Scam
Fugitive behind $73M ‘pig butchering’ scheme gets 20 years in prison
A dual Chinese and St. Kitts and Nevis national was sentenced to 20 years in prison in absentia for his role in an international cryptocurrency investment scheme (also known as pig butchering or romance baiting) that defrauded victims of more than $73 million. In pig butchering scams, criminals use messaging apps, dating platforms, and social media accounts […]
Cloud storage payment scam floods inboxes with fake renewals
Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. Based on numerous emails seen by GeekFeed, the campaign has escalated over the past […]
Crypto wallets received a record $158 billion in illicit funds last year
Illegal cryptocurrency flows reached a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024. This sharp 145% increase is being reported by blockchain intelligence experts at TRM Labs, who noted that it comes despite the illicit activity share of the total on-chain volume actually falling […]
Convincing LinkedIn comment-reply tactic used in new phishing
Scammers are flooding LinkedIn posts this week with fake “reply” comments that appear to come from the platform itself, warning users of bogus policy violations and urging them to visit an external link. The messages convincingly impersonate LinkedIn branding and in some cases even use the company’s official lnkd.in URL shortener, making the phishing links harder […]
Fake Grubhub emails promise tenfold return on sent cryptocurrency
Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. The emails claimed to be part of a ‘Holiday Crypto Promotion’ and came from an email address on ‘b.grubhub.com’, which is a legitimate subdomain that Grubhub uses to communicate with […]
European authorities dismantle call center fraud ring in Ukraine
European law enforcement authorities dismantled a fraud network operating call centers in Ukraine that scammed victims across Europe out of more than 10 million euros. Authorities from the Czech Republic, Latvia, Lithuania, and Ukraine (supported by Eurojust) arrested 12 suspects out of 45 identified during the investigation. They also seized 21 vehicles, weapons, a polygraph […]
Beware: PayPal subscriptions abused to send fake purchase emails
An email scam is abusing abusing PayPal’s “Subscriptions” billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. Over the past couple of months, people have reported [1, 2] receiving emails from PayPal stating, “Your automatic payment is no longer active.” The email includes a customer service URL field […]
FBI warns of virtual kidnapping scams using altered social media photos
The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. This is part of a public service announcement published today about criminals contacting victims via text message, claiming to have kidnapped a family member and demanding ransom payments. However, as […]
Google expands Android scam protection feature to Chase, Cash App in U.S.
Google is expanding support for its Android’s in-call scam protection to multiple banks and financial applications in the United States. The announcement specifically mentions the addition of fintech app Cash App, which has 57 million users, and the JPMorganChase mobile banking app, which has more than 50 million downloads on Google Play. In-call scam protection is a new feature […]
Malicious NPM packages abuse Adspect redirects to evade security
Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. The purpose of the attack is to lead victims to cryptocurrency scam sites, according to an analysis from researchers at application security company Socket. All malicious packages were published under the developer […]