On June 10, as part of its Patch Tuesday, Microsoft, among other problems, fixed CVE-2025-33053 — an RCE vulnerability in Web Distributed Authoring and Versioning (WebDAV, an extension of the HTTP protocol). Microsoft doesn’t categorize it as critical, but three facts suggest it’s worth installing the corresponding patches asap:

• CVE-2025-33053 has a fairly high rating on the Common Vulnerability Scoring System scale — 8.8;
• its exploitation has been detected in the wild;
• Microsoft decided to patch not only modern Windows, but also a number of outdated, no longer supported versions of its operating system.

What is WebDAV and what is the CVE-2025-33053 vulnerability?

At some point in the distant internet-past, users of the net required a tool that would allow them to collaborate on documents and manage files on remote web servers. In answer, a special working group created DAV — a set of extensions to the HTTP protocol. Support for the new protocol was implemented in the default Windows browser — Microsoft Internet Explorer.

Fast-forward to the beginning of 2023, and Internet Explorer was finally decommissioned, but as we’ve already written, the browser is still very much alive. A number of its mechanisms are still used in third-party applications, as well as in the new Microsoft Edge browser. Therefore, attackers continue to search for vulnerabilities that can be exploited using IE. CVE-2025-33053 is one of them. It allows attackers to execute arbitrary code if the victim clicks on a link to a WebDAV server they control. That is, all that is required of the attackers is to convince the victim to follow the link. The exact operating principle of the exploit for this vulnerability has not yet been publicly disclosed, but according to the Check Point researchers who initially found CVE-2025-33053, exploitation occurs through manipulations with the working directory of a “legitimate Windows tool”.

Who can exploit CVE-2025-33053, and how?

Check Point researchers discovered exploitation of this vulnerability in attacks attributed to the Stealth Falcon APT group — known to be operating in the Middle East. However, it’s obvious that after the publication of the research and the update to the system itself, other cybercriminals will try to reverse engineer the patch and create their own exploits as soon as possible. The ease of exploitation and prevalence of the vulnerable browser makes CVE-2025-33053 an ideal candidate for malware delivery — especially ransomware.

How to stay safe?

Windows operating systems should be updated as soon as possible. Microsoft has released patches even for the outdated Windows Server 2012 and Windows 8 (you can find them in the description of CVE-2025-33053). In addition, we recommend using reliable security solutions on all devices used for internet access — they’re able to detect both attempts to exploit vulnerabilities and the launch of malicious code. It also makes sense to regularly raise employee security awareness (for example, using the Kaspersky Automated Security Awareness Platform), because most modern cyberattacks begin with emails or other messages from attackers — who most often use fairly standard tricks.

Kaspersky official blog – ​Read More

Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” 

In this month’s release, none of the included vulnerabilities have been observed by Microsoft being actively exploited in the wild. Out of eleven “critical” entries, nine are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Microsoft Windows Remote Desktop Service, Windows Schannel (Secure Channel), KDC Proxy service, Microsoft Office, Word and SharePoint server. There are two elevation of privilege vulnerabilities affecting Windows NetLogon and Power Automate. 

CVE-2025-32710 is the RCE vulnerability in Windows Remote Desktop Services and is given CVSS 3.1 score of 8.1. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to a use-after-free scenario, and then leveraging this to execute arbitrary code. Microsoft has assessed that the attack complexity is “high,” and exploitation is “less likely.” 

CVE-2025-29828 is an RCE vulnerability in Windows Schannel (Secure Channel), a security support provider (SSP) in the Windows operating system that implements Secure Sockets layer (SSL) and Transport Layer Security (TLS) Protocols. It is part of the Security Support Provider Interface (SSPI) and is used to secure network communications. Microsoft noted that a missing release of memory by Windows Cryptographic Services could trigger this vulnerability, allowing an unauthorized attacker to execute code over a network. An attacker can exploit this vulnerability through the malicious use of fragmented ClientHello messages to a target server that accepts TLS connections. Microsoft has assessed that the attack complexity is “high”, and exploitation is “less likely”.  

CVE-2025-33071 is the RCE vulnerability in Windows KDC Proxy Service (KPSSVC) given CVSS 3.1 score of 8.1. To successfully exploit this vulnerability, an unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Kerberos Key Distribution Center Proxy Service to perform remote code execution against the target. Microsoft has noted that this vulnerability only affects Windows servers that are configured as a Kerberos key Distribution Center (KDC) Proxy Protocol server, and Domain controllers are not affected. Microsoft has assessed that the attack complexity is “high”, and exploitation is “more likely”.  

CVE-2025-47172 is the RCE vulnerability in Microsoft SharePoint server given CVSS 3.1 score of 8.8. Microsoft noted that this vulnerability in Microsoft Office SharePoint is due to improper neutralization of special elements used in a SQL command which would allow an authorized attacker to execute code over a network. To exploit this vulnerability an authenticated attacker in a network-based attack, with a minimum of Site Member permission, could execute arbitrary code remotely on the SharePoint server. Microsoft has assessed that the attack complexity is “low,” and exploitation is “less likely.” 

CVE-2025-47162, CVE-2025-47164, CVE-2025-47167 and CVE-2025-47953 are RCE vulnerabilities in Microsoft Office. The vulnerabilities CVE-2025-47164 and CVE-2025-47953 are “use after free” (UAF) vulnerabilities that occur when Microsoft Office tries to access memory that has already been freed. CVE-2025-47162 is a heap-based buffer overflow in Microsoft Office and the CVE-2025-47167 is a “type confusion” vulnerability which is triggered when Microsoft Office interprets a block of memory as the wrong data type. An unauthorized attacker exploits these vulnerabilities and executes arbitrary code on the victim’s machine. Microsoft has assessed that for CVE-2025-47162, CVE-2025-47164 and CVE-2025-47167, the attack complexity is “low,” and exploitation is “more likely.” For CVE-2025-47953, the attack complexity is “low,” and exploitation is “less likely.”  

Microsoft listed two critical elevations of privilege vulnerabilities. 

CVE-2025-33070 is an elevation of privilege critical vulnerability in Windows Netlogon. An attacker could exploit the vulnerability by leveraging an authentication bypass in the Windows Netlogon service using uninitialized resources. An attacker, by successfully exploiting this vulnerability, could gain domain administrator privileges. Microsoft has assessed that the attack complexity is “high,” and exploitation is “more likely.”  

Microsoft noted that the CVE-2025-47966 is a critical elevation of privilege vulnerability in Power Automate in the Windows OS. Power Automate is a Microsoft tool for automating repetitive tasks and business processes across different applications and services. This vulnerability in Power Automate exposed sensitive information to an unauthorized actor, allowing privilege escalation over a network. Microsoft has reported that this vulnerability with CVSS 3.1 base score of 9.8 has been fully mitigated and no further action is required by the users.  

Talos would also like to highlight the following “important” vulnerabilities as Microsoft has determined that exploitation is “more likely:” 

• CVE-2025-32713 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. 
• CVE-2025-32714 – Windows Installer Elevation of Privilege Vulnerability. 
• CVE-2025-47962 – Windows SDK Elevation of Privilege Vulnerability. 

A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.  

In response to these vulnerability disclosures, Talos is releasing a new Snort ruleset that detects attempts to exploit some of them. Please note that additional rules may be released at a future date, and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Ruleset customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. 

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 55802, 56290, 65030-65043. There are also these Snort 3 rules: 301220, 301250-301255.  

Cisco Talos Blog – ​Read More

Gen Z, or “Zoomers”, are those born between ~1997 and 2012. That’s a 15-year age gap between the oldest and youngest. So what could they possibly have in common? Well, every member of Gen Z is a digital native. They barely remember a time before computers, smartphones, and social media. More than any other generation, Gen Z loves games (especially our own — Case 404 — we hope!), TV shows, and movies. Sometimes, they even shape their identities by constantly connecting with their favorite characters. Naturally, this level of immersion makes them a prime target for malicious actors.

Kaspersky experts have released two reports detailing how cybercriminals target Gen Z through their love of games, movies, TV shows, and anime. Check out the full versions of the first and second reports to dive deeper.

How gamers get attacked

In the one-year period from April 1, 2024, we recorded at least 19 million attempts to distribute malware disguised as games popular with Gen Z. The top three games targeted by these attacks were GTA, Minecraft, and Call of Duty, together accounting for a staggering 11.2 million attempts. So, why are these particular games at the top of both gamers’ and cybercriminals’ lists? We just might know the reason. They’re replayable; that is, players can dive back in any time and still get a fresh experience. Besides, these titles boast massive online communities. Players are constantly creating content, making mods, and searching for cheats and cracked versions.

One of the most common threats facing Gen Z gamers is phishing — where cybercriminals impersonate a trusted entity and tempt players with promises of free in-game rewards to lure them into sharing personal data. Enticing trade offers and easy ways to earn money are some of the most popular tricks used against gamers.

We uncovered a phishing site that looked eerily similar to a legitimate Riot Games campaign. The campaign aimed to blend two different universes: the game Valorant and the animated series Arcane. Players were invited to “spin the wheel” for a chance to win exclusive new skins. In reality, gamers who participated in this “contest” essentially handed over their gaming accounts, banking details, and phone numbers to third parties. Of course, they received no skins in return.

A beautiful background and recognizable characters — what more do you need to fall for a scam?

But it’s not just about scams. In November 2024, our experts from the Global Research and Analysis Team (GReAT) uncovered a campaign where attackers were distributing the Hexon stealer disguised as game installer files. Once installed, this malware attacked gaming platforms; for example, it could extract user data from Steam. On top of that, Hexon targeted messaging apps like Telegram and WhatsApp, and other social media platforms, such as TikTok, YouTube, Instagram, and Discord.

These fake installers flooded gaming forums, chats on Signal and Telegram, Discord channels, and popular file-sharing sites. The cybercriminals promoted the Hexon stealer using a malware-as-a-service model, where some malicious actors provide malware to others — often less tech-savvy ones — for a fee.

Example of attackers’ message in a Discord channel

Interestingly, a short while later, the creator of Hexon announced a rebrand. The stealer was now called “Leet”, and was offered at a 50% discount. Unlike its predecessor, the updated version can bypass sandboxes by checking the infected device’s public IP address and system specifications. If the stealer detects signs of being in a virtual machine, it shuts down immediately.

How movie, TV show, and anime fans get attacked

We dug into some data provided by the Kaspersky Network Security (KSN) — our global threat intelligence network which processes cyberthreat information from every corner of the world. We analyzed the data for the same one-year period starting April 1, 2024, and here’s what we found:

• Netflix was dangled as bait in about 85 000 attacks. That’s nearly 233 times a day.
• Gen Zers aren’t the only ones passionate about anime. Cybercriminals are big fans too, with 250 000 attacks recorded during the reporting period.
• The total number of leaked streaming-service accounts exceeded seven million.

When it comes to the most exploited streaming platforms, alongside Netflix, we found Amazon Prime Video, Disney+, Apple TV+, and HBO Max at the top of the list. Scammers used these brand names in their campaigns throughout the year, with no significant peaks or troughs in popularity. Mostly, they used a classic approach: sending phishing links to fake websites while pretending to represent a streaming platform. The pretexts, however, varied. In some instances, attackers would prompt users to renew their subscriptions or update payment details — only to direct them to a fake site to do so. Such emails often mimicked the streaming service’s official style, making it easy to miss the red flags.

Phishing website imitating the official Netflix page

Beyond just harvesting personal data, these bad actors also distributed various malware. RiskTool was a big one, accounting for around 80% of all attempts. While not malicious on its own, it’s often used in conjunction with other threats, such as miners, helping them conceal their presence in the infected system.

Many of the attacks were designed to steal users’ personal information. We uncovered roughly seven million compromised accounts across Netflix, Amazon Prime Video, Disney+, Apple TV+, and HBO Max. Stolen accounts are typically used by cybercriminals to spread phishing links and malware to more users, or they’re sold off to other malicious actors at a low price.

Anime fans weren’t spared by the digital villains, either. Unsurprisingly so — recent data shows that over 65% of Gen Z watch anime. To gauge just how often attackers targeted fans of Japanese animation, we focused on five popular anime titles: Naruto, One Piece, Demon Slayer, Attack on Titan, and Jujutsu Kaisen. We recorded over 250 000 attack attempts centered around just these five titles. The undisputed leader? Naruto, with over 114 000 attempts.

How Gen Zers can stay cybersafe

Zoomers should protect themselves in the same way as everyone else who enjoys TV shows, games, movies, and anime, and is generally active online. Here’s a short list of the “golden rules” to help protect your accounts, banking details, and devices from prying eyes.

(If you want to learn more about cybersecurity, try your hand as a detective in our new, free browser-game, Case 404. It features three storylines, each showing what can go wrong when you skip out on proper digital hygiene. But for now, let’s get back to those rules.)

• Stick to official sources when downloading games, TV shows, and anime. Seriously, ditch the torrents, sketchy third-party sites, and random links strangers share on forums and in chats. And here’s a heads-up: even official game stores can sometimes get infiltrated by malware. To learn more, read Gamers beware: Trojans have invaded Steam.
• Enable two-factor authentication (2FA) everywhere you can. By the way, tokens can be conveniently stored in Kaspersky Password Manager.
• Remember the adage about a free lunch? Yep — there’s no such thing. Be skeptical of giveaways of skins, cheats, in-game currency, or supposedly leaked episodes of your favorite TV show or anime.
• When you’re paying online, only use virtual cards with spending limits. That way, your main bank account stays safe — even if something goes sideways.
• Use robust security. A security solution will warn you when you’re about to open a phishing website, and help you detect threats in time, even if they’ve already made their way onto your device.
• Read the full reports on attacks targeting Gen Z. The report on movies, TV shows, and anime is here, and the one on gaming attacks can be found here.

The last, but perhaps one of the most important, rules is to stay one step ahead. Subscribe to our Telegram channel to make your online life safer.

How else attackers target Gen Z as well as other demographic groups:

• Arcane stealer instead of Minecraft cheats
• Phishing in Netflix and beyond
• Steam and mirrors: how gamers get duped
• How (not) to play tanks and catch a backdoor
• What happens if you download a cracked program?

Kaspersky official blog – ​Read More

According to OpenLogic’s “State of Open Source” report, 96% of surveyed organizations use open-source solutions (OSS). Such solutions can be found in every segment of the IT market — including infosec tools. And they’re often recommended for building SIEM systems.

At first glance, OSS seems like a great choice. A SIEM system’s primary function is systematic telemetry collection and correlation, which you can set up using well-known data storage and processing tools. Just gather all your data with Logstash, hook up Elasticsearch, build the visualizations you need in Kibana — and you’re good to go! A quick search will even get you ready-made open-source SIEM solutions (often built on the same components). With SIEMs, adapting both data collection and processing to your organization’s specific needs is always key, and a custom OSS system offers endless possibilities for that. Besides, the license cost is zero. However, the success of this endeavor hinges on your development team, your organization’s specifics, how long your organization is willing to wait for results, and how much it’s ready to invest in ongoing support.

Time is money

A key question — one whose importance is consistently underestimated — is how long it’ll take before your company’s SIEM not only goes live but actually starts delivering real value. Gartner data shows that even a fully-featured, ready-made SIEM takes an average of six months to fully implement — with one in ten companies spending a year on it. And if you’re building your own SIEM or adapting an OSS, you should expect that timeline to double or triple. When budgeting, multiply that time by your developers’ hourly rates. It’s also hard to imagine a full-fledged SIEM being  by a single talented individual — your company will need to maintain an entire team.

A common psychological pitfall is being misled by how fast a prototype comes together. You can deploy a ready-made OSS in a test environment in just a few days, but bringing it up to production quality can take many months — even years.

Skill shortages

An SIEM needs to collect, index, and analyze thousands of events per second. Designing a high-load system, or even adapting an existing one, requires specialized and in-demand skills. Beyond just developers, the project would need highly skilled IT administrators, DevOps engineers, analysts, and even dashboard designers.

Another kind of shortage that SIEM builders have to overcome is the lack of hands-on experience needed to write effective normalization rules, correlation logic, and other content that comes out of the box in commercial SIEM solutions. Of course, even that out-of-the-box content requires significant adjustments, but bringing it up to your organization’s standards is both faster and easier.

Compliance

For many companies, having an SIEM system is a regulatory requirement. Those who build an SIEM themselves or implement an OSS solution have to put in considerable effort to achieve compliance. They need to map their SIEM’s capabilities to regulatory requirements on their own — unlike the users of commercial systems, which often come with a built-in certification process and all the necessary tools for compliance.

Sometimes, management might want to implement an SIEM just to “tick a box”, aiming to minimize the expense. But since PCI DSS, GDPR, and other local regulatory frameworks focus on the actual breadth and depth of SIEM implementation — not just its mere existence — a token SIEM system implemented just for show would fail to pass any audit.

Compliance isn’t something you can consider only at the time of implementation. If, during self-managed maintenance and operation, any components of your solution stop receiving updates and reach end-of-life, your chances of passing a security audit would plummet.

Vendor lock-in vs. employee dependence

The second most important reason for organizations to consider an open-source solution has always been flexibility in adapting it to their specific needs, along with avoiding reliance on a software vendor’s development roadmap and licensing decisions.

Both of these are compelling arguments, and in large organizations they can sometimes outweigh other factors. However, it’s crucial to make this choice with a clear understanding of its pros and cons:

• OSS SIEMs can be simpler to adjust for unique data inputs.
• With an OSS SIEM, you maintain complete control over how data is stored and processed.
• The cost of scaling an OSS SIEM primarily consists of prices for additional hardware and the development of required features.
• Both the initial setup and ongoing evolution of an OSS SIEM demand seasoned professionals who are well-versed in both development practices and SOC realities. If the team members who best understand the system leave the company or change roles, the system’s evolution might come to a halt. What’s worse, it gradually becomes less functional.
• While the upfront implementation cost of an OSS SIEM might be lower due to the absence of license fees, this difference often erodes during the maintenance phase. This is because of the continuous, additional expense of qualified staff dedicated solely to SIEM development. Over the long term, the total cost of ownership (TCO) for an OSS SIEM often turns out to be higher.

Content quality

The relevance of detection and response content is a key factor in an SIEM’s effectiveness. For commercial solutions, updates to correlation rules, playbooks, and threat intelligence feeds are typically provided as part of a subscription. They’re developed by large teams of researchers, undergo thorough testing, and generally require minimal effort from your in-house security team to implement. With an OSS SIEM, you’re on your own when it comes to updates: you need to search community forums, GitHub repositories, and free feeds yourself. The rules then require detailed vetting and adaptation to your specific infrastructure, and the risk of false positives ends up being higher. As a result, implementing updates in an open-source SIEM demands significantly more effort from your internal team.

The elephant in the room: hardware

To launch an SIEM, you need to acquire or lease hardware, and depending on the system’s architecture, this expense can vary dramatically. It doesn’t really matter much whether the system is an open-source or proprietary commercial solution. However, when implementing an open-source SIEM on your own, there’s a greater risk of making sub-optimal architectural decisions. In the long run, this translates into persistently high operational costs.

We cover the topic of evaluating SIEM hardware needs in detail in a separate post.

The final tally

While the idea of a fully customizable and adaptable platform with zero licensing fees is highly appealing, there is a significant risk that such a project would demand far more time and effort from your internal development team than an off-the-shelf commercial solution. It may also hinder your ability to quickly adopt new innovations and shift your security team’s focus from developing detection logic and response scenarios to dealing primarily with operational issues. This is why a managed, expert-supported, and well-integrated commercial solution often aligns more closely with a typical organization’s goals of effective risk reduction and predictable budgeting.

Commercial SIEMs enable your team to leverage pre-built rules, playbooks, and telemetry parsers, allowing it to focus on organization-specific projects — such as threat hunting or improving visibility in cloud infrastructure — instead of reinventing and refining basic SIEM features, or struggling to pass regulatory audits with a homegrown system.

Kaspersky official blog – ​Read More

Scammers just can’t stop playing Santa: one day it’s free Telegram subscriptions; another it’s cryptocurrency. This new scam keeps things simple: they’re offering money right off the bat — or, more accurately, sharing a supposedly legal way for you to cash in.

The scammers created a two-minute video in which journ-AI-lists and a celebrity spin tall tales: “Everyone can get compensation. You just need to…” Read on to find out what the scammers are instructing their victims to do, and about the bait they’re using to lure unsuspecting folks into their trap.

The scammers’ modus operandi

This campaign saw scammers create phishing websites to host the video. You won’t find it on YouTube or any other video hosting site (for your safety, we won’t share it here either), because this kind of AI-generated content tends to be taken down in short order. It’s much harder to deal with scam websites — especially when links are distributed via email and messaging apps.

Now for the most interesting part: the video. It looks just like a brand-new Brazilian news segment, but there’s a twist. The news is completely fake — and was “shot” without the journalists’ permission. The scammers used a real news broadcast as the base, overlaying it with AI-generated voiceover and syncing the lip movements to match the new script. In it, AI-generated clones of real journalists weigh in on “violations” by one of the country’s leading banks.

• “Clients see their balances shrink for no reason — or even get wiped out entirely”
• “Accounts are being unjustly frozen”
• “Interest rates on loans are being inflated”

Part of the fake article created by AI for this scam

Once the stage is set, another AI clone takes over. Here, the scammers use the same approach as with the journalists: real video footage, AI-generated voiceover, and lip-syncing to match the new script. An AI-generated copy of a celebrity in Brazil delivers a fiery speech: “For months on end, the bank has repeatedly violated regulations, and now we’re taking decisive, uncompromising action. From this point forward, the bank will be allowed to operate in Brazil only if it pays compensation to every citizen, in the amounts specified.” And — what do you know? — bingo! Suddenly, every Brazilian is entitled to a one-time payout ranging from 1518 to 10 626 Brazilian reals (approximately US$250–2000).

Scam says court ruling guarantees compensation of up to R$10 000

Then the journalist clones return to the screen, supposedly showing a social media post from the bank that “confirms” the statement. But how do you actually cash in? Well, an AI-generated voiceover, set against a video tutorial, explains that all Brazilians need to visit a website “created by the tax authority and the bank”, enter their CPF (the Brazilian taxpayer ID), and calculate their personal compensation amount.

The setup is clear: as soon as the victim finishes watching the video, they’re funneled straight to a specially crafted phishing website, where a quick identity check awaits.

• “What’s your mother’s name?”
• “What’s your date of birth?”
• “You have an overdue insurance payment in the amount of…”

A barrage of questions, and even a voice message generated by AI — now that’s technology at work!

Answer all the questions correctly (not that it really matters — you can type whatever you like), and you’re through to the final stage. You’re told the transaction is practically on its way and the money is about to hit your account, but there’s a snag. You’re required to pay three taxes: a road tax, a transfer tax, and a receipt tax, totaling just 55 Brazilian reals (around $10) — a mere pittance compared to the promised windfall of 7854 reals (roughly $1400). Next, the site asks you to enter your bank card details, confirm your CPF once again, and provide your name, email, and phone number before making the payment. And when those “taxes” are paid… absolutely nothing happens! The money and personal information will go straight to the scammers — and, of course, no one will ever see a payout.

Protecting yourself against payout scams

This scam targets Brazilian residents, but it could easily be adapted to other languages, themes, and continents. By tomorrow, you can bet the scammers will have cooked up a brand-new pretext: government fitness reimbursements, free food, a gas-bill refund, or something else entirely. That’s why it’s crucial to recognize the pattern: there’s always enticing bait (think free giveaways of something valuable), a phishing website, and a fake news report to seal the deal. But how can you spot the catch in videos like these?

• Watch the lips. Then you can spot the AI-generated journalist clones not always opening their mouths correctly. AI still struggles to perfectly sync lip movements with the audio track.
• Watch the facial expressions. Sure, these “news” videos might look convincing in a still frame, but if you look closely at AI-generated footage, you’ll notice how the speaker’s face can suddenly shift or change in unnatural ways.
• Inspect the background and lighting. If the “journalist” is standing in the middle of a field or some other empty space with blurry edges, or the lighting just looks off, chances are you’re looking at an AI creation.

But there’s more!…

Be sure to read Watch the (verified) birdie, or new ways to recognize fakes. In that post, we provide detailed guidance on telling real photos from fakes. If you’re worried that you or your loved ones might accidentally end up on a scam website, install Kaspersky Premium. It automatically blocks access to suspicious links from chat apps and email to keep you safe from phishing. That way, if there’s ever a threat, you won’t even have to worry about spotting fake news yourself.

Remember: following basic safety tips is one of the best ways to steer clear of scammers:

• Avoid entering personal and payment details on suspicious websites. If they’re asking for your date of birth, email, bank details, taxpayer ID, and… which doormat you keep your spare key under, chances are you’re dealing with scammers.
• Just a reminder: there’s no such thing as a free lunch. Be suspicious if someone promises you the world for nothing — even if it seems to be coming from a government official in a video. In fact, be even more cautious if it’s a government official speaking on camera!
• If you have to pay to claim your prize, it’s probably a scam. That’s a classic scammer’s trick: they promise you a huge payout, but only if you pay “a fee”, “tax”, or “shipping” first.
• Avoid clicking suspicious links. As a rule of thumb, consider any link sent to you by strangers to be suspicious by default. But remember, even friends can end up sending scam links — sometimes without even realizing it.

What else are scammers up to?

• SIMulated giveaway on Instagram: the prize is your account!
• You’ve been sent a “gift” — a Telegram Premium subscription
• It’s a gas: how online scammers dupe “investors”
• You found a seed phrase from someone else’s cryptowallet: what could go wrong?
• How to sell your TV without losing your shirt (and banking data)

Kaspersky official blog – ​Read More