amongst your friends and family.

The email usually starts with “Hello pervert” and then goes on to claim that the target has been watching pornographic content. The scammers often claim to have footage of what you were watching and what you were doing while watching.

To stop the sender from spreading the incriminating footage, the target will have to pay the scammer, or else they will send it to everyone in their email contacts list.

More recently, scammers have started increasing their threats by mentioning a powerful spyware called “Pegasus.” Several versions of these scam emails have included the following text:

Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows.

Though Pegasus is indeed a powerfully invasive spyware tool, the threat of its use, as included in these scam emails, is entirely empty. This is because Pegasus has never been observed outside of a surveillance campaign carried out, specifically, by governments. Time and time again, Pegasus has been used by oppressive government regimes to spy on political dissidents, human rights activists, and watchdog journalists. There is essentially no proof that such a closely-guarded spyware has ended up in the hands of everyday scammers.

But the pressure tactics don’t end with Pegasus, as many of these emails include an old (or active) password that a scam target has used in the past. Here, this isn’t some act of advanced hacking. Instead, it is likely that the scammers bought your password from other cybercriminals that obtained them during one of the countless data breaches that hit company after company every week.

When scammers have access to such data, it may also include your physical address. With that knowledge, scammers have increased their threats by simply adding a photograph of your personal neighborhood by looking it up online. For most places in inhabited areas, you can grab such pictures from Google Maps or similar apps.

A Reddit user demonstrated this by finding that such a scammer used an old PO box address. But it’s true that this adds a convincing argument to the claim that the sender has been spying on you.  

As an extra threat the email may include something like:

“Or is visiting [your physical address] a more convenient way to contact if you don’t take action. Nice location btw.”

Implying that they know where you live and threatening to stop by and create a scene.

How to recognize “Hello pervert” emails

Once you know what’s going on it’s easy to recognize these emails. Remember that not all of the below characteristics have to be included in these emails, but all of them are red flags in their own right.

  • They often look as if they came from one of your own email addresses.
  • The scammer accuses you of inappropriate behavior and claims to have footage of that behavior.
  • In the email the scammer claims to have used Pegasus or some Trojan to spy on you through your own computer.
  • The scammer says they know “your password.”
  • You are urged to pay up quickly or the so-called footage will be spread to all your contacts. Often you’re only allowed one day to pay.
  • The actual message often arrives as an image or a pdf attachment. Scammers do this to bypass phishing filters.

How to react to “Hello pervert” emails

First and foremost, never reply to emails of this kind. It may tell the sender that someone is reading the emails sent to that address and they will repeatedly try new and other methods to defraud you.

  • If the email included a password, make sure you are not using it any more and if you are, change it as soon as possible.
  • If you are having trouble organizing your password, have a look at a password manager.
  • Don’t let yourself get rushed into action or decisions. Scammers rely on the fact that you will not take the time to think this through and subsequently make mistakes.
  • Do not open unsolicited attachments. Especially when the sender address is suspicious or even your own.
  • For your ease of mind, turn of your webcam or buy a webcam cover so you can cover it when you’re not using the webcam.

Check your digital footprint

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

How to avoid election related scams

With the US election campaigns at full throttle, scammers have taken a renewed interest in the ways this can be used to defraud people, often using the same tactics legitimate campaigns leverage for support (emails, text messages, phone calls, and social media pleas).

The lure that we have seen the most involves asking people to donate to a campaign. Whether that comes in by mail, text, phone call, or on social media, that money isn’t going to any of the candidates.

Text asking who you are voting for leading to a fake survey
This sender does not care who you want to donate to

If those scam campaigns aren’t directly after your money, they might well be phishing for personal information.

These phishers also use fake surveys pretending to be a volunteer for one of the political parties and will ask you for personal information directly or get on your nerves by engaging in discussions about controversial subjects.

survey site that asks for personal details and credit card information
A survey site that asks for personal details and credit card information

Another method besides surveys are voter registration scams where the scammer poses as an election official and asks you to update your voter registration, or tell you that you can register to vote over the phone. Reminder, here is how you can securely register to vote.

Example voter registration scam
Example voter registration scam courtesy of KrebsOnSecurity

These scams are not only after your personal information but sometimes have the audacity to ask you to pay for completing your voter registration paperwork—something that is never asked in legitimate voter registration.

How to stay safe

Watch out for fake emails

With the increasing use of AI by cybercriminals, it has become more difficult to spot fake emails. Looking for spelling errors is of no use anymore, but a few golden rules still apply to unsolicited emails:

  • Don’t open attachments.
  • Hover over the link(s) in the email. If they are different from the one that is displayed this is a red flag.
  • Don’t let any sense of urgency expressed in the email rush you into a hasty decision.
  • Check the sender’s email address is what you’re expecting. Note: these can be spoofed so this is not a guarantee, but anything that doesn’t look genuine definitely won’t be.

Donate safely

If you decide to sponsor a candidate, do not follow any links provided in text messages, emails, or on social media.

Find the official site for your favorite candidate and follow the instructions there. If you use Google or any other search engine to find the official site, do not click on the links in the sponsored ads. We have found too many cases where these went to false sites.

Ignore text messages

This is an easy one: just ignore them. Honest. Anyone texting me requests out of the blue will find my cold shoulder. Do not even respond, because that will tell them you read the message.

Avoid robocalls

When you receive a call from someone outside your contact list only to hear a recorded message playing back at you, that’s a robocall. Here’s what to do:

  1. Hang up as soon as you realize that it is a robocall.
  2. Don’t follow any instructions or give away personal information. In fact, don’t engage with the call at all.
  3. Report the robocall.
    • If you’ve lost money to a phone scam or have information about the company or scammer who called you, tell the FTC at ReportFraud.ftc.gov.
    • If you didn’t lose money and just want to report a call, use the streamlined reporting form at DoNotCall.gov
    • If you believe you received an illegal call or text, report it to the Federal Communications Commission (FCC).

It’s important to not engage in any conversation or respond to any prompts in order to minimize the risk of fraud. Even the smallest snippets of your voice being recorded can be used in scams against you or your loved ones.

If you have an iPhone, let Malwarebytes intercept your robocalls (by installing our app).

Don’t give away personal information when filling in surveys

Don’t engage in surveys that ask for personal information. And when giving out information remember what they already know about you. How did they contact you? If by email that means they already have your email address and your responses can be combined with the information they already have based on that.

Consider your payment method

There are two major considerations to make when you decide on a payment method for donating to a political campaign.

  • How much of your donation ends up at the right place? Most payment providers charge transaction fees that decrease the amount of the actual contribution, and  the fee amount is not the same for all of them.
  • When making a donation, consider which payment method offers you the best protection. Credit cards are better than debit cards because they offer more protection against things like identity theft and fraud. E-checks are another popular payment option that can be an alternative, but e-checks require your routing number and account number, which could leave you more exposed.

The old-fashioned way of sending a check in the mail is not as popular but covers both transaction fees and security worries. Although for a small amount, the time needed to process them is a new factor.

Always monitor your accounts

Monitoring your account activity is one of the most effective ways to protect yourself from fraud. Especially when you’re in doubt about a recent transaction like a donation that doesn’t sit right in retrospect. The sooner you notice unauthorized activity, the sooner you can intervene and prevent further damage.

Some things you can do are:

  • Daily checks on your account activity through online banking.
  • Many banks offer the opportunity to send you notifications of larger or unusual transactions. Turn those on, preferably by email or text so you’ll see them as soon as possible.
  • When you see something suspicious, notify your financial institution immediately so they can assist you in keeping your money safe.

London’s city transport hit by cybersecurity incident

Transport for London (TfL), the city’s transport authority, is fighting through an ongoing cyberattack. TfL runs three separate units that arrange transports on London’s surface, underground, and Crossrail transportation systems. It serves some 8 million inhabitants of the London metropolitan area.

In a public notice Transport for London stated:

“We are currently dealing with an ongoing cyber security incident. At present, there is no evidence that any customer data has been compromised and there has been no impact on TfL services.

The security of our systems and customer data is very important to us, and we have taken immediate action to prevent any further access to our systems.”

The incident does have some impact though, as TfL took the contactless website for purchasing tickets offline for “maintenance.” This maintenance was not announced earlier though, which they likely would have done under normal circumstances.

The contactless website is used to purchase online tickets, upgrade travelcards (Oystercards), check travel history, and request refunds.

In a short thread on X, TfL said it is working with the National Crime Agency and the National Cyber Security Centre to investigate and respond to the incident.

Tweet1

Hi, thanks for getting in touch. We are working to resolve this as soon as possible. We need to complete our full assessment, but there is currently no evidence that any customer data has been compromised, or impact on TfL services. We are working closely with the

National Crime Agency and the National Cyber Security Centre to respond to the incident. We are continuing to work to assist our customers here in the usual manner. Thanks, SW.

National Crime Agency and the National Cyber Security Centre to respond to the incident. We are continuing to work to assist our customers here in the usual manner. Thanks, SW.

According to security researcher Kevin Beaumont:

“Transport for London have a genuine internal security incident running and are reverting to paper processes.”

Since TfL is keeping rather quiet about the incident it is hard to asses whether this disruption is the result of a ransomware attack or something else.

We’ll keep you posted if we learn more.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.