Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Cybercriminals are distributing spoofed data-breach notifications that are used to scam unsuspecting recipients and infect their devices with malware.
Fraudsters are using malicious SEO methods, Google sites and spam pages to deceive and scam users, according to a report by Bleeping Computer.
- Antivirus: stay protected when online with the best software
- Best VPN: pick the ideal provider for watertight privacy
- Just in: Millions of wireless security cameras are at risk of being hacked
The crooks have been sending fake data-breach messages from companies like Chegg, EA, Canva, Dropbox, Hulu, Ceridian, Shein, PayPal, Target, Hautelook, Mojang, InterContinental Hotels Group and Houzz.
To spread the fake notifications, the crooks published new web pages and compromised existing sites with terms like “data breach”. These were then picked up by Google Alerts, a service that allows users to track any keyword.
The notifications used subjects like “Target data breach”, “Dropbox data breach” and “Paypal security breach 2020” to get the attention of users. By clicking on any of these links, users would be directed to web pages containing fake giveaways, advertisements for browser extensions and other scams.
In some cases, the notifications weren’t easily identifiable as scams because they displayed “page not found” warnings and text describing fake data breaches.
To avoid falling victims to these scams, don't install any browser extensions, plugins or software that these alerts may suggest. In many case, you'll just be asked to fill out a survey to see the "notification," which is harmless as long as you don't have to give up any personal information.
Thousands of topics
In its investigation, Bleeping Computer also discovered a directory of 2,000 text files that used particular keywords and phrases to appear in Google Alerts. Most of these were created in this past week, but the oldest can be traced back to July 31, 2018.
All of this information has been taken from public sources and is based on questions people have, with topics including software products, DIY, vaping, breeding dogs and hardware.
Another fake message urged people to update their Adobe Flash browser plugins, appeared in Google Chrome and Mozilla Firefox and sent users to a fake iPhone 11 competition.
Jake Moore, a security specialist at ESET, told Tom’s Guide: “Bad actors are increasingly getting better at obfuscating their illicit means. Attackers continue to evolve their tactics into lending a false sense of security on their prey and they are extremely good at this.
"They use well known brands to create a sense of misplaced security manipulating the victims into clicking on malware unbeknownst to them. The answer remains in constant vigilance and not to be so quick to click around on a site even if it is thought to be trusted."
- Read more: Stay protected online for less with the best cheap VPN
