Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Email Phishing. Show all posts
Sextortion Scam
Cyber Attacks Cyber Awareness Email Fraud Email Phishing Email Spoofing Online Security Personal Data Phishing Scams Sextortion Scam

How to Protect Yourself Against Phishing Extortion Scams Involving Personal Data

 

Imagine receiving an email with a photo of your house, address, and a threatening message that seems ripped from a horror movie. Unfortunately, this is the reality of modern phishing scams, where attackers use personal information to intimidate victims into paying money, often in cryptocurrency like Bitcoin. One victim, Jamie Beckland, chief product officer at APIContext, received a message claiming to have embarrassing video footage of him, demanding payment to keep it private. 

While such emails appear terrifying, there are ways to verify and protect yourself. Many images in these scams, such as photos of homes, are copied from Google Maps or other online sources, so confirming this can quickly expose the scam. To check if an image is pulled from the internet, compare it to Google Maps street views. Additionally, always scrutinize email addresses for legitimacy. Cybersecurity expert Al Iverson from Valimail advises checking for any small variations in the sender’s email domain and examining SPF, DKIM, and DMARC authentication results to determine if the email domain is real. 

Be cautious if a message appears to come from your own email address, as it’s often just a spoofed sender. Links in phishing emails can lead to dangerous sites. Founder of Loop8, Zarik Megerdichian, recommends extreme caution and encourages reporting such scams to the Federal Trade Commission (FTC). Monitoring your financial accounts, disputing unauthorized charges, and updating or canceling compromised payment methods are other essential steps. To reduce vulnerability, it’s wise to change your passwords, set up a VPN, and isolate your network. Yashin Manraj, CEO of Pvotal Technologies, suggests transferring critical accounts to a new email, informing your family about the scam, and reporting it to law enforcement, such as the FBI, if necessary. 

One of the best defenses against these types of scams is to control your data proactively. Only share essential information with businesses, and avoid giving excessive details to online services. Megerdichian emphasizes the importance of asking whether every piece of data is truly necessary, as oversharing can open the door to future scams. 

With these strategies, individuals can better protect themselves from extortion phishing scams. It’s crucial to stay vigilant and avoid interacting with suspicious emails, as this will help shield you from falling victim to increasingly sophisticated cyber threats.
Read more »
Phishing Attack
Bitcoin Cyber Attacks data security Email Phishing Email scam FTC Phishing Attack

Protect Yourself from Phishing Scams Involving Personal Data and Bitcoin Demands

 

A new phishing scam is emerging, where hackers send threatening emails to people with personal details like images of their homes and addresses. This scam tricks recipients into believing their privacy is compromised, urging them to pay money or Bitcoin to avoid exposure. According to cyber expert Al Iverson, scammers often use public sources like Google Maps and data from previous breaches to craft these threatening messages. He recommends confirming any images on Google Maps and checking email legitimacy to ensure the message isn’t a scam. 

One victim, Jamie Beckland, shared his experience, revealing that the scammers falsely claimed to have video evidence from spyware on his computer. Beckland, like others, was targeted with demands for Bitcoin in exchange for silence. Fortunately, by cross-referencing the address and photo in the email with Google Maps, he realized the threat wasn’t credible. To avoid falling for such scams, it’s critical to scrutinize email addresses and domains. Iverson advises checking SPF, DKIM, and DMARC results, which help verify the sender’s legitimacy. Scammers often spoof email addresses, making them appear familiar, but most don’t actually have access to sensitive data—they’re simply trying to scare people into paying. 

Zarik Megerdichian, founder of Loop8, strongly warns against clicking any unfamiliar links in these emails, especially those related to payments. Bitcoin and similar transactions are irreversible, making it crucial to avoid engaging with scammers. If you suspect financial information is at risk, Megerdichian advises reporting the incident to the Federal Trade Commission (FTC) and closely monitoring your accounts. Yashin Manraj, CEO of Pvotal Technologies, recommends changing passwords immediately if you suspect your data has been compromised. Moving sensitive accounts to a new email address can provide added protection. He also suggests notifying local authorities like the FBI, while ensuring that family members are informed of the scam to prevent further risks. 

Lastly, Manraj emphasizes that you should never engage with scammers. Responding to emails only increases your vulnerability, adding your information to target databases. To further protect yourself, isolating your home network, using a VPN, and avoiding public forums for help are essential steps in safeguarding your information from potential future attacks. These phishing scams, though threatening, rely on fear and manipulation. By taking steps to verify email legitimacy, securing your accounts, and staying cautious, you can avoid falling victim to these tactics.
Read more »
Proofprint
Black Basta Ransomware Cyber Attacks CyberCrime Data Theft Email Phishing Email scam email security Hacekrs NTLM Proofprint

New Email Scam Targets NTLM Hashes in Covert Data Theft Operation

 


TA577 has been identified as a notorious threat actor who orchestrated a sophisticated phishing campaign, according to researchers at security firm Proofpoint. Currently, the group is utilizing a new method of phishing involving ZIP archive attachments. This tactic is geared towards pilfering the hash data of NT LAN Manager (NTLM) users.

According to our investigation, this group is utilizing a chain of attacks aimed at stealing authentication information from the NT LAN Manager (NTLM) system. It would be possible to exploit this method for obtaining sensitive data and facilitating further malicious activity if this method were to be exploited. 

By using booby-trapped email attachments containing booby-trapped NTLM hashes to steal employees' NTLM hashes, a threat actor that is known for establishing initial access to organizations' computer systems and networks is using these attachments to steal employees’ hashes. Earlier this week, enterprise security firm Proofpoint published a report that suggested that the new attack chain "is capable of gathering sensitive information and facilitating follow-on activities." 

As reported by the company, at least two phishing campaigns have utilized this approach since February 26, 2024, when thousands of messages were distributed worldwide and hundreds of organizations were targeted. As an initial access broker (IAB), TA577 has previously been associated with Qbot and has been linked to Black Basta ransomware infections. 

The phishing waves spread thousands of messages around the world and targeted hundreds of organizations. The email security company Proofpoint reported today that although it has seen TA577 favouring Pikabot deployment in recent months, two recent attacks indicate that TA577 has taken a different approach to the attack. 

A group called TA578, which has been linked with the Qbot malware campaign and the Black Basta ransomware campaign, is one of the first access brokers. Recently, it has demonstrated an increasing interest in exploiting authentication protocols despite its previous inclination toward deploying Pikabot malware. 

NTLM hashes are a cornerstone of the security of Windows systems for authentication and session management. Attackers are extremely interested in these hashes as they are potentially useful in offline password cracking and in pass-the-hash attacks, which do not require actual passwords to gain access to services but instead use hashes as shortcuts. 

A technique known as thread hijacking, by which the attackers craft phishing emails that seem like legitimate follow-up emails to ongoing conversations, is used by the attackers. There is a malicious external server that is used to capture NTLM hashes, as these emails contain personalized ZIP files with HTML documents. When opened, these malicious servers start connecting to a malicious external server that has been set up specifically to capture these hashes. 

TA577 likely has the resources, time, and experience to iterate and test new delivery methods at the rate at which it adopts and distributes new tactics, techniques, and procedures (TTPs). TA577, along with other IABs, seems to be on top of the threat landscape and understands when and why certain attack chains cease to be effective. 

To increase the effectiveness and likelihood of victim engagement with their payload delivery and bypass detections, they will be able to create new methods to bypass detections and make use of them as quickly as possible. Researchers at Proofpoint have also noticed an increase in the use of file scheme URIs to direct recipients to external file shares such as SMB and WebDAV for the delivery of malware. To prevent exploits identified in this campaign, organizations should block outbound SMBs to prevent these sophisticated attacks. 

While restricting guest access to SMB servers is a simple security measure, it falls short of preventing these sophisticated attacks. The company advises that strict email filtering be implemented, outbound SMB connections should not be allowed, and Windows group policies should be activated to minimize the risk. 

To combat these types of NTLM-based threats effectively, Microsoft has introduced advanced security features into Windows 11 to help users. It is important to maintain constant vigilance and take strong security measures to prevent phishing attacks targeting the NTLM authentication protocol. For organizations to remain safe from sophisticated cybercriminal endeavours, they must stay abreast of emerging threats and adjust their defences to keep up with the rapidly evolving threats.
Read more »
UK Government
Action Fraud Cyber Crime Email Fraud Email Phishing Life Insurance UK Government

Rise in Fake Life Insurance Emails, Action Fraud Warns

 


Over the past few weeks, a surge in fraudulent emails impersonating reputable life insurance companies has prompted over 800 reports to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. The scam emails are cleverly crafted to appear genuine, but they contain malicious links leading recipients to harmful websites designed to steal personal and financial information.

To help the public follow through this growing threat, Action Fraud has provided guidance on handling suspicious messages. Recipients are advised to independently verify the authenticity of an email by contacting the alleged sending organisation directly, using official contact details obtained from the organisation’s official website. This precaution is crucial, as scam emails often provide fake contact information that leads directly back to the fraudsters.

Action Fraud emphasises that legitimate banks and official sources will never request personal information via email, a tactic frequently employed by scammers to harvest sensitive data. To further combat these fraudulent activities, the public is encouraged to forward any suspicious emails to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk. This service plays a pivotal role in the UK’s defence against the growing threat of email-based fraud, providing the government with a means to track and respond to these malicious activities.

In response to the increasing number of these incidents, it is essential for individuals to remain a step ahead and take proactive measures to protect themselves from falling victim to such scams. Understanding that fraudulent emails pose a significant threat, the public is urged to exercise caution and follow the provided guidance to verify the legitimacy of any communication from financial institutions or life insurance companies.

This warning comes as scammers continue to adapt and refine their tactics to exploit unsuspecting individuals. Action Fraud stresses the importance of public awareness and education to counter these evolving threats effectively. By disseminating this information through official channels, such as news blogs and other media outlets, the hope is to empower individuals with the knowledge needed to recognise and avoid falling prey to such scams.

As a responsible member of the online community, everyone has a role to play in staying informed and helping others stay safe from cyber threats. By adhering to the guidance provided by Action Fraud and reporting suspicious emails promptly, individuals can contribute to the collective effort to combat fraudulent activities and protect personal information from falling into the wrong hands.

Action Fraud's guidance provides a valuable resource for individuals to navigate these potential threats effectively, and the public is encouraged to remain vigilant and report any suspicious emails to contribute to the ongoing efforts against email-based fraud.



Read more »
uber
AFP Cyberattacks Cybersecurity data threat Email Phishing Privacy uber

Uber's Costly Mistake: AUS$412,500 Fine for Spam Emails in Australia

 


There are many services offered by Uber Technologies, Inc., commonly known as Uber, which is a multinational company that offers a wide array of services, like ride-hailing, food delivery, and freight transportation, to its customers. 

Founded in California, the company is located in around 70 countries around the world, providing its services in over 10,500 cities around the globe, from its headquarters in San Francisco. On a global scale, Uber brings together more than 6 million active drivers and couriers daily, which gives the app an extremely high user base, with more than 131 million active users every month. 

The platform facilitates an estimated 25 million trips on a typical day, which is a record for the platform. The United States' largest ride-sharing company, Uber, has played a significant role in enabling a remarkable 42 billion trips since its establishment in 2010. Uber has also made a significant contribution to enabling a large share economy through opportunities such as the sharing economy. 

AFP reported that Uber was fined Aus$412,500 ($260,000) by Australian Communications and Media Authority (ACMA) for sending more than two million emails to customers in violation of anti-spam laws, as the company had violated anti-spam laws by sending over two million emails.  

There was a bulk email campaign distributed in January that marketed a new service that delivered alcohol to people at their homes. Furthermore, the company did not provide the option for customers to unsubscribe from the mailing list. Further, over 500,000 emails were sent to recipients who previously indicated that they did not want to receive marketing emails from us in the future. 

There are explicit laws in the Australian laws that prohibit companies from sending marketing emails without receiving the express consent of the recipient. Additionally, these laws require that the email recipients be provided with a clear option to unsubscribe from these mailings.

It has been noted that Nerida O'Loughlin, the chair of the ACMA, described Uber's actions as an 'avoidable error' and that the importance of respecting the preferences of customers cannot be overstated, given that customers are becoming increasingly frustrated when their requests are not met. 

As a response to these violations, Uber has apologized for sending these marketing emails, admitting that they had made an error in sending these emails. According to their apology, Uber acknowledged that they had made an error in this regard as well. 

According to ACMA reports, over the past 18 months, the total amount of penalties and fines paid by Australian businesses for violating spam and telemarketing laws has been over Aus$11 million. Accordingly, Uber has been fined an amount of Australian dollars 412,500 (equivalent to US dollars 260,000) in response to these violations. 
Read more »
Interpol
16shop Amazon ASEAN Cyberattacks CyberCrime Cybersecurity Data Breach Electronic Media Email Phishing Interpol

Notorious Global Phishing Platform Neutralized in Cross-Border Operation

 


There were arrests made of two alleged operators of the phishing-as-a-service platform "16shop" by INTERPOL in Indonesia and Japan after the agency carried out a successful investigation into the scheme, which was outsourced. 

A research project that investigated cyber threats in the ten-nation Association of Southeast Asian Nations (ASEAN) bloc revealed on Tuesday that 16shop, which the international police co-operation organization described as a vendor of "phishing kits" sold to cyber criminals, was able to detect its existence as part of the research project investigating cyber threats in the bloc. 

To defraud Internet users with email scams, the PaaS platform in use sells phishing kits to hackers to use to defraud them by sending an email with a pdf or a link that redirects the victim to a website that asks them for various personal information such as their credit card number. After these details have been stolen, they are used to steal money from victims by stealing their personal information. 

Known as phishing, this form of cyberattack is committed by impersonating a legitimate entity through a form of communication such as email, a phone call, or a text message, with the intent of obtaining sensitive information from the victim. Several cyber threats are prevalent around the world, including phishing. Up to 90 per cent of data breaches are thought to be attributable to successful phishing attacks, making it one of the most common ways to acquire credentials and steal data from victims. 

As reported by Interpol, 16shop sells phishing kits to hackers, whose aim is to covertly scam internet users with the help of these kits. In most cases, these scams involve sending emails that contain PDF files or links that redirect users to a website as the result of the sender's mistake. A site like this would then ask its victims for their credit card numbers or other sensitive information, such as Social Security numbers. 

A joint operation against 16Shop was carried out with the assistance of the cyber crime department of the INTERPOL General Secretariat, Indonesian authorities, Japanese authorities, and US authorities. Several private infosec firms participated in the conference, and these included the Japan Cyber Defense Institute, Singapore's Group-IB, Palo Alto Networks' Unit 42, and Trend Micro, as well as Cybertoolbelt, an investigation platform for cybercrime. 

Over 70,000 users in 43 countries have reportedly been compromised as a result of the hacking tools supplied by 16shop. In an interview with The Jakarta Post, brigadier general Adi Vivid Agustiadi Bachtiar, the director of the Indonesian National Police Cybercrime Investigation, stated that anyone can launch phishing attacks by simply clicking on their mouse. 

A cybercrime expert, Bernardo Pillot, said there has been an "unprecedented increase" in the sophistication and number of cyber threats as a result of cybercrime operations at Interpol. Moreover, of late there has been an increase in “customized” attacks as criminals are looking for the highest impact as well as the highest profit from their crimes. 

There is a strong indication that the platform is administrated from a country in Indonesia, according to law enforcement. They seized electronic items, as well as several luxury vehicles, during the arrest of a 21-year-old man. A couple of other platform facilitators were also arrested after the first arrest was made by law enforcement officers. 

A police investigation was launched by the National Police Agency of Japan and the Indonesian National Police shortly after the successful apprehension of the administrator which led to the identification of two facilitators and their arrest by both agencies. 

Group-IB, a Singaporean infosec outfit, had analyzed 16Shop, the e-commerce platform for phishing kits, and the outfit was able to assert that over 150,000 phishing domains had been created as a result of using the outfit's kits. Information security firm Earthlink believes that the kits in question have been traded on the underground cybercriminal market since as far back as November 2017, at prices ranging from $60 up to $150 for each kit. 

According to the group, phishing pages targeting the users of American Express were offered for $60, and fake Amazon pages mocking Amazon were offered for $150, which are both targeted at American Express users, respectively. With the help of the kits, putative victims were able to see content localized to their location based on eight languages. 

It was necessary to have global collaboration since many of the operations of the phishing-as-a-service vendor were hosted on servers owned and run by a US-based company to operate efficiently. To provide Indonesian investigators with the information they needed, the FBI helped to secure it.
Read more »
Reddit
Black Cat Data Breach Email Phishing Encryption Identity Theft Law Enforcement Password Hashing Reddit

Reddit Braces for Data Leak as Hackers Threaten to Expose Stolen Information

 

A new wave of cybersecurity threats looms over Reddit as hackers, known as BlackCat, have recently surfaced with a dire warning. The group claims to have obtained confidential data during a breach that occurred back in February. Reddit, the popular social media platform and discussion forum, is now facing the potential release of sensitive user information, causing alarm among its millions of users.

According to reports from Bleeping Computer, the hackers have threatened to leak a massive 80GB trove of stolen data. This news has sent shockwaves throughout the online community, sparking concerns about privacy and cybersecurity. The stolen information is said to include email addresses, encrypted passwords, and private messages exchanged between users.

The breach has caused unrest among Reddit users who are worried about the potential exposure of their personal information. The platform has a vast user base, with countless individuals actively engaging in discussions, sharing personal stories, and participating in various communities. The leak of such data could have significant consequences, including identity theft, phishing attacks, and harassment.

Reddit has been grappling with cybersecurity issues in recent years. The breach in February, initially thought to be minor, now appears to be much more severe than anticipated. The company has been working diligently to enhance its security measures and address the breach promptly. However, the latest threats from BlackCat highlight the ongoing challenges faced by online platforms in safeguarding user data.

In response to the threats, Reddit has taken immediate action to protect its users. The company has informed law enforcement agencies and is cooperating fully with their investigations. Reddit is also urging its users to update their passwords and enable two-factor authentication as an additional security measure.

While the motivations of the BlackCat hackers remain unclear, their actions emphasize the pressing need for individuals and organizations to prioritize cybersecurity. It is essential for users to regularly update their passwords, use strong and unique passwords for each platform, and enable multi-factor authentication whenever possible. Online platforms, too, must invest in robust security systems to safeguard user data and actively monitor for potential breaches.

The Reddit breach serves as a stark reminder that no organization is immune to cyber threats. It underscores the importance of implementing comprehensive security protocols, conducting regular vulnerability assessments, and maintaining a proactive stance against potential attacks.

Read more »
Ransomware Attacks.
Data Breach Dish Network Email Phishing Encryption Firewall Phishing Attacks Ransomware Attacks.

Dish Network Hit by Cyberattack and Multiple Lawsuits

Satellite TV provider, Dish Network, recently suffered a ransomware attack that compromised the sensitive data of its customers and employees. The attack occurred in February 2023 and was only revealed by the company in April. Since then, the company has been hit with multiple lawsuits from affected customers, which could have serious financial and reputational consequences.

According to Dish Network, the attackers accessed a database that contained names, addresses, phone numbers, and email addresses of its customers and employees. While there is no evidence that the attackers stole financial information, social security numbers, or passwords, the theft of personal information alone is a major cause for concern.

The company has not disclosed how the attack occurred or which ransomware group was responsible. However, security experts have noted that many ransomware attacks start with a phishing email or a vulnerability in software that is not patched in time.

Dish Network has said that it immediately launched an investigation and informed law enforcement about the attack. It has also offered affected customers two years of free credit monitoring and identity theft protection services. However, this may not be enough to assuage customers’ concerns, as the stolen information can be used for a range of malicious activities, from phishing scams to identity theft.

The lawsuits filed against Dish Network accuse the company of failing to secure customer data and being negligent in protecting it. The plaintiffs are seeking damages and compensation for the potential harm that could result from the theft of their personal information. The lawsuits also allege that Dish Network did not inform customers about the attack promptly, which delayed their ability to take measures to protect themselves.

This incident serves as a reminder of the importance of cybersecurity for businesses of all sizes. Cyberattacks can cause significant harm to a company’s reputation, finances, and customers. It is crucial for companies to have robust security measures in place, regularly update their software, and educate employees about cyber threats. It is also important to have a plan in place to respond to a cyber incident, including notifying affected customers promptly and offering them appropriate support.

In the case of Dish Network, the full extent of the damage caused by the cyberattack remains unclear. However, the lawsuits against the company highlight the serious consequences that can result from a breach of personal data. It is up to companies to take responsibility for the security of their customers’ information and take all necessary measures to prevent cyberattacks from occurring in the first place.
Read more »
Ransomware
Cyber Attacks Cyber Criminals Cybersecurity DMARC Email Phishing HTML Infrastructure phishing Ransomware

Emails With HTML Attachments are Still Popular Among Phishing Scammers

 


Cybercriminals are increasingly using malicious HTML files to attack computers, according to a recent study conducted by security researchers. In addition to this, Barracuda Networks' study also revealed that malicious files now account for over half of all HTML attachments sent via email. There has been a significant increase in applications compared to last year. 

Is there a phishing scam using HTML attachments you know of? To prevent cybercriminals from contacting C7C servers to download crypto-malware, Trojan horses, or other nasty nasties through email, HTML attachments are sent instead of email. 

Phishing scams based on HTML emails have been around for a long time, but people aren't aware of them, and they are increasingly falling for the same. 

There is a high chance that you checked your email more than once this past weekend. This is despite it being a holiday weekend for many people.

Even though HTML files continue to be one of the most common attachments used in phishing scams in 2022, it shows that the method is still one of the most effective methods of getting past spam detection software and delivering spam to targets who are looking for it. 

HTML (HyperText Markup Language) is a markup language developed to display documents created for display in a web browser, according to Wikibooks. The capabilities of technologies such as Cascading Style Sheets (CSS) and programming languages such as JavaScript can make it easier to do this.

It is possible to render HTML documents as multimedia web pages using a web server or a local storage device that receives HTML documents from a web server. An HTML document describes the semantics of a web page and includes clues that indicate how it should appear to the end user. HTML can also describe the content of a web page. 

When victims are sent phishing emails using HTML files, they are frequently directed to malicious websites, downloaded files, or phishing forms that can be displayed locally within their browsers on their computers.

It is common for email security software to overlook attachments when delivering messages to targets since HTML does not pose a threat to the recipients; as a result, messages are delivered successfully to their inboxes. 

Something is interesting about this recent increase in malicious HTML files. This does not seem to be the result of mass attack campaigns in which hackers send the same attachments to many victims. 

To protect against cyberattacks, it is now more imperative than ever to implement appropriate cybersecurity measures. The key to preventing such attacks is what the report uses as an example of how to prevent them. 

It has been reported that the cybercriminal groups DEV-0238 and DEV-0253 have also been using HTML smuggling to deliver keyloggers through HTML attachments they have sent using HTML smuggling. HTML smuggling has also been associated with the cybercriminal group DEV-0193 delivering Trickbot malware through HTML smuggling. 

HTML attachments are used in phishing attacks 


HTML attachments spammed by phishing sites are the most common type of HTML attachment. There is generally no malicious code within the HTML file itself. This means it does not have any malicious code that launches arbitrary code into the system even though it looks benign. Despite this, it is recommended to treat this attachment with caution. By mimicking the look of a sign-in page for a service such as Microsoft, Google, or a major online bank, the scam could lead to the user entering their credentials into the form and submitting it, resulting in a malicious website that takes over their account. 

When it comes to spam forms and redirection strategies in HTML attachments, hackers usually use several tactics for implementation. These tactics range from simple redirections to obfuscating JavaScript to disguise phishing forms to steal personal information. 

A secure email gateway and antivirus solution can check email messages for attachments to see if they contain malicious URLs, scripts, or other threats. This could threaten users' security. 

The majority of cybercrime attacks are composed of malicious phishing forms or redirects created using JavaScript in HTML attachments. This is done to avoid detection. 

Considering that malicious files can damage your device and your organization, it has become increasingly important to ensure you take the necessary precautions to keep yourself safe from them. It is imperative to know how to prevent such attempts by taking the following precautions: 

The infrastructure of your email system will be crucial in this case. Antivirus software and firewalls should be updated regularly to function properly. Furthermore, a solid plan of action must be implemented for data loss prevention. DMARC protocols should be defined for your domain as the most effective way to ensure communications security. 

Authenticating with two-factor authentication is necessary, followed by zero-trust access based on multi-factor authentication. You can be sure that your employees will be protected even if they fall victim to hacker attacks, credential theft, and phishing. This is because they will evaluate their credentials, device, location, time zone, and history of access and limit breaches. 

The importance of employee training on recognizing and reporting malicious HTML attachments shall be recognised. Employees must be trained on how to recognize and report attachments from unknown sources, especially those containing malware. Cybersecurity threats can have serious consequences for a business organization if it is not prevented.

Certainly, obfuscation is one of the common denominators among all the spammed HTML attachments in this case. Having to deal with a threat like this at the email gateway layer demonstrates just how difficult it is to detect.
Read more »
Phishing Campaigns
Cyber Attacks Email Phishing InterPlanetary File Syste IPFS Kaspersky Phishing Attacks Phishing Campaigns

How Threat Actors are Using IPFS for Email Phishing


InterPlanetary File System (IPFS) is a peer-to-peer distributed file system, that allows users around the world to exchange files. Instead of using file paths for addressing like centralized systems do, IPFS uses unique content identifiers (CID). The file itself stays on the user’s computer which had “uploaded” it to IPFS and downloaded directly from the computer. By default, a special software is needed to upload or download a file to IPFS (IPFS client). The so-called gateways are offered so users can browse the files stored in IPFS freely without installing any software. 

In 2022, threat actors conducted malicious activity by using IPFS for email phishing campaigns. They upload HTML files containing phishing forms to IPFS and use gateways as proxies so that users can access the files whether or not an IPFS client is installed on their devices. In addition, the scammers included file access links through a gateway into phishing messages forwarded to targeted victims. 

A distributed file system is used by attackers to reduce the cost of hosting phishing pages. Moreover, IPFS makes it impossible to erase files that have been uploaded by third parties. One can request that a file's owner delete it if they want it to totally disappear from the system, but cybercriminals will almost certainly never comply. 

IPFS gateway providers manage to tackle IPFS phishing attacks by consistently deleting links to fraudulent or suspicious files. 

Still, the detection or deletion of links at the gateway level do not always happen as quickly as blocking phishing emails, cloud files, or document. The URL addresses initially came to light in October 2022. As of right now, the campaign is still ongoing. 

The objective of phishing letters with IPFS links is often to gain the victim's account username and password, the reason why they barely contain very creative content. What is interesting about this tactic is where the HTML page links go. 

The recipient's email address is contained in the URL parameter. The email address given in the login box and the corporate logo at the top of the phishing form will both change, once modified. This way, one link can be utilized in a number of phishing campaigns targeting a variety of users. 

In late 2022, Kaspersky discovered two – 15,000 IPFS phishing letters a day for most of the time. This year, IPFS campaigns have begun to escalate, reaching more than 24,000 letters a day in January and February. February became the busiest month in terms of IPFS phishing activities, where researchers discovered a whooping 400,000 letters, a 100,000 increase from November and December 2022. 

In regards to this, Roman Dedenok, a security expert at Kaspersky commented “Attackers have and will continue to use cutting-edge technologies to reap profits. As of late, we have observes an increase in the number of IPFS phishing attacks — both mass and targeted. The distributed file system allows scammers to save money on domain purchase. Plus, it is not easy to completely delete a file, although, there are attempts to combat fraud at the IPFS gateway level. The good news is that anti-spam solutions detect and block links to phishing files in IPFS, just like any other phishing links. In particular, Kaspersky products employ a number of heuristics to detect IPFS phishing.”  

Read more »
User Safety
Cyber Fraud Data Leak Data Safety Email Phishing Phishing scam User Privacy User Safety

Watch Out for These Common Signs to Identify an Email Phishing Scam

 

Cybercriminals most frequently use phishing as a method of attack. This communication is a hoax designed to trick the recipient into disclosing private information, sending money, or clicking on a dangerous link. Usually, it is transmitted by email, social media direct messages, or some other text-based method. 

There are many different kinds of phishing, but for big firms, whaling or imitation phishing is the most dangerous. In this kind of attack, the cybercriminal poses as a senior executive to target the employees of the target company. In order to mislead the recipient, deceptively similar email addresses, display names, and messages are used. Since an email from top management or a professional acquaintance is typically taken to be authentic and doesn't arouse suspicion, it is a particularly effective strategy.

To mitigate risks, watch out for these tell-tale signs to identify a phishing email.

Unexpected or unsolicited correspondence 

When an email arrives unexpectedly, that's your first clue that it might be a fraud. Do you recall any offline or in-person discussions about the aforementioned subject? A warning sign that an email may be a phoney message is when you unexpectedly receive one from a top leader, client, or vendor without any prior context.

Scan the display name and email address 

Always check the display name and email address of the sender. On closer inspection, you might discover that a "O" has been changed to a "0" or a I has been changed to a "!". It might initially appear to be genuine. Also, you need to regularly check the domains of the emails you get. 

Internal communications will almost never come through a free email provider and will almost always come from the company's official domain. The same is true of external communication from other enterprises and companies. When you hover over a domain, the fraudulent one will often appear to be real or similar to the company's email address. 

Prompting urgency 

In most cases, phishing emails sound urgent. They want the victim to act without considering or confirming the legitimacy of the email's sender or contents. So, you should be wary of senior executives who unexpectedly request money transfers or information disclosures over email. Always confirm such requests using alternative methods. Call the sender directly, for instance, to confirm the communication. 

Unusual query

Take into account the requests made in the email. There are some common calls to action in phishing emails. They request that you send them private or delicate business information that shouldn't ideally be communicated through email in an unforeseen or initial discussion. It can also request that you click a link to submit this data. You can be led to assume that a senior executive has sent you a paper pertinent to your job by including it in an email. It might even request that you transfer money, either your own or, if you have the power, the company's. 

Prevention tips 

The first thing to do if you think you've received a phishing email is to say nothing. That is, never reply to emails, click on any links, or download any attachments. Next, if you have any doubts about the communication's legitimacy, you should always get in touch with the sender directly through a different method, such as by phone, text, or in person.

Additionally, keep an eye on the emails that arrive in your mailbox. Even if they are from within the company, use extra caution when dealing with emails or senders you weren't anticipating.
Read more »
Scammers
Cyber Attacks Cyber Scams CyberCrime Email Phishing Scammers

Air Fryers are Offered by Scammers as a 'Free' Kitchen Gadget

 


The deputy chief executive officer of Sainsbury's and Argos has warned shoppers to be vigilant against an air fryer scam targeting them at the moment. 

Taking part in an online survey is the only way to receive a free Ninja Air Fryer, which is the subject of the air fryer scam. To receive the free item, they will need to enter their credit card details as well as their shipping address. 

There is a convincing scam out there, as reported by secure card payment provider Dojo, in which fraudsters pose as Argos to entice you into making a payment. 

Due to the ongoing cost of living crisis, many people are still keen to buy air fryers, mostly at the cheapest possible price, to get the most bang for their buck. Unfortunately, the scam came at an unfortunate time. You can reduce your energy bills and cooking time by using this handy kitchen gadget.

There is a phishing email going around now that claims to offer a free Ninja Air Fryer, but Dojo is warning people to be wary of it. To qualify for the free item, users must complete an online survey and submit their card payment details along with the survey to receive it. In many ways, this is quite similar to the scam that has been going around with Curry's Smeg kettle in recent weeks, 

A link to the survey is provided on the Argos UK website, which appears to be an official Argos survey page. There are, however, several red flags that consumers should be aware of when it comes to online shopping. It is important to note that the website address and email address are not from Argos or its parent company, Sainsbury's. 

As far as the currency is concerned, it is the dollar. The payment offers will disappear after a certain time, which adds to the pressure on victims by adding another dimension to the scam. It is also intended to encourage anyone who has not completed the survey to fill it out and input their personal information. 

A concept known as a survey scam is a form of communication through email, text messages, and social media that mostly looks legitimate and tries to entice consumers to enter a survey to get free stuff. Usually, once fraudsters gain access to the consumer's credit card details, they will use those details to make lavish online purchases or empty the victim's bank account with the money they stole. 

According to Dojo's chief security officer Naveed Islam, one of the most common warning signs of a scam is to entice consumers with free items that seem too good to be true, thereby enticing them to become victims. As is visible in the Argos scam, these offers are usually time-limited to pressure victims into entering their bank details without any double-checking as to whether the transaction is legitimate, which is what many people do when they are scammed by these offers. 

The recent Currys scam, which has now spread to other retailers like Argos, has made consumers aware that they must remain vigilant about any offers they are presented with via their inboxes or social media accounts. If you are a victim of a scam, you should contact your bank immediately so that your credit card and account be suspended. Once that has taken place, your bank or building society's scam unit will provide you with specialized support.   
Read more »
Subscribe to: Posts (Atom)