Security News

Scam Spotter launches with practical advice

Avast Security News Team, 5 June 2020

Plus, more news bytes of the week including Sandworm sneak attacks and a SnapTube situation

Last week, Google and the Cybercrime Support Network launched a public service site called Scam Spotter that aims to bring scam awareness and fraud protection to all users, including the least tech-savvy. The site uses an easy-to-read large font and very simple terms to explain scams and describe “three golden rules” every user can follow to protect themselves. The rules guide the user to recognize false urgency, to reach out to the official agency supposedly making the request, and to avoid falling for payment demands. The site also explains the most common ruses found in inboxes today – COVID-19 scams, romance scams, bad news scams, and good news scams. 

According to the website, scammers are expected to steal over $2 billion in 2020. Last year, the FTC reported that consumers lost $1.9 billion to scams, which equates to $3,600 every minute of 2019. Scam Spotter urges victims to report their scam experience to the FTC in order to keep public intelligence as updated as possible. “We all have a part to play in the fight against fraud,” the site proclaims, offering plenty of share buttons for its at-a-glance information.

Avast Security Evangelist Luis Corrons applauds the effort, commenting, “Resources such as Scam Spotter are fantastic to help raise awareness. They offer general tips that enable users to identify these attacks, and in the Quiz section, they can test their abilities. In truth, spotting scams is really easy, at least when you’ve seen similar tricks in the past. You do not need to be a hacker, any user can recognize these tactics.”

NSA warns about Russian group exploiting email flaw

The U.S. National Security Agency (NSA) released an advisory about Russian advanced persistent threat (APT) group Sandworm attacking a vulnerability in the Exim Mail Transfer Agent, which comes preinstalled on certain Linux systems. The exploit allows attackers to install programs, modify data, and and create new accounts. While a patch for the flaw was issued in June 2019, the NSA says the Sandworm team has been attacking unpatched systems since at least August 2019. Dark Reading noted that the advisory is unusual and possibly indicates a substantial threat is at large, particularly during the U.S. election year.

This week’s quote

“Unless the population is properly educated about this solution and the app is executed properly, the general population may be hesitant to opt in.” – CyberGRX privacy and cybersecurity analyst Caitlin Gruenberg on hesitations around using Apple/Google contact tracing apps. Read more here.  

Malicious SnapTube installed on tens of millions of devices

A Forbes report this week warned that any users who have the malicious app SnapTube on their devices should delete it immediately. The video downloading app has been a known defrauder since October 2019, when security researchers discovered that it conducted devious background activity such as advertising click fraud and signing users up for premium subscriptions. Chinese parent company Mobiuspace responded to the researchers’ data by blaming a third party called Mango SDK, which they promised would be removed from the next update. However, between January and May this year, researchers have observed over 32 million more malicious SnapTube transactions.

This week’s stat

$1.2 trillion

That’s how much U.S. organizations lost due to data breaches in 2019, according to a new report

Most users do not change their passwords after a data breach

Carnegie Mellon CyLab presented a study at IEEE 2020 that used web browser traffic to trace the natural habits of 249 users and observe how they dealt with data breaches. Of the 269, only 63 had their accounts involved in a data breach during the study. Researchers saw that of those 63, only 15 visited the breached site to change their passwords within 3 months of the announcement of the breach. Another 6 visited the breached site to change their passwords after 3 months had passed. Of the full 21 users who changed their passwords, only a third changed them to something more complex. The rest changed their passwords with replacements of equal or lower security.

Attackers add auctioning to their ransomware campaigns 

Mere months after ransomware attackers began posting stolen data publicly to pressure victims into paying the ransom, they have added a new tactic to increase pressure – the threat of auctioning off the information. Ars Technica reported that two such auctions are currently being advertised on the dark web, one for more than 10,000 files from a food distributor and one for more than 22,000 files from a Canadian agriculture company. Ars Technica suggests that while the ransomware remains a popular attack method, perhaps the new high-pressure tactics indicate that attackers are having problems getting victims to pay.

This week’s ‘must-read’ on The Avast Blog

Looking for tips on how to clean up your digital life before summer rolls around? We’ve got 5 great ones for you.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.