Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Email scam. Show all posts
Phishing Campaign
Amazon Prime Cyber Fraud Email scam Financial Scam Phishing Campaign

Amazon Prime Phishing Campaign Siphons Login And Payment Info

 

The Cofense Phishing Defence Centre (PDC) has uncovered a new phishing campaign aimed particularly at Amazon Prime members, trying to steal login passwords, security answers, and payment details. The attacker sends out a well-crafted email mimicking Amazon, encouraging users to update their payment details owing to an "expired" or "invalid" payment method.

The Cofense PDC claims that the threat was sent by email that looked like a genuine Amazon Prime warning the victim that their payment method had expired or was no longer acceptable. Phishing attempts are evident when an email with the spoof sender name "Prime Notification" comes from an unrelated domain. 

The email tries to generate a false sense of urgency, which leads people to click on a fake link. When victims click, they are taken to a bogus Amazon security verification screen. "One of the first red flags recipients should look for is the URL, as it reveals that they have been redirected to Google Docs instead of Amazon's legitimate website," the report reads. 

Once the user has passed the false security screen, they are directed to a fraudulent Amazon login page designed to harvest passwords. "Users should always double-check when logging into websites and ensure that additional security measures, such as multi-factor authentication, are enabled," the researchers added.

After submitting their credentials, victims are prompted to provide additional verification information, such as their mother's maiden name, date of birth, and phone number. The phishing attack is not limited to login credentials. Users are also prompted to input their billing address and payment details, which includes credit card information.

"By obtaining the recipient's residential details, threat actors can submit a request to change the victim's address with postal services, redirecting mail and packages to another location," the report further reads.

In a similar vein, hackers can carry out illegal activities using credit card information that has been stolen. Cofense cautions that "threat actors could use the information to initiate and authorise multiple transactions if these details are compromised." If victims believe the card details has been taken, they are advised to get in touch with their banks right away.
Read more »
pharma scam
Alkem Laboratories Cyber Fraud Cyber Security Email scam Financial Fraud Online Scam pharma scam

Alkem Laboratories Falls Victim to Rs 22.31 Crore Cyber Fraud

 

The pharmaceutical industry has been rocked by a major cyber fraud case, with Mumbai-based Alkem Laboratories suffering a financial loss of Rs 22.31 crore due to an elaborate scam. Fraudsters posed as executives from Alkem’s U.S. subsidiary, Ascend Laboratories LLC, to execute the scheme.

According to a Hindustan Times report, the incident began on October 27, 2023, when Alkem’s Mumbai office received an email seemingly from Amit Ghare, the head of international operations at Ascend Laboratories. The email claimed that a recent payment to Alkem would lead to significant tax liabilities. To circumvent these taxes, the company was asked to refund the amount to a different bank account.

On November 17, 2023, another email, allegedly from Mary Smith, Ascend Laboratories' accounting manager, provided details of a U.S.-based bank account for the refund. Acting on these instructions, Alkem’s treasury manager, Manoj Mishra, transferred Rs 51.30 crore to the specified account via a SWIFT transaction.

The fraud came to light on November 15, 2023, when Alkem received another email, supposedly from Ghare, requesting a refund of Rs 90 crore. Growing suspicious, Alkem officials contacted Ghare, who confirmed he had not sent the request. Further investigation revealed that the earlier emails originated from compromised email accounts with subtle alterations in the email addresses.

According to HT, U.S. authorities were able to recover Rs 28.98 crore from the stolen amount, which was returned to Alkem. However, the company still suffered a loss of Rs 22.31 crore.

Alkem Laboratories has reported the incident to the authorities, and an ongoing investigation aims to identify and apprehend the fraudsters while recovering the remaining funds. The company has also implemented enhanced cybersecurity measures to safeguard against similar threats, as reported by The Free Press Journal.
Read more »
User Security
Cyber Fraud Email scam Fraudulent Scheme Milwaukee User Security

Milwaukee Residents Warned of Parking Ticket Scam

 

A fraudulent text message claiming to notify residents about an overdue City of Milwaukee parking penalty has been flagged as a scam and should be deleted, city authorities announced earlier this week.

According to Ald. Lamont Westmoreland, the scam operates by sending recipients a text message stating that a parking ticket must be resolved to avoid late charges. The message urges recipients to click on a link.

Westmoreland warned that clicking the link could expose the user’s phone to malware or ransomware. He also advised anyone who has shared credit or debit card information through the scam to contact their financial institution immediately to ensure their accounts are secure.

The fraudulent text message includes the city’s logo and seal, along with a URL containing “milwaukee.com,” according to a screenshot shared by Westmoreland. These elements make the message appear legitimate, increasing the likelihood of deception.

City's Official Statement

The Department of Public Works clarified that the city does not issue parking penalties via text message. Official tickets are delivered either by registered mail or by being physically placed on the vehicle.

The department urged residents not to click on links or share personal information in response to such messages. Victims of the scam are encouraged to report the incident to the Milwaukee Police Department.

If you have questions about parking tickets, you can contact the city directly at 414-344-0840. Ald. Westmoreland expressed disappointment over the scam, stating: “It’s really sad that scammers are resorting to using what appears to be a legit city source to run a scam like this, but it is not surprising.”

Read more »
User Security
Cyber Crime Email scam Indian Citizens Threat Landscape User Security

Threat Actors Are Sending Fraudulent Legal Notices to Target Indians

 

The Indian authorities have issued an urgent warning to residents over the widespread circulation of counterfeit emails impersonating Rajesh Kumar, CEO of the Indian Cyber Crime Coordination Centre (I4C). 

These fraudulent emails, with misleading subject lines like "Urgent Notification!" and "Court Notification," falsely accuse recipients of cybercrime and pressure them to respond. The PIB Fact Check team has identified these emails as fraudulent, emphasising that they were sent with malicious purpose to trick recipients and exploit their fears. 

Fake email threat

The bogus emails exploit the logos of prominent Indian institutions, such as the Indian Cyber Crime Coordination Centre (I4C), Intelligence Bureau (IB), and Delhi Police, as proof of legitimacy. They also represent themselves by using the names and contact information of senior officials to deceive recipients. These fake emails have been sent to government offices, people, and organisations, posing as official correspondence. 

In a tweet from its official handle, @PIBFactCheck, the bureau clarified that these emails are absolutely fraudulent and deceitful. "It is vital to note that neither the undersigned nor this unit originated such emails. Furthermore, no permission has been obtained for the creation or distribution of such content," the release noted. 

Cybercrime impact in India 

Concern over the rise in cybercrime in India is growing. Avinash Mohanty, the commissioner of police for Cyberabad, claims that cybercrime makes up more than 30% of the commissionerate's cognisable offences and that it may soon reach 50%. It is alarming to learn that every minute, Indian residents lose between 1.3 and 1.5 lakh rupees to hackers. This startling statistic emphasises the importance of raising awareness and vigilance against online fraud and scams. 

The recovery rate for cybercrime damages in the nation remains dismally low, averaging less than 20%. This increases the financial and emotional toll on sufferers. The increase in cybercrime impacts not only individuals and businesses, but also government institutions, which have been targeted in cases of espionage and data breaches.

In recent years, India has had a number of high-profile data breaches, the most significant of which involved Aadhaar, the country's unique citizen identification system. This breach affected over a billion Indians' personal information, including bank account numbers, addresses, and fingerprints. In 2024, the cost of data breaches in India would exceed two million US dollars, illustrating the increasing sophistication of cyberattacks and their devastating consequences.
Read more »
Phishing Attack
Bitcoin Cyber Attacks data security Email Phishing Email scam FTC Phishing Attack

Protect Yourself from Phishing Scams Involving Personal Data and Bitcoin Demands

 

A new phishing scam is emerging, where hackers send threatening emails to people with personal details like images of their homes and addresses. This scam tricks recipients into believing their privacy is compromised, urging them to pay money or Bitcoin to avoid exposure. According to cyber expert Al Iverson, scammers often use public sources like Google Maps and data from previous breaches to craft these threatening messages. He recommends confirming any images on Google Maps and checking email legitimacy to ensure the message isn’t a scam. 

One victim, Jamie Beckland, shared his experience, revealing that the scammers falsely claimed to have video evidence from spyware on his computer. Beckland, like others, was targeted with demands for Bitcoin in exchange for silence. Fortunately, by cross-referencing the address and photo in the email with Google Maps, he realized the threat wasn’t credible. To avoid falling for such scams, it’s critical to scrutinize email addresses and domains. Iverson advises checking SPF, DKIM, and DMARC results, which help verify the sender’s legitimacy. Scammers often spoof email addresses, making them appear familiar, but most don’t actually have access to sensitive data—they’re simply trying to scare people into paying. 

Zarik Megerdichian, founder of Loop8, strongly warns against clicking any unfamiliar links in these emails, especially those related to payments. Bitcoin and similar transactions are irreversible, making it crucial to avoid engaging with scammers. If you suspect financial information is at risk, Megerdichian advises reporting the incident to the Federal Trade Commission (FTC) and closely monitoring your accounts. Yashin Manraj, CEO of Pvotal Technologies, recommends changing passwords immediately if you suspect your data has been compromised. Moving sensitive accounts to a new email address can provide added protection. He also suggests notifying local authorities like the FBI, while ensuring that family members are informed of the scam to prevent further risks. 

Lastly, Manraj emphasizes that you should never engage with scammers. Responding to emails only increases your vulnerability, adding your information to target databases. To further protect yourself, isolating your home network, using a VPN, and avoiding public forums for help are essential steps in safeguarding your information from potential future attacks. These phishing scams, though threatening, rely on fear and manipulation. By taking steps to verify email legitimacy, securing your accounts, and staying cautious, you can avoid falling victim to these tactics.
Read more »
Proofprint
Black Basta Ransomware Cyber Attacks CyberCrime Data Theft Email Phishing Email scam email security Hacekrs NTLM Proofprint

New Email Scam Targets NTLM Hashes in Covert Data Theft Operation

 


TA577 has been identified as a notorious threat actor who orchestrated a sophisticated phishing campaign, according to researchers at security firm Proofpoint. Currently, the group is utilizing a new method of phishing involving ZIP archive attachments. This tactic is geared towards pilfering the hash data of NT LAN Manager (NTLM) users.

According to our investigation, this group is utilizing a chain of attacks aimed at stealing authentication information from the NT LAN Manager (NTLM) system. It would be possible to exploit this method for obtaining sensitive data and facilitating further malicious activity if this method were to be exploited. 

By using booby-trapped email attachments containing booby-trapped NTLM hashes to steal employees' NTLM hashes, a threat actor that is known for establishing initial access to organizations' computer systems and networks is using these attachments to steal employees’ hashes. Earlier this week, enterprise security firm Proofpoint published a report that suggested that the new attack chain "is capable of gathering sensitive information and facilitating follow-on activities." 

As reported by the company, at least two phishing campaigns have utilized this approach since February 26, 2024, when thousands of messages were distributed worldwide and hundreds of organizations were targeted. As an initial access broker (IAB), TA577 has previously been associated with Qbot and has been linked to Black Basta ransomware infections. 

The phishing waves spread thousands of messages around the world and targeted hundreds of organizations. The email security company Proofpoint reported today that although it has seen TA577 favouring Pikabot deployment in recent months, two recent attacks indicate that TA577 has taken a different approach to the attack. 

A group called TA578, which has been linked with the Qbot malware campaign and the Black Basta ransomware campaign, is one of the first access brokers. Recently, it has demonstrated an increasing interest in exploiting authentication protocols despite its previous inclination toward deploying Pikabot malware. 

NTLM hashes are a cornerstone of the security of Windows systems for authentication and session management. Attackers are extremely interested in these hashes as they are potentially useful in offline password cracking and in pass-the-hash attacks, which do not require actual passwords to gain access to services but instead use hashes as shortcuts. 

A technique known as thread hijacking, by which the attackers craft phishing emails that seem like legitimate follow-up emails to ongoing conversations, is used by the attackers. There is a malicious external server that is used to capture NTLM hashes, as these emails contain personalized ZIP files with HTML documents. When opened, these malicious servers start connecting to a malicious external server that has been set up specifically to capture these hashes. 

TA577 likely has the resources, time, and experience to iterate and test new delivery methods at the rate at which it adopts and distributes new tactics, techniques, and procedures (TTPs). TA577, along with other IABs, seems to be on top of the threat landscape and understands when and why certain attack chains cease to be effective. 

To increase the effectiveness and likelihood of victim engagement with their payload delivery and bypass detections, they will be able to create new methods to bypass detections and make use of them as quickly as possible. Researchers at Proofpoint have also noticed an increase in the use of file scheme URIs to direct recipients to external file shares such as SMB and WebDAV for the delivery of malware. To prevent exploits identified in this campaign, organizations should block outbound SMBs to prevent these sophisticated attacks. 

While restricting guest access to SMB servers is a simple security measure, it falls short of preventing these sophisticated attacks. The company advises that strict email filtering be implemented, outbound SMB connections should not be allowed, and Windows group policies should be activated to minimize the risk. 

To combat these types of NTLM-based threats effectively, Microsoft has introduced advanced security features into Windows 11 to help users. It is important to maintain constant vigilance and take strong security measures to prevent phishing attacks targeting the NTLM authentication protocol. For organizations to remain safe from sophisticated cybercriminal endeavours, they must stay abreast of emerging threats and adjust their defences to keep up with the rapidly evolving threats.
Read more »
User Privacy
Cyber Fraud Data Safety Email scam Smishing Campaign SMS Phishing User Privacy

Smishing: SMS Phishing Attacks And How to Thwart Them

 

Smishing is a fast growing version of one of the most established and lucrative scams on the internet. Smishing, like other forms of phishing, aims to trick you into revealing sensitive data and information; however, instead of email, cybercriminals use text messaging or short message services (SMS) to interact with you. Smish attempts are frequently delivered as regular SMS to mobile phone subscribers, but they can also be sent via popular messaging apps. 

Smishing is a type of social engineering in which fraudsters exploit emotions such as fear, sympathy, curiosity, or greed to induce others to reveal personal or business information. They manage this by sending fake messages to your phone or other mobile device that appear to be from a trustworthy source, such as a delivery service, utility supplier, bank, or government agency.

The information they seek could include usernames, passwords, bank account numbers, credit card numbers, vendor names, and other confidential data. The data is subsequently sold on the dark web by cybercriminals, who can also employ it to steal identities, empty bank accounts, or reroute funds to themselves.

Smishing is more tempting to cybercriminals since users are more likely to trust texts over other kinds of communication. In fact, people respond to 45 percent of their texts, but only 6 percent of their emails receive a response. This is most likely due to years of email oversaturation; inboxes bombarded with promotional offers and spam have been trained users to be wary. 

Prevention tips

Here are five ways to prevent scammers from stealing private data: 

  • Never click on hyperlinks in texts from suspicious or unknown numbers. If the link is a brief, shortened URL, this is twice as true. Shorter URLs are frequently cited as a telltale sign that fraudsters are attempting to conceal obviously fake URLs in SMS messages. 
  • Be cautious; if you are persuaded to pay or disclose personal information, take a moment to confirm that the source is authentic and trustworthy. 
  • Never respond to texts from unknown or suspect numbers, especially if they ask you to do so. This notifies scammers that your phone number is active, and you may be added to spam lists and harassed further
  • To protect against malware concealed in smishing URLs, keep your phone's operating system up to date at all times.
  • Pay attention to telltale signs of social engineering, such as urgent messages or get-rich-quick schemes. If something appears to be too good to be true, it most likely is.
Read more »
Sensitive data
Data Breach Email scam Malicious Software Ransomware attack Sensitive data

Commscope Ransomware Attack Exposes Sensitive Employee Data

Hackers have once again targeted a company, this time Commscope, and stolen sensitive employee data during a ransomware attack. According to reports, the hackers have published the stolen data online, including personal information, job titles, and email addresses of Commscope employees.

The attack on Commscope, a US-based network infrastructure provider, highlights the continued threat of cybercrime and the vulnerabilities that companies face in terms of data protection. Cybersecurity experts warn that companies need to be proactive in their approach to cyber defense and invest in robust security measures to prevent such attacks.

The hackers behind the Commscope attack have not been identified, but it is believed that they used ransomware to gain access to the company's systems. Ransomware attacks involve the use of malicious software to encrypt a company's data, making it inaccessible until a ransom is paid.

The publication of the stolen data online has caused concern for the affected employees, who now face the risk of identity theft and other cybercrimes. This incident serves as a reminder that companies must not only focus on preventing cyber attacks but also prepare for the aftermath, including data recovery and notification of affected individuals.

In the wake of this attack, Commscope has urged its employees to be vigilant and monitor their personal accounts for any suspicious activity. The company has also stated that it is working with law enforcement and cybersecurity experts to investigate the incident and mitigate the damage.

This attack on Commscope highlights the need for companies to take a proactive approach to cybersecurity, including implementing robust security measures, conducting regular risk assessments, and training employees to be aware of potential threats. With the increasing sophistication of cyber attacks, companies must remain vigilant and invest in cyber defense to protect their data and reputation.

Read more »
Subscribe to: Posts (Atom)