Check your phone! Your bank is the target

I’ve got some urgent news you need to pay attention to. The nefarious Xenomorph Android malware I told you about in February is back in full force — and it’s targeting a whopping 100+ banking and crypto apps. Yeah, that’s just about all the major ones.

The Trojan (like the horse) is now even stealthier. The upgraded Xenomorph is launching a fresh assault on Android users — and there’s a tricky way it’s worming in: Through fake updates.

Get out of here, copycat

Xenomorph uses overlays to make you think you’re logging into your banking or crypto app — then uses details you provided to drain your account. You think everything is fine until you find all your money or crypto wiped out.

How is it spreading? This is interesting. Scammers have a new weapon of choice: Sites that fool you into thinking Chrome needs an update. What you end up downloading is a malicious file loaded with malware. 

Guess which apps are in the crosshairs? 

  • We’re talking major players here like Chase, Citi, Bank of America, Capital One, PNC, Santander, TD Bank and Wells Fargo. 
  • On the crypto side, Coinbase, Binance and MetaMask aren’t safe. 

The cherry on top? The overlays this malware uses to trick you can differ based on your physical location. Not a one-trick pony.

Be on high alert, keep your apps updated, and whatever you do, don’t fall for sketchy Upgrade Chrome messages. Always double-check sources and stick with the official Apple App Store and Google Play Store for downloads. 

My words of wisdom: To update your browser, you only need to shut it down and restart. Updates are auto-installed. Don’t trust any site that tells you it’s the place to score the latest version — or tries to convince you that downloading a file is necessary to update your browser.

Stay smart, stay safe and keep those digital shields up! I’ll do my very best to keep you in the loop. Share this critical info you won’t find at the big news sites with someone you care about.

Bank apps — How they know you are YOU

Strong, unique passwords are the least you can do to protect online accounts. Here’s a primer to get you started. While two-factor authentication (2FA) is becoming a common security step for apps and services, some industries have yet to adopt it.

Continue reading

🚨 PSA: Slow down: A 65-year-old woman in Maine lost $23,000 to a scammer posing as Bank of America. The thief tricked her by saying they needed her to share her screen to stop an unauthorized transaction, then they had her complete a wire transfer to “protect” her money. If you get one of these “act now” calls, don’t bite. Hang up and call your bank.

Watch out for this malware that can hijack your email threads

New malware presents a headache for security researchers, as teams often rush to find ways to block them. This would involve reverse-engineering the malware to figure out how it works, its capabilities and dangers to the public.

Continue reading

New rankings: Top 25 companies to work for in the US

The pandemic has changed the way we work. While people have been going back to the office, some jobs have become permanently remote. Offices have moved into smaller spaces and most meetings are still taking place virtually.

Continue reading

This doesn’t make cents: Jeff Drobman got a slew of urgent-sounding Bank of America text messages. The Los Angeles man tried to call the bank but had no signal. He’d been SIM swapped, and hackers stole $21,000 from his BofA account. PSA: Choose facial recognition over 2FA in your banking app, and contact your carrier immediately if your signal suddenly drops.

Beware of this convincing banking scam coming after your password

There’s no doubt in anybody’s mind that phishing scams are on the rise. But as more people become aware of the tactics these scammers are using, the scams themselves become more complicated and harder to detect.

For a perfect example, look no further than the sheer volume of COVID-19 and stimulus scams circulating the web right now. These topical subjects make great bait for victims, and unless you’re paying close attention, it’s easy to get tricked into signing away your personal data. Tap or click here to see how to avoid COVID-19 phishing scams.

Continue reading

Bank of America data breach - was your info exposed?

Of all the institutions that could be hit by a data breach, a bank is undoubtedly one of the worst. Not only are they finance hubs for millions of account-holders, but they also contain sensitive data like loan applications, Social Security numbers and taxpayer information.

Continue reading