Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Email Scams. Show all posts

Beware of Fake Microsoft Emails Exploiting Microsoft 365 Vulnerabilities

 

The internet is rife with scams, and the latest involves hackers exploiting vulnerabilities in the Microsoft 365 Admin Portal to send fraudulent emails directly from legitimate Microsoft.com accounts. These emails bypass spam filters, giving them an appearance of credibility, but their true purpose is extortion. These scam emails claim to have sensitive images or videos of the recipient in compromising situations. To prevent this alleged content from being shared, the recipient is asked to pay a ransom—often in Bitcoin. This type of cybercrime, known as “sextortion,” is designed to prey on fear and desperation, making victims more likely to comply with the scammer’s demands. 

Unfortunately, sextortion scams are becoming increasingly common. While tech companies like Microsoft and Instagram implement protective measures, hackers find new ways to exploit technical vulnerabilities. In this case, scammers took advantage of a flaw in the Microsoft 365 Message Center’s “share” function, commonly used for legitimate service advisories. This loophole allows hackers to send emails that appear to come from a genuine Microsoft.com address, deceiving even cautious users. To identify such scams, it is crucial to evaluate the content of the email. Legitimate companies like Microsoft will never request payment in Bitcoin or other cryptocurrencies. 

Additionally, scammers often include personal information, such as a birthday, to make their claims more believable. However, it is important to remember that such information is easily accessible and does not necessarily mean the scammer has access to more sensitive data. Victims should also remember that scammers rarely have the incriminating evidence they claim. These tactics rely on psychological manipulation, where the fear of exposure often outweighs rational decision-making. Staying calm and taking deliberate action, such as verifying the email with official Microsoft support, can prevent falling prey to these schemes. Reporting such emails not only protects individual users but also helps cybersecurity teams track and combat the criminals behind these campaigns. 

Microsoft is actively investigating this criminal activity, aiming to close the exploited loopholes and prevent future scams. In the meantime, users must remain vigilant. Keeping software up to date, enabling multi-factor authentication, and using strong passwords can help mitigate risks. A scam email may look convincing, but its demands reveal its true intent. Always approach threatening emails critically, and when in doubt, seek guidance from the appropriate channels. By cultivating a habit of skepticism and digital hygiene, users can strengthen their defenses against cybercrime. Awareness and timely action are essential for navigating the modern threat landscape and ensuring personal and organizational security.

Guarding Your Finances: The Art of Phishing Attacks and Social Engineering

 


Malware, hacking techniques, botnets, and other types of technologies are becoming increasingly sophisticated as cyber crimes become more sophisticated. Nevertheless, online criminality exploits tactics that have been refined over decades by criminals long before the internet existed. 

A cybercriminal knows how to control a human tendency for trust as well as trickery, coercion, and the movement of humans to use their faith in them to achieve their criminal goals. "Social engineering" is a term referring to a method of gaining confidence online that is most often used in confidence scams.   

Cybercriminals can glean a nuanced understanding of users by exploiting social media sites, professional profiles, blogs, websites, or local news reports. Using data harvested from these sources over weeks or months will allow them to gain a nuanced understanding of users and even their families. 

It is a collective term for a range of scams or scams that rely on social engineering to seek money directly from a victim or to gain confidential information to enable the perpetrator to commit further crimes after the victim has fallen victim to the scam. The preferred channel for contact is now social media. However, if you want to make contact by phone or in person, it is not uncommon to do that too. 

An individual who uses social engineering to gain access to a company's computer system or information about a client, or to compromise an organization's data, is known as a social engineer. If a malicious individual attempt to pose as a new employee, technician, or researcher, it may appear unassuming and respectable, with credentials that may support the claim that he or she is a new employee, technician, or researcher.

It is still a possibility that a hacker could obtain enough information by asking questions to gain entry into an organization's network. The attacker may also contact a second source within the same organization if he or she cannot gather enough information from one source and then rely on the information gathered from the first source to build credibility in the eyes of the authorities in the organization. 

Phishing scams are responsible for the loss of tens of millions of dollars each year, and the number is increasing every year, according to the authorities. A phishing scheme differs largely from scams in the form of the now-famous "Hi Mum" scheme in the sense that no overt request is made to send money to an account as the tactic. 

To effectively persuade people to provide any personal information to the scammers, they use subterfuges, doctored websites, and carefully calibrated software scripts to get them to divulge personal information. It is a technique that has become popular as a "social engineering" technique in the cybersecurity community as this technique is based on people's typical emotions and behaviours.

Scams may appear in the form of e-mails or text messages claiming to be from an official company or organization, such as the Australian Taxation Office or Netflix, that appear to be from the real thing. Upon receiving a warning message from the company, victims will be directed to a page that resembles the one used by the company and will be asked to fix a problem with their account or to confirm their contact details as soon as possible. 

A phishing kit, which contains HTML assets and scripts that you will need to create a fake website, is available for as little as $10, but scammers will probably pay anywhere from $100 to $1,000 for one. Using this information, the scammer can access bank accounts to transfer money to themselves at any time at his convenience. Phishing has evolved into an underground industry inside Australia's cybersecurity sector, according to Craig McDonald, founder of Australian cybersecurity company MailGuard. 

Many people don't realize the fact that they have made personal information available to swindlers through the use of social engineering because they do not monitor the amount of information that they disclose. There are usually privacy controls on social media sites and forums, for instance, which may be able to help users restrict how much information about them and their lives is visible publicly to others. The problem is that a large number of users consistently ignore these filters and allow any information they post to remain visible to the public.   

Some cyber criminals spend as much time as they can on building their personas as they do building their websites. They may be able to anticipate a person’s reaction to a certain situation with a good understanding of how they would react, which would in turn allow them to act and respond in a way that establishes trust once they reach out to them - as a fellow alumnus, a school parent, or an avid sports enthusiast, to name just a few examples. 

There are many ways that scams can be perpetrated. Gifts and charitable contributions are often requested during the holidays since it is the season for giving. In some cases, criminals may send emails that contain malicious links that permit them to access a person's device, account, or data as well as their personal information. The release of a device or the release of information stolen may be subject to ransom demands.   

Social Engineering: How to Spot It   


A Message of Urgency or Threat  


In case users receive an email, text message, direct message, or any other sort of message that seems overly exciting or aggressive then it is something to be cautious about. These scare tactics are used by scammers to force users into taking action without first thinking through what is being done to them. 

Click Bait for Winning Prizes 


There is a multitude of stories that scammers will tell to pry your personal information from users. Some scammers use bogus prizes and sweepstakes to win money from unsuspecting people. To make the payments out of the winnings, scammers are given users' bank information or sometimes even their tax ID number. 

Users are never going to receive the winnings they are claiming. The scammer is interested in this information so that they can hack users' accounts and steal their identities in a wide variety of ways.  

The Message Appears to be Strange in Some Way. 


A scammer will often pose as a person user knows to get your money. It can be anyone, including friends, family members, coworkers, bosses, vendors, or clients when users are working, or any other person for that matter. The message users receive when they do does seem a bit odd at first, but users will soon get used to it.  

How Can You Prevent Being Phished in The Future? 


When phishing victims become the victim of a scam, there can be difficulties in obtaining recourse. While Australians lost an unprecedented $3.1 billion through scams last year, the big banks only compensated about $21 million in compensation to their customers, even though the banks have each developed their policies for dealing with cybercrime. 

Australian Financial Complaints Authority (AFCA) is a consumer complaints body that is responsible for investigating complaints from the general public about banks. The federal government has provided some indication that it will be reforming Australian online banking law shortly, even if consumer groups maintain that the laws are not robust enough to protect victims of scams. Deputy Treasurer Stephen Jones stated several steps are being taken by the government to impose strict new codes of conduct on the industry.

Operation Jackal: INTERPOL Shuts Down African Cybercrime Gang


A recent operation by INTERPOL on the West African cybercrime organization led to several bank accounts being frozen, with suspects detained and a series of financial investigations organized worldwide. 

Operation Jackal, conducted between May 15 and 29, apparently mobilized police forces, financial crime units and cybercrime agencies across 21 countries in order to launch a targeted strike on Black Axe and related West African organized criminal gangs.

As of now, more than 200 illicit bank accounts that were linked to online financial crime have been blocked, with several associated suspects arrested whose networks in cybercrime pose a severe threat to international security. 

“Organized crime is mostly driven by financial gain and INTERPOL is committed to working with our member countries to deprive these groups of their ill-gotten assets. This successful operation involving so many countries clearly shows what can be achieved through international cooperation, and will serve as a blueprint for concerted police action against financial crime in the future,” says Isaac Kehinde Oginni, Director of INTERPOL’s Financial Crime and Anti-Corruption Centre (IFCACC). “It also sends a strong message to West African crime networks that no matter where they hide in cyberspace, INTERPOL will pursue them relentlessly. The illegal activities of Black Axe and similar crimes syndicates will remain a priority for INTERPOL.”

In Portugal alone, four such investigations led to the accumulated seizure and recovery of around 1.4 EUR million.

A total of 34 suspects have been arrested in the Irish phase of the operation. Amongst these arrests, 12 were detained for investigative purposes and 22 on suspicion of money laundering and gangland-style offences. 

According to Deputy Head of the National Central Bureau of Dublin, Tony Kelly, ‘It became apparent early in the investigation that international cooperation and the use of INTERPOL’s analytical and coordination capabilities was essential to the investigation, and remains a pivotal element to the success to date and the ongoing investigation into this group.”

More such investigations have been witnessed across the world as intelligence agencies are putting efforts into investigating the issue.

Black Axe and other West African organized cybercrime syndicates are popular malicious gangs known for cyber-enabled criminal offences like financial fraud, mostly done by compromising company’s email systems, romance scams, inheritance scams, credit card fraud, tax fraud, advance payment scams and money laundering. 

Email Scams v/s Phishing: Here's All You Need to Know

 

Becoming a victim of any crime can be emotionally distressing, financially burdensome, and socially humiliating. While some scams are easily recognizable, others are cleverly disguised, making it difficult to detect that you are being exploited. Scams exist in various aspects of life, encompassing business, taxation, and even identity theft, all driven by fraudulent intentions to take advantage of individuals. The primary motive behind these scams appears to be financial gain. 

Email scams and text scams have become abundant, especially with the widespread use of cell phones in recent times. It is evident that every single one of these scams falls under the category of phishing schemes. 

Phishing tactics are intended to fool you into submitting personal information that the cybercriminal will then use to get access to your financial accounts, steal your identity, download malware, or otherwise cause havoc. These schemes appear and sound like valid requests from legitimate sources, making it difficult to identify them as harmful.

Messages from a credible source urging you to reset your password, a supervisor or colleague asking you to help them out by sending them money, or a merchant offering a fantastic bargain on an item you want are all examples of email phishing. Some fraudsters have grown inventive, sending scary messages that appear to be from a tax collection agency, such as the IRS, with a deadline.

Email is an efficient method for phishing techniques to be exploited, but it is not the only location where they may be found. SMS phishing is currently used by scammers to deceive you into clicking over to a website or form in order to acquire information. Because it is more difficult to determine whether a text message is real than an email message, many individuals get duped in this manner.

Social networking platforms can also be used to spread phishing schemes. They appear to be fantastic deals and offers for cool new goods or services in your neighborhood. If you click the ad, you might be taken to a very professional-looking website. However, once your contact information is disclosed, your identity is jeopardized.

One of the greatest methods to prevent being a victim of an email or phishing scam is to avoid clicking on links or responding to communications from people you don't know. Check the sender's email address to ensure it is real. It never hurts to double-check because professional scammers will establish email addresses that look identical to legitimate ones.

Instead of clicking on a social network link to learn more about a new product, conduct a search on a trusted online shop such as Amazon, Newegg, or Walmart. If the product is decent, it will most likely be sold through legitimate channels.

Similarly, if you read about a company's sale or new subscription opportunity, go to the company's website first before committing to buy. The same deal will very certainly be offered there as well, so you may still take advantage of it.

Because phishing and email schemes are classified as malware, most antivirus programs contain anti-phishing capabilities or enhanced email security. You may enable Bitdefender's capabilities within your email program, whether it's a Google or Outlook account. This will help prevent scam communications from reaching your inbox.

The same can be said with text message fraud. Anti-phishing capabilities in Android antivirus apps reduce the number of SMS-based schemes. Mobile antivirus, like desktop antivirus, will block malware and sites with risks on them, ensuring that your device is not infected with malware and that you are not duped into providing sensitive information to an unknown solicitor.

If you open on a faulty link, the finest antivirus software will prevent you from reaching a harmful page. Furthermore, antivirus software will stop any dangerous file connected to a faulty link, preventing your machine from becoming infected with a bot, worm, or ransomware.