Shopify is facing a class action lawsuit that could change the way globally active companies can be held accountable

Shopify faces a data privacy class action lawsuit in the US that could change the way globally active companies can be held accountable.

The proposed class action is a revival of a case that had been dismissed by a lower court judge and a three-judge 9th Circuit Court of Appeals panel. But now it’s been brought back after a decision by the full 9th Circuit.

Shopify is a global commerce platform headquartered in Ottawa, Canada. It provides the infrastructure and tools that businesses of all sizes use for retail operations, both online and offline.

To provide these services, Shopify collects personally identifiable information (PII) from buyers, primarily to facilitate and improve their commerce experience. This data includes names, email addresses, phone numbers, shipping and billing addresses, IP addresses, device information, and behavioral data. That is, all the information needed for processing orders, managing payments, shipping products, and communicating with end customers effectively.

With this collection of PII comes responsibility. Shopify acknowledges the data belongs to the users and is collected only to the extent necessary to provide its services. It claims to implement robust security measures to protect this data from unauthorized access and complies with relevant privacy laws such as GDPR.

But Brandon Briskin, a California resident claims Shopify installed tracking cookies on his iPhone without his consent when he bought athletic wear from a retailer, and used his data to create a profile it could sell to other merchants.

The case was at first dismissed after Shopify argued it should not be sued in California because it operates nationwide and did not aim its conduct toward that state.

The dismissal was revoked because the judges found that:

> “Shopify deliberately reached out … by knowingly installing tracking software onto unsuspecting Californians’ phones so that it could later sell the data it obtained, in a manner that was neither random, isolated, or fortuitous.”

A Shopify spokesman told Reuters that the decision makes online retailers vulnerable to lawsuits anywhere and “attacks the basics of how the internet works,” and that it drags entrepreneurs who run online businesses into distant courtrooms regardless of where they operate.

Briskin’s lawyer said the court bolstered accountability for internet-based companies by rejecting the argument that a company is jurisdictionally ‘nowhere’ because it does business ‘everywhere.’

And many US states agreed they need an ability to enforce their own consumer protection laws against companies that avail themselves of local marketplaces through the internet.

The general expectation is that this decision could make it easier for American courts to assert jurisdiction over internet-based platforms. The majority of the 9th Circuit, which includes nine western US states, Guam, and the Northern Mariana Islands, adhered to the “traveling cookie rule” because it “impermissibly manufactures jurisdiction wherever the plaintiff goes.”

**We don’t just report on data privacy—we help you remove your personal information**

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

 Shopify faces privacy lawsuit for collecting customer data 

All Google accounts could end up compromised by a clever replay attack on Gmail users that abuses Google infrastructure.

Cybercriminals are abusing Google’s infrastructure, creating emails that appear to come from Google in order to persuade people into handing over their Google account credentials.

This attack, first flagged by Nick Johnson, the lead developer of the Ethereum Name Service (ENS), a blockchain equivalent of the popular internet naming convention known as the Domain Name System (DNS).

Nick received a very official looking security alert about a subpoena allegedly issued to Google by law enforcement to information contained in Nick’s Google account. A URL in the email pointed Nick to a sites.google.com page that looked like an exact copy of the official Google support portal.

> Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: pic.twitter.com/tScmxj3um6
> 
> — nick.eth (@nicksdjohnson) April 16, 2025

As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did.

Attackers increasingly use Google Sites to host phishing pages because the domain appears trustworthy to most users and can bypass many security filters. One of those filters is DKIM (DomainKeys Identified Mail), an email authentication protocol that allows the sending server to attach a digital signature to an email.

If the target clicked either “Upload additional documents” or “View case”, they were redirected to an exact copy of the Google sign-in page designed to steal their login credentials.

Your Google credentials are coveted prey, because they give access to core Google services like Gmail, Google Drive, Google Photos, Google Calendar, Google Contacts, Google Maps, Google Play, and YouTube, but also any third-party apps and services you have chosen to log in with your Google account.

The signs to recognize this scam are the pages hosted at sites.google.com which should have been support.google.com and accounts.google.com and the sender address in the email header. Although it was signed by accounts.google.com, it was emailed by another address. If a person had all these accounts compromised in one go, this could easily lead to identity theft.

**How to avoid scams like this**

*   Don’t follow links in unsolicited emails or on unexpected websites
*   Carefully look at the email headers when you receive an unexpected mail
*   Verify the legitimacy of such emails through another, independent method
*   Don’t use your Google account (or Facebook for that matter) to log in at other sites and services. Instead create an account on the service itself.

**Technical details**

Analyzing the URL used in the attack on Nick, (https://sites.google.com[/]u/17918456/d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/edit) where /u/17918456/ is a user or account identifier and /d/1W4M_jFajsC8YKeRJn6tt_b1Ja9Puh6_v/ identifies the exact page, the /edit part stands out like a sore thumb.

DKIM-signed messages keep the signature during replays as long as the body remains unchanged. So if a malicious actor gets access to a previously legitimate DKIM-signed email, they can resend that exact message at any time, and it will still pass authentication.

So, what the cybercriminals did was:

*   Set up a Gmail account starting with me@ so the visible email would look as if it was addressed to “me.”
*   Register an OAuth app and set the app name to match the phishing link
*   Grant the OAuth app access to their Google account which triggers a legitimate security warning from no-reply@accounts.google.com
*   This alert has a valid DKIM signature, with the content of the phishing email embedded in the body as the app name.
*   Forward the message untouched which keeps the DKIM signature valid.

Creating the application containing the entire text of the phishing message for its name, and preparing the landing page and fake login site may seem a lot of work. But once the criminals have completed the initial work, the procedure is easy enough to repeat once a page gets reported, which is not easy on sites.google.com.

Nick submitted a bug report to Google about this. Google originally closed the report as ‘Working as Intended,’ but later Google got back to him and said it had reconsidered the matter and it will fix the OAuth bug.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 All Gmail users at risk from clever replay attack 

A list of topics we covered in the week of April 12 to April 18 of 2025

April 18, 2025 - Text scams come in many forms and are an ever increasing threat doing an awful lot of financial, and other, damage

April 17, 2025 - Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited...

April 16, 2025 - A new variant of the hello pervert emails claims that the target's system is infected with njRAT and spoofs the victims email address

April 15, 2025 - Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo

April 14, 2025 - A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

 A week in security (April 12 &#8211; April 18) 

This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans' data.

_This week on the Lock and Code podcast…_

If you don’t know about the newly created US Department of Government Efficiency (DOGE), there’s a strong chance they already know about you.

Created on January 20 by US President Donald Trump through Executive Order, DOGE’s broad mandate is “modernizing Federal technology and software to maximize governmental efficiency and productivity.”

To fulfill its mission, though, DOGE has taken great interest in Americans’ data.

On February 1, DOGE team members without the necessary security clearances accessed classified information belonging to the US Agency for International Development. On February 17, multiple outlets reported that DOGE sought access to IRS data that includes names, addresses, social security numbers, income, net worth, bank information for direct deposits, and bankruptcy history. The next day, the commissioner of the Social Security Administration stepped down after DOGE requested access to information stored there, too, which includes records of lifetime wages and earnings, social security and bank account numbers, the type and amount of benefits individuals received, citizenship status, and disability and medical information. And last month, one US resident filed a data breach notification report with his state’s Attorney General alleging that his data was breached by DOGE and the man behind it, Elon Musk.

In speaking with the news outlet Databreaches.net, the man, Kevin Couture, said:

“I filed the report with my state Attorney General against Elon Musk stating my privacy rights were violated as my Social Security Number, banking info was compromised by accessing government systems and downloading the info without my consent or knowledge. What other information did he gather on me or others? This is wrong and illegal. I have no idea who has my information now.”

Today on the Lock and Code podcast with host David Ruiz, we speak with Sydney Saubestre, senior policy analyst at New America’s Open Technology Institute, about what data DOGE has accessed, why the government department is claiming it requires that access, and whether or not it is fair to call some of this access a “data breach.”

> “\[DOGE\] haven’t been able to articulate why they want access to some of these data files other than broad ‘waste, fraud, and abuse.’ That, ethically, to me, points to it being a data breach.”

Tune in today to listen to the full conversation.

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

 Did DOGE &#8220;breach&#8221; Americans&#8217; data? (Lock and Code S06E08) 

Text scams come in many forms and are an ever increasing threat doing an awful lot of financial, and other, damage

Text scams alone cost US citizens at least $470 million in 2024, according to new data from the US Federal Trade Commission (FTC).

Because many scams go unreported, though, this dollar amount might be considerably more. The FTC illustrated this with a graph comparing the reported losses to the number of reports.

Graph courtesy of FTC

This demonstrates that not only the damage per reported incident went up considerably, but also the total amount of damage. It also implies that a lot of incidents went unreported since we find it hard to believe that the number of scams might have declined—all it takes is a look at any single week in news coverage on Malwarebytes Labs to find stories on new scams, old scams, repeated scams, and the no-good scammers behind them.

**Top 5 text scams**

While scams reach us in many ways, the FTC focused on text scams in their report. This are the five main culprits:

1.  Package delivery problems. These are usually phishing expeditions aimed at the target paying a small amount for a redelivery, but while they are paying, their credit card details or other sensitive data are stolen.
2.  Phony job opportunities. These often come in the form of task scams, but the main story line is that a scammer posing as a recruiter gets the victim to pay for something they “need” to get the job done, or to steal the victim’s personal data.
3.  Fake fraud alerts. The fake alerts come as texts about so-called suspicious activity or about a big purchase the victim didn’t make. These texts often look like they’re from a bank or large retailer. The scammers offer help and then pressure people into moving money out of their accounts to supposedly keep it safe, when in reality it goes straight to the scammers.
4.  Toll fee scams. These attempts come as an unexpected text message linking to a website pretending to belong to one of the US toll authorities, such as E-ZPass. The texts usually create a sense of urgency by telling you there is only a limited time left to act or there will be dire consequences. Typically the scammers are out to steal personal information and/or payment details.
5.  Wrong number scams. An unexpected message that looks innocent enough from someone you don’t know but they act as if they know you. The idea is to get the target to tell them they’ve got a wrong number and with that engage them in a conversation, which may lead to romance scams, pig butchering, or other investment scams.

**Let’s work together to bring the numbers down**

Malwarebytes Mobile Security offers Text Protection, a feature that alerts users about potentially malicious or scam text messages. This feature works by analyzing incoming messages from unknown senders, checking for signs of scams, phishing links, or other malicious content. If a message is flagged, Android users receive a notification, while iOS users have the message deleted.

**iOS**

To enable Text Message Filtering on iOS devices, go to the iOS Settings app and explicitly enable it in the under **Messages > Unknown & Spam**. This is required for iOS to communicate with Malwarebytes about text messages.

**Android**

*   On the Mobile Security dashboard, toggle On Text Protection.
*   Tap Go to settings to grant Malwarebytes permission to alert over other apps.
*   Tap Give permissions, then tap Allow to allow the app to scan your text messages.
*   Once both permissions are granted, the Text Protection feature is active.

It’s also important to report scams. For US Citizens, report to the FTC at ReportFraud.ftc.gov and forward spam messages to 7726 to help your wireless provider spot and block similar messages.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Text scams grow to steal hundreds of millions of dollars 

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited...

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Both vulnerabilities allowed an attacker to bypass the memory protections that would normally stop someone from running malicious code. Reportedly, attackers used them with another unpatched vulnerability or malicious app, and the combination could be used to give them complete control over targeted iPhones.

The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

To check if you’re using the latest software version, go to **Settings** > **General** > **Software Update**. You want to be on iOS 18.4.1 or iPadOS 18.4.1, so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

Update available

**Technical details**

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The zero-day CVEs patched in these updates are:

*   CVE-2025-31200: Processing an audio stream in a maliciously crafted media file may result in code execution due to a memory corruption issue which was addressed with improved bounds checking.
*   CVE-2025-31201: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. This issue was addressed by removing the vulnerable code.

Given that both vulnerabilities were flagged as used in extremely sophisticated attacks and are patched simultaneously, it stands to reason that they were chained for a successful exploitation.

This deserves a bit of an explanation. Apple’s Pointer Authentication (PA) is a hardware security feature designed to detect and prevent tampering with critical pointers (like function addresses or return addresses) in memory. Computers use memory to store and provide information that software programs use as they run.

When creating a pointer (like a return address), the system adds a cryptographic signature (PAC) using secret keys. Before using the pointer, the system checks if the signature still matches.

A memory corruption issue can give an attacker the option to make a change in the device’s memory, but it’s often limited to a very small portion of the memory.

What could have happened here is that the attacker was able to use that ample space to create a pointer that was able to bypass the Pointer Authentication and use this ability to point from a legitimate application to their malicious code.

In the past researchers have already found bypass scenarios for attackers that already have full memory control.

What exactly happened is unknown, because, as a protection against attackers reverse engineering updates to find the vulnerabilities, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.

Which is also why it’s important to update before other criminals are using the same exploits in less targeted and more widespread attacks. To help with this, the Malwarebytes iOS app will guide you through “how to fix” and assist with similar cases in the future.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple patches security vulnerabilities in iOS and iPadOS. Update now! 

Bots now account for half of all internet traffic, according to a new study that shows how non-human activity has grown online.

If you sometimes feel that the internet isn’t the same vibrant place it used to be, you’re not alone. New research suggests that most of the traffic traversing the network isn’t human at all.

Bots (software programs that interact with web sites) have been ubiquitous for years. But in its 2025 Bad Bot Report, application security company Imperva claimed this is the first time traffic from bots became more prevalent than human traffic.

The rise in bots is down to generative artificial intelligence (AI), Imperva said. This is the same technology that now flirts with people online for you and automatically writes heartfelt consolatory emails on behalf of heartless administrators. This tech has made it easier to create bots that do your bidding online. While some of those bots are benign, not all have your best interests at heart.

**The rise of bad bots**

Traffic from “bad bots”—those created with malicious intent—first surpassed good bot traffic in 2016, Imperva’s research said, and it’s been getting worse. Bad bots comprised 37% of internet traffic in 2024, up from 32% the year prior. Good bots accounted for just 14% of the internet’s traffic.

Bad bots do all kinds of unpleasant things. An increasing number try to hijack peoples’ online accounts, which they often do by “credential stuffing.” This is where a bot takes a password and email address that has been stolen and leaked online, and then tries those credentials across a myriad of services in the hope that its owner will have reused the password elsewhere.

These account takeover attacks have skyrocketed lately. December 2024 saw around 330,000 such incidents, up from around 190,000 in December 2023. That could be down to a flood of data breaches that flooded the market with more stolen credentials to try, Imperva said.

Other attacks include scraping data from websites, which is a problem for businesses that don’t want their intellectual property stolen, and also for the individuals who own that data.

Cyber criminals use bots to commit payment fraud by exploiting vulnerabilities in checkout systems. There’s also a thriving business in scalping bots that buy everything from event tickets to new sneakers for high-value resale, denying legitimate customers the opportunity to buy these items for themselves.

The report also found bots targeting specific sectors. The travel industry accounted for 27% of bad bot traffic (the highest by industry) in 2024, up from 21% in 2023. These bots pull tricks such as pretending to book airline seats online and abandoning the purchase at the last minute, which skews seat pricing.

Retail was the second hardest-hit industry in 2024, accounting for 15% of bot traffic, followed by education at 11%.

Bots are also getting better at evading detection. Faking a browser identity (effectively wearing a digital mask that makes them look like Chrome or Firefox) has been a common tactic for years, but now bots are also using other techniques. These include using IP addresses owned by residential users, which are difficult for web site administrators to spot. Bots are also using virtual private networks to cloak their origin.

AI-enabled bots are also getting far better at cracking CAPTCHAs—the tests that help you to pass as a human when accessing a web site. And malicious software developers are now coding bots that learn about the environment they’re up against and change how they approach it to fly under the radar.

Another change is in the method that these bots use to communicate with their targets. Traditionally, bots would often browse a web page directly, interacting with it in the same way that a human would. That’s changing as newer bots communicate directly with the servers running the web application behind the scenes in their own language. They do this using application programming interfaces (APIs), which are communication channels that programs can use to retrieve information from a web application.

As the bots get smarter and more ubiquitous, what can you do? Sadly, fighting bad bots is largely the job of the companies operating the web applications that serve you and use your data. However, there are a couple of things you can do as an individual to protect yourself and the community at large.

*   **Don’t reuse passwords.** Use a different password for every service you use to stop the credential stuffing bots, and make those passwords complex to avoid brute-force attacks. Use a trusted password manager to keep those passwords safe and easily accessible.
*   **Protect your PC.** Install anti-malware software and follow basic cyber hygiene measures. This will help to prevent attackers from compromising your machine and using it for their own online purposes.
*   **Don’t become a proxy.** Attackers might be able to use your IP address as a proxy for their bots if you don’t protect it. Avoid using untrusted VPNs from suspicious sources, as these have been known to sell your IP address on for others to use. Similarly, take a minute to update the hardware on your home router, or ensure that your telecommunications provider does it if the router came from them. Attackers will often compromise vulnerable routers and use them for bot attacks.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Hi, robot: Half of all internet traffic now automated 

A new variant of the hello pervert emails claims that the target's system is infected with njRAT and spoofs the victims email address

In a new version of the old “Hello pervert”  emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems.

Email spoofing basically comes down to sending emails with a false sender address, a method in use in various ways by scammers. Obviously, pretending to be someone else can have its advantages, especially if that someone else holds a position of power or trust with regards to the receiver.

But sending a message to the victim’s from their _own_ email address might convince the victim that they have lost access over their own account.

The text of the email roughly looks like this:

> “As you may have noticed, I sent you an email from your email account
> 
> This means I have full access to your account
> 
> I’ve been watching you for a few months
> 
> The thing is, you got infected with a njrat through an adult site you visited
> 
> If you don’t know about this, let me explain
> 
> The njrat gives me full access and control over your device.
> 
> This means I can see everything on your screen, turn on the camera and microphone, but you don’t know it
> 
> I also have access to all your contacts and all your correspondence.
> 
> On the left half of the screen, I made a video showing how you satisfied yourself, on the right half you see the video you watched.
> 
> With a click of a mouse I can send this video to all your emails and contacts on social networks
> 
> I can also see access to all your communications and messaging programs that you use.
> 
> If you want to avoid this,
> 
> Transfer the amount of 1200 USD to my bitcoin address (“write buy bitcoin or find for bitcoin exchange if you don’t know”)
> 
> My Bitcoin address (BTC wallet): 1FJg6nuRLLv4iQLNFPTpGwZfKjHJQnmwFs
> 
> After payment is received, I will delete the video and you will not hear from me again
> 
> I’m giving you 48 hours to pay
> 
> Do not forget that I will see you when you open the message, the counter will start
> 
> If I see you’ve shared this message with someone else, the video will be posted immediately”

If the victim decides to search for “njrat” they’ll find that it’s a remote access trojan (RAT) has capabilities to log keystrokes, access the victim’s camera, steal credentials stored in browsers, upload/download files, view the victim’s desktop, and more.

Scary stuff, and it supports the claims the scammer makes.

But, as with all sextortion scams, this threat is an entirely empty one. There is more than likely no lurid video, no “njrat,” no list of contacts. Instead, there is just a threat which is meant to drive panic which is meant to drive payment.

When we checked, we were happy to see that the scammers’ Bitcoin wallet is empty, although they could have set up a separate one for each victim.

**How to recognize sextortion emails**

Once you know what’s going on it’s easy to recognize these emails. Remember that not all of the below characteristics have to be included in these emails, but all of them are red flags in their own right.

*   The emails often look as if they came from one of your own email addresses.
*   The scammer accuses you of inappropriate behavior and claims to have footage of that behavior.
*   In the email, the scammer claims to have used “Pegasus” or some Trojan to spy on you through your own computer.
*   The scammer says they know “your password” or compromised your account.
*   You are urged to pay up quickly or the so-called footage will be spread to all your contacts. Often you’re only allowed one day to pay.
*   The actual message often arrives as an image or a pdf attachment. Scammers do this to bypass phishing filters.

**What to do when you receive an email like this**

First of all, even if it’s only to reassure yourself, scan your computer with an anti-malware solution that can detect and remove njRAT (if present).

Second, if your computer is clean, check if your email account has not been compromised. Change the password and enable 2FA if possible.

Don’t respond to the scammer, since that will confirm that the email address is in use and the mail is read. This could invoke more emails from scammers.

Don’t let yourself get rushed into action or decisions. Scammers rely on the fact that you will not take the time to think this through and subsequently make mistakes.

Do not open unsolicited attachments. Especially when the sender address is suspicious or even your own.

For your ease of mind, turn off your webcam or buy a webcam cover so you can cover it when you’re not using the webcam.

 “I sent you an email from your email account,” sextortion scam claims 

Follow me for lucky prizes scams are old fake crypto exchange scams in a new jacket and on a different platform

A type of crypto scam that we reported about in 2024 has ported over to a new platform and changed tactics—a bit.

Where the old scams mostly reached me on WhatsApp, the same group of scammers is now using Direct Messages on X. However, the same old trick of “accidentally” sending you login details to a supposedly well-funded financial account is still being used by at least one cybercriminal gang.

Oops, I’m not Sean

> “Sean, your financial management account has been opened. {account details}. Please keep your accoount password safe and do not share it with anyone.”

What’s interesting is that this tactic, which we reported on previously, is coming from a different group than the one included in previous coverage from last year. That earlier gang has now changed their messaging, including references to “follow” a person through cyberspace.

Follow me

> “Follow me to unlock a lucky prize! Click the link below to claim $500!
> 
> No conditions, just follow me! “

In this version, the scammers will also send you the login details for a fake crypto exchange with access to a healthy wallet.

_2,685,012.00 USDT sounds amazing_

The idea is to give the targets of the scam the impression that they can move that wealth to a wallet of their own. After all, they have the login details for this account. But many others might have those too, since the message was sent to 148 other people. So, you’ll have to hurry and not overthink things too much, right?

Wrong! At some point you’ll find out that you will have to buy a VIP account to transfer the funds to your own account. And that’s what this scam is all about.

****Don’t fall for scammers****

*   Any unsolicited Direct Messages from an unknown person are suspect. No matter how harmless or friendly it may seem. Remember, most pig butchering scams start with what seems a misdirected message.
*   Don’t follow links that reach you in any unexpected way, and certainly not from an untrusted source.
*   If it’s too good to be true, then it probably is.
*   Scammers bank on the fact that the more time and money you have invested, the more determined you will become to get to the desired end result.
*   Use a web filtering app to shield you from known malicious websites, such as Malwarebytes Premium or Malwarebytes Browser Guard.

In light of these campaigns, Malwarebytes products block these domains:

oxlop\[.\]com

bjscx\[\].com

bjtlm\[.\]com

bmstw\[.\]com

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Source

Malwarebytes