Fraudsters recently have started to push fake data breach notifications for big company names to distribute malware and scams. They’re mixing black SEO, Google Sites, and spam pages to direct users to dangerous locations.
Google Alerts helps to spread these fake notifications as the service monitors search results for user-defined keywords. Scammers created pages or used compromised websites to combine “data breach” with well-known brands.
Fake security incidents
BleepingComputer has seen fake breach notifications for companies like Chegg, EA, Canva, Dropbox, Hulu, Ceridian, Shein, PayPal, Target, Hautelook, Mojang, InterContinental Hotels Group, and Houzz. These companies have suffered a data breach at one point in the past.
... ...
