Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Email Frauds. Show all posts

3 Vital Cybersecurity Threats for Employees

Cybersecurity is no longer just the IT department's job in today's digitally connected society. Protecting confidential firm information is the responsibility of every employee, from the CEO to the newest intern. Cybercriminals are growing more skilled, and their methods are changing. It's crucial that every employee is knowledgeable of potential hazards if your company is to be protected. The following three cyber threats are ones that every employee should be aware of:

1. Phishing Attacks

Phishing attacks are one of the most common and dangerous threats organizations face. Cybercriminals use deceptive emails or legitimate messages to trick employees into revealing sensitive information, such as login credentials or financial data. These emails often contain urgent requests or appear to be from trusted sources. Employees should be cautious and verify the sender's identity before clicking on any links or providing personal information. Regular training on recognizing phishing attempts is crucial in the fight against this threat.

2. Ransomware

Ransomware attacks have been on the rise in recent years. In a ransomware attack, malicious software encrypts an organization's data, rendering it inaccessible. Cybercriminals then demand a hefty ransom to provide the decryption key. Employees should be cautious about downloading attachments or clicking links from unknown sources. Regularly backing up data and keeping software up to date can help mitigate the impact of a ransomware attack.

3. Social Engineering

Social engineering attacks involve manipulating employees into divulging confidential information or performing actions that compromise security. This can involve impersonating colleagues, superiors, or even IT support. Employees should always confirm the identity of individuals making unusual requests, especially those involving sensitive data or financial transactions. Training programs should include simulations of social engineering attacks to prepare employees for real-world scenarios.

Educating employees about these cybersecurity threats is not a one-time effort; it should be an ongoing process. Regular training sessions, email reminders, and updates on emerging threats are essential components of a robust cybersecurity awareness program. Additionally, employees should be encouraged to report any suspicious activity promptly.

A cybersecurity breach doesn't just result in financial losses, keep that in mind. It may damage a company's reputation and undermine client and partner trust. Organizations can greatly minimize their risk and better safeguard their sensitive data by prioritizing cybersecurity knowledge for all employees.

Each employee must be aware of potential dangers because cybersecurity is a shared responsibility. Among the risks that businesses today must deal with include phishing attempts, ransomware, and social engineering. Employees can become a key line of defense in the ongoing fight against cybercrime by remaining alert and knowledgeable.

BEC Attacks: Google Translate Utilized to Scam Organizations in Any Language


Business Email Compromise (BEC) gangs are carrying out payment fraud scams in a more effective manner by utilizing translation tools and machine learning platforms, successfully dispensing fraudulent emails in multiple languages. 

What are Business Email Compromise Groups? 

BEC attacks entail posing as a senior executive or business partner and convincing a corporate target to wire large quantities of cash to a bank account under the attacker's control. 

Successfully launching the international variant of this cyberattack generally requires a lot of time and effort. The target must be sufficiently researched to make phishing lures plausible. Moreover, native speakers must be hired to translate frauds into other languages. Yet this is all changing as threat actors use free online technologies that reduce some of the need for manual work. 

Midnight Hedgehog and Mandarin Capybara are two BEC groups that best represent the trend, according to a research from Abnormal Security published this week. Both use Google Translate, which enables threat actors to quickly create convincing phishing lures in practically any language. 

Moreover, researchers in the study also cautioned that tools such as commercial business marketing services are aiding the success of less-resourced and less-sophisticated BEC attacks. They are mostly used by sales and marketing teams to find "leads," making it simple to locate the best targets regardless of their region. 

The fact that BEC attacks are already lucrative, causing $2.4 billion in damages in 2021 alone, according to the FBI's Crime Report, and the number of BEC attacks is constantly increasing, is bad news for defenders. Volumes are now likely to increase as some of the cost associated with performing them has been eliminated. 

BEC Groups Scale Fast with Translation, Marketing Tools 

Crane Hassold, director of threat intelligence of Abnormal Security in a report noted that Midnight Hedgehog has been since January 2021 and specialises in impersonating CEOs. 

Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Spanish, and Swedish are among the 11 languages that the company has so far identified in two significant phishing emails from the organization. The emails are lacking the simple mistakes that consumers are conditioned to look out for and regard as suspicious thanks to Google Translate's effectiveness. 

"We've taught our users to look for spelling mistakes and grammatical errors to better identify when they may have received an attack[…]When these are not present, there are fewer alarm bells to alert native speakers that something isn't right," the report said. 

Apparently, Midnight Hedgehog has requested payments ranging from $17,000 to $45,000. 

Mandarin Capybara, the second BEC threat organization mentioned in the report, sends emails posing as communications from business executives but with a twist: Paychecks are transferred to a controlled account via direct deposit by contacting payroll. 

Abnormal Security has noted that Mandarin Capybara targets businesses all over the world with phishing lures in Dutch, English, French, German, Italian, Polish, Portuguese, Spanish, and Swedish. However, unlike Midnight Hedgehog, which the report claimed sticks to non-English-speaking victims in Europe, Mandarin Capybara also targets businesses outside of Europe with phishing emails aimed at English speakers in the US and Australia. 

In some instances, they utilized the same tactics of fraudulent email accounts to distribute emails in multiple languages.

The reason why BEC campaigns are still in trend among threat actors is simply how they operate, where their victims receive these messages, deeming them legitimate, and act upon instructions they think are coming from their ‘boss,’ especially when the emails are written with correct grammar and spelling and the sender's signature style. 

"As email marketing and translation tools become more accurate, effective, and accessible, we'll likely continue to see hackers exploiting them to scam companies with increasing success," said Hassold. 

It is that organizations put procedures in place to make sure that large financial transactions are not approved by only one person and that people should be trained to be on the lookout for payment fraud attacks in addition to deploying appropriate cybersecurity tools to help catch BEC attacks. 

"It's important that organizations use email defenses that look for threats in a more holistic matter to be able to prevent more sophisticated BEC attacks. Defenses that simply rely on static or 'known bad' indicators will have a hard time detecting these attacks, which is why tools that leverage behavioral analytics are better equipped to spot more advanced BEC threats," concludes Hassold.    

Ways in Which Online Merchants Scam Customers

When attempting to unsubscribe from an email newsletter that the user never subscribed to, one discovers a jumble of text—some of it practically grayed out—at the bottom of the message, making it virtually impossible to find an 'unsubscribe' link? A 'dark pattern' is a kind of internet design that serves to 'deceive, insinuate, and obfuscate,' as seen in that example.

The web has traditionally been rife with shady activities, from viruses to scams. Harry Brignull, a UX specialist, did not turn shedding light on the deceptive internet strategies even the most well-known brands employ until 2010. Harry coined strategies such as the moniker 'dark patterns' to emphasize how detrimental they may be to the victim's mental and financial health.

According to a Which poll, 45% of respondents said that dark patterns made them feel tricked or annoyed, and 13% said that they had been persuaded to spend more money than they had intended. According to the U.S. Federal Trade Commission, consumers end up spending 20% more money when ticket prices are not disclosed upfront. Additionally, a website's dark designs can persuade you to divulge more information than users are comfortable with.

Ways that internet shopping might lure you into splurging:
  • Free delivery minimums
  • Email reassurance
  • Advertisements with retargeting
  • Discounted loyalty programs
  • Discounts for new clients
  • Discounts dependent on subscription
Dark patterns include tricky questions, adding unwanted items to your online shopping cart, and coercing you into disclosing sensitive information. The world's most popular internet retailer, Amazon, is the one deceiving consumers the most. It employs 11 of the 12 identified forms of dark patterns listed above, some of which have sparked inquiries from the FTC and EU regulators. On the other hand, Walmart, probably Amazon's biggest rival, employs just four.

Even though some expenses might be necessary, being aware of the strategies that merchants employ to increase your purchase will prevent you from falling for them. You must have encrypted internet service to receive highly relevant adverts from businesses, that monitor your online activity across multiple websites. VPN offers the highest level of encryption. Your online activities are all susceptible to being recorded and examined by interested parties without Internet privacy protection.


Companies Use Email Tracking to Spy on Users

 

Opening the email causes the little image to load in your browser or application. When it happens, the image pings the site where it is kept. Google, Outlook, and Apple email clients all have built-in security measures that stop advertisers from following users around with their covert pixels. 

A line of code added to an email message creates a square image measuring 1 pixel by 1 pixel called an email tracking pixel. Since email tracking pixels are frequently transparent and positioned in a covert location in the header or footer of the email, the receiver is not immediately aware that they are there. 

Remarketing pixels, which show user-tailored advertisements across the Internet, are examples of tracking pixels in emails that perform more sophisticated, strategic tasks. 

Users never truly see the tracking graphic for two reasons. It is little, and since it is in GIF or PNG format, the business can keep it transparent and unnoticeable to the unaided eye. 

According to research, by correlating your location and device details, advertisers and other malicious attackers may be able to correlate your email activity with your browser cookies. Hackers can now track you anywhere you go online, link your email address to your internet history, and more because of this, which creates a terrifying scenario. 

How to prevent email tracking 

Even if it prevents you from loading family photos instantly, users must block all images that are included in the email.
  • Ask before viewing external images in Gmail's settings for pictures.
  • Outlook: You want options, options for external image blocking, options for the trust center, and automatic download.
  • Turn on Protect email activities in the privacy section of the iPhone and iPad settings by going to Apple Mail. Alternately, enable IP address concealment and disable all remote content.
Users can also attempt to increase the security of their email experience in another way. Lastly, one should think about routing all of the internet activities through a VPN connection. Users can get a private relay email account that will erase the trackers from the email before users open it. 

Threat Advert is a New Service Strategy Invented by AsyncRAT

 

AsyncRAT is a Remote Access Tool (RAT) that uses a secure encrypted connection to monitor and control other machines remotely. It is an open platform distributed processing tool but it has the potential to be used intentionally because it includes features like keylogging, remote desktop command, and other functionalities that could destroy the victim's PC. Furthermore, AsyncRAT can be distributed using a variety of methods, including spear-phishing, malvertising, exploit kits, and other means. 

Morphisec has detected a new, advanced campaign distribution that has been successfully eluding the radar of several security providers, thanks to the breach prevention using Moving Target Defense technology.

Potential hackers are spreading AsyncRAT to targeted machines with a simple email phishing method with an Html attachment. AsyncRAT is meant to remotely monitor and manipulate attacked systems through a protected, encrypted connection. This campaign ran for 4 to 5 months, with the lowest detection rates according to VirusTotal. 

Victims received the email notification with an HTML attachment in the manner of a receipt: Receipt-digits>.html in many cases. When the victim opens the receipt, users are sent to a webpage where a user must store a downloaded ISO file. The user believes it is a routine file download that will pass via all port and network security scanning channels. Surprisingly, this is not true. 

The ISO download, in fact, is created within the user's browser by the JavaScript code hidden within the HTML receipt file, rather than being downloaded from a remote server. 

To reduce the possibility of infection by AsyncRAT, users must follow the following steps:
  • Updating antivirus fingerprints and engines is a must. 
  • Enable automatic updates to ensure that the operating system is up to date with the most recent security fixes. 
  • Email addresses should not be made public on the internet. 
  • Don't click email attachments with strange-looking extensions. When opening any email attachment, especially the one from unknown senders, proceed with caution.
  • Exercise caution while opening emails with generic subject lines. 

Omicron Test Scam : A Free Test Is Available

 

Cybercriminals send emails containing malicious links and data, according to police sources. When individuals click on such a link or download a file, their system — whether it's a phone or a computer — is compromised, and hackers have access to sensitive data. The government recommended citizens examine the domain name and URL of websites to ensure their validity, and to report any such incidents to the cybercrime.gov.in portal. 

A warning has been issued by the Ministry of Home Affairs (MHA) against cybercriminals about offering free testing to potential victims in order to detect the Omicron variant. TheMHA's cyber and information security branch has issued the following advisory: "Due to the shift in focus to the health crisis, cybercriminals are taking advantage of the weakening of cyber defenses. Cybercriminals are always devising new methods of defrauding citizens. As time goes on, Omicron-themed cybercrime is becoming more prevalent. Cybercriminals are using a variety of strategies to commit cybercrime in order to take advantage of the continuously changing scenario and scam innocent victims."

Hackers in the United Kingdom have already begun to take advantage of the virus by sending out phishing emails offering free COVID-19 testing that claims to detect the new variant. In reality, hackers are attempting to dupe unwary users into divulging their personal data. According to a consumer watchdog group, the scam emails appear to come from the UK's National Health Service. The subject line of one email reads, "Get Your Free Omicron PCR Test - Apply Now to Avoid Restrictions. People who do not consent to a COVID-19 test and refuse to have a swab must be segregated," the email continues, in an attempt to terrify the user into complying. 

Users who fall for the ruse will be directed to a fake NHS website, which will ask for their full name, date of birth, address, phone number, and email address – all of which can be used to commit identity theft. The phishing emails are embellished with official-looking NHS logos by hackers. The scam emails were also received from the address "contact-nhs[AT]nhscontact.com."

COVID19 Vaccine Fraudsters Targeted Health Authorities in 40 Countries

 

INTERPOL has issued a global alert regarding organized criminal organizations approaching governments and peddling COVID-19 vaccinations through fraudulent offers. 

After INTERPOL reported about 60 incidents from 40 nations, the international law enforcement organization sent a warning to all 194 member countries. 

The staff of hospitals and health ministries was targeted, with fraudsters promising to offer COVID-19 vaccinations that had been licensed for distribution in their respective countries. To mislead their victims, the hackers pretended to be executives of vaccine manufacturers or government officials in charge of vaccine distribution. 

To finalize the deal, the fraudsters targeted their victims' work and personal email accounts, as well as tried to contact them over the phone, cold calling, and pitched about fraudulent vaccines. The fraudsters' techniques should raise certain red flags as vaccination purchases are negotiated on a government level or, in the case of the European Union (EU), by a special Joint Negotiation Team.

Vaccine producers also played a key role in drafting the warning, since INTERPOL based it on information supplied by the manufacturers, stressing additional scam strategies such as the use of counterfeit websites and social media profiles. 

The INTERPOL Secretary General Jürgen Stock stated, “As we see with cybercrime, usually it is the private sector which has the most information about attacks and trends, which is exactly what has happened with these attempted vaccine scams. Even when a fraud fails, it is important that it is reported to the police so that potential links can be identified and also, as in the case of the alert INTERPOL has issued, to warn law enforcement about these threats.” 

He further said that with the pandemic still spreading and nations striving to vaccinate their citizens promptly and safely, the vaccine rollout process needed to be safeguarded from the beginning of the production process until the vaccines are distributed. 

An Ongoing Issue

INTERPOL and the Homeland Security Investigations (HSI) of the United States published a joint alert earlier this year advising against the purchase of fraudulent COVID-19 vaccinations and treatments. 

Throughout the COVID-19 pandemic, cybercriminals have been highly active, attacking everyone from ordinary individuals to medical companies and government agencies engaged in the vaccine development, approval, and distribution process.  

Scammers have deployed a series of COVID-19 vaccine-related frauds in the past year, hacked an Oxford University research lab working on strategies to prevent the COVID-19 pandemic, and even hacked the European Medicines Agency and disclosed stolen vaccine papers. 

To avoid being scammed, using a trustworthy security solution with a spam filter is one of the simplest ways to remain secure. If people get an unsolicited email from someone they don't know, they should be extremely cautious and look out for general red flags.