Author: ravencybersec_r7bgbo

This week on the Lock and Code podcast…

Google is everywhere in our lives. It’s reach into our data extends just as far.

After investigating how much data Facebook had collected about him in his nearly 20 years with the platform, Lock and Code host David Ruiz had similar questions about the other Big Tech platforms in his life, and this time, he turned his attention to Google.

Google dominates much of the modern web. It has a search engine that handles billions of requests a day. Its tracking and metrics service, Google Analytics, is embedded into reportedly 10s of millions of websites. Its Maps feature not only serves up directions around the world, it also tracks traffic patterns across countless streets, highways, and more. Its online services for email (Gmail), cloud storage (Google Drive), and office software (Google Docs, Sheets, and Slides) are household names. And it also runs the most popular web browser in the world, Google Chrome, and the most popular operating system in the world, Android.

Today, on the Lock and Code podcast, Ruiz explains how he requested his data from Google and what he learned not only about the company, but about himself, in the process. That includes the 142,729 items in his Gmail inbox right now, along with the 8,079 searches he made, 3,050 related websites he visited, and 4,610 YouTube videos he watched in just the past 18 months. It also includes his late-night searches for worrying medical symptoms, his movements across the US as his IP address was recorded when logging into Google Maps, his emails, his photos, his notes, his old freelance work as a journalist, his outdated cover letters when he was unemployed, his teenage-year Google Chrome bookmarks, his flight and hotel searches, and even the searches he made within his own Gmail inbox and his Google Drive.

After digging into the data for long enough, Ruiz came to a frightening conclusion: Google knows whatever the hell it wants about him, it just has to look.

But Ruiz wasn’t happy to let the company’s access continue. So he has a plan.

 ”I am taking steps to change that [access] so that the next time I ask, “What does Google know about me?” I can hopefully answer: A little bit less.”

Tune in today to listen to the full episode.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium Security for Lock and Code listeners.

Read More

This week on the Lock and Code podcast…

Google is everywhere in our lives. It’s reach into our data extends just as far.

After investigating how much data Facebook had collected about him in his nearly 20 years with the platform, Lock and Code host David Ruiz had similar questions about the other Big Tech platforms in his life, and this time, he turned his attention to Google.

Google dominates much of the modern web. It has a search engine that handles billions of requests a day. Its tracking and metrics service, Google Analytics, is embedded into reportedly 10s of millions of websites. Its Maps feature not only serves up directions around the world, it also tracks traffic patterns across countless streets, highways, and more. Its online services for email (Gmail), cloud storage (Google Drive), and office software (Google Docs, Sheets, and Slides) are household names. And it also runs the most popular web browser in the world, Google Chrome, and the most popular operating system in the world, Android.

Today, on the Lock and Code podcast, Ruiz explains how he requested his data from Google and what he learned not only about the company, but about himself, in the process. That includes the 142,729 items in his Gmail inbox right now, along with the 8,079 searches he made, 3,050 related websites he visited, and 4,610 YouTube videos he watched in just the past 18 months. It also includes his late-night searches for worrying medical symptoms, his movements across the US as his IP address was recorded when logging into Google Maps, his emails, his photos, his notes, his old freelance work as a journalist, his outdated cover letters when he was unemployed, his teenage-year Google Chrome bookmarks, his flight and hotel searches, and even the searches he made within his own Gmail inbox and his Google Drive.

After digging into the data for long enough, Ruiz came to a frightening conclusion: Google knows whatever the hell it wants about him, it just has to look.

But Ruiz wasn’t happy to let the company’s access continue. So he has a plan.

 ”I am taking steps to change that [access] so that the next time I ask, “What does Google know about me?” I can hopefully answer: A little bit less.”

Tune in today to listen to the full episode.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium Security for Lock and Code listeners.

Read More

We regularly warn our readers about new scams and phishing texts. Almost everyone gets pestered with these messages. But where are all these scam texts coming from?

According to an article in The Wall Street Journal:

“It has become a billion-dollar, highly sophisticated business benefiting criminals in China.”

In particular, the number of toll payment scam messages has exploded, rising by 350% since January 2024—allegedly, a record 330,000 such messages were reported in a single day. But we’ve also highlighted recent SMS-based scams around New York’s inflation refund program and texts from a fake Bureau of Motor Vehicles trying to steal your banking details.

Toll, postage, and refund scams might look different on the surface, but they all feed the same machine, each one crafted to look like an urgent government or service message demanding a small fee. Together, they make up an industrialized text scam ecosystem that’s earned Chinese crime groups more than $1 billion in just three years.

In a bid to tackle the problem, Project Red Hook combines the power of the US Homeland Security Investigations (HSI) with law enforcement partners and businesses to raise awareness of how Chinese organized crime groups are exploiting gift cards to launder money.

The texts are sent out in bulk from so-called SIM farms, a setup where many mobile SIM cards are placed into a rack or special device, instead of inside phones. This device connects to a computer and lets someone send thousands of text messages (or make calls) automatically and all at once. It’s reported that the SIM farms are mostly located in the US, and set up by workers who have no idea they are assisting a fraud ring.

The main goal of these scams is to steal credit card information, which is then used at the victim’s expense in a vast criminal network.

Criminals bypass multi-factor authentication (MFA, or 2FA) by adding stolen cards to mobile wallets, knowing that banks often trust the device after its first use and don’t ask for further checks. They install stolen card numbers onto Google Pay and Apple Wallets in Asia and share access to those cards with people in the US. Gig workers and money mules then use the stolen card details to buy high-value goods such as iPhones, clothes, and especially gift cards. They ship these goods to China, where criminal rings sell them and funnel the profits back into their operations.

The criminals find the people willing to make purchases through Telegram channels. On any given day, scammers employ 400 to 500 of these mules. They are paid around 12 cents for every $100 gift card they buy, according to an assistant special agent in charge at HSI.

So, with the aid of SIM farms and money mules in the US, Chinese gangs have turned text message scams into an industrial-scale operation targeting Americans. They use tech tricks and international collaboration to make over a billion dollars—much of it via toll and shipping payment scams—and launder the proceeds through digital wallets and gift cards.

Security tips

The best way to stay safe is to make sure you’re aware of the latest scam tactics. Since you’re reading our blog, you’re off to a good start.

• Never reply to or follow links in unsolicited tax refund texts, calls, or emails, even if they look urgent.
• Never share your Social Security number or banking details with anyone claiming to process your tax refund.
• Go direct. If in doubt, contact the company through official channels.
• Use an up-to-date real-time anti-malware solution, preferably with a web protection component.

Pro tip: Did you know that you can submit suspicious messages like these to Malwarebytes Scam Guard, which instantly flags known scams?

We don’t just report on scams—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

Read More

Last week on Malwarebytes Labs:

• Prosper data breach puts 17 million people at risk of identity theft
• Under the engineering hood: Why Malwarebytes chose WordPress as its CMS
• Video call app Huddle01 exposed 600K+ user logs
• Mango discloses data breach at third-party provider
• Roku accused of selling children’s data to advertisers and brokers
• TikTok scam sells you access to your own fake money
• Scammers are still sending us their fake Robinhood security alerts
• Satellites leak voice calls, text messages and more
• AI-driven scams are preying on Gen Z’s digital lives​
• Pixel-stealing “Pixnapping” attack targets Android devices
• Researchers break OpenAI guardrails
• Phishing scams exploit New York’s inflation refund program

Stay safe!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Read More