Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Email. Show all posts
Technology
AI ChatGPT Email Gen AI Phishing scam Technology

Dangers of AI Phishing Scam and How to Spot Them

Dangers of AI Phishing Scam and How to Spot Them

Supercharged AI phishing campaigns are extremely challenging to notice. Attackers use AI phishing scams with better grammar, structure, and spelling, to appear legit and trick the user. In this blog, we learn how to spot AI scams and avoid becoming victims

Checking email language

Earlier, it was easier to spot irregularities in an e-mail, all it took was one glance. As Gen AI models use flawless grammar,  it is almost impossible to find errors in your mail copy, 

Analyze the Language of the Email Carefully

In the past, one quick skim was enough to recognize something is off with an email, typically the incorrect grammar and laughable typos being the giveaways. Since scammers now use generative AI language models, most phishing messages have flawless grammar.

But there is hope. It is easier to identify Gen AI text, and keep an eye out for an unnatural flow of sentences, if everything seems to be too perfect, chances are it’s AI.

Red flags are everywhere, even mails

Though AI has made it difficult for users to find phishing scams, they show some classic behavior. The same tips apply to detect phishing emails.

In most cases, scammers mimic businesses and wish you won’t notice. For instance, instead of an official “info@members.hotstar.com” email ID, you may notice something like “info@members.hotstar-support.com.” You may also get unrequested links or attachments, which are a huge tell. URLs (mismatched) having subtle typos or extra words/letters are comparatively difficult to notice but a huge ti-off that you are on a malicious website or interacting with a fake business.

Beware of Deepfake video scams

The biggest issue these days is combating deepfakes, which are also difficult to spot. 

The attacker makes realistic video clips using photo and video prompts and uses video calling like Zoom or FaceTime to trap potential victims (especially elders and senior citizens) to give away sensitive data. 

One may think that only old people may fall for deepfakes, but due to their sophistication, even experts fall prey to them. One famous incident happened in Hong Kong, where scammers deepfake a company CFO and looted HK$200 million (roughly $25 million).

AI is advancing, and becoming stronger every day. It is a double-edged sword, both a blessing and a curse. One should tread the ethical lines carefully and hope they don’t fall to the dark side of AI.

Read more »
privacy laws
Cyber Security Data Privacy data security Elon Musk Email OPM data breach privacy laws

Federal Employees Sue OPM Over Alleged Unauthorized Email Database

 

Two federal employees have filed a lawsuit against the Office of Personnel Management (OPM), alleging that a newly implemented email system is being used to compile a database of federal workers without proper authorization. The lawsuit raises concerns about potential misuse of employee information and suggests a possible connection to Elon Musk, though no concrete evidence has been provided. The controversy began when OPM sent emails to employees, claiming it was testing a new communication system. Recipients were asked to reply to confirm receipt, but the plaintiffs argue that this was more than a routine test—it was an attempt to secretly create a list of government workers for future personnel decisions, including potential job cuts.

Key Allegations and Concerns

The lawsuit names Amanda Scales, a former executive at Musk’s artificial intelligence company, xAI, who now serves as OPM’s chief of staff. The plaintiffs suspect that her appointment may be linked to the email system’s implementation, though they have not provided definitive proof. They claim that an unauthorized email server was set up within OPM’s offices, making it appear as though messages were coming from official government sources when they were actually routed through a separate system.

An anonymous OPM employee’s post, cited in the lawsuit, alleges that the agency’s Chief Information Officer, Melvin Brown, was sidelined after refusing to implement the email list. The post further claims that a physical server was installed at OPM headquarters, enabling external entities to send messages that appeared to originate from within the agency. These allegations have raised serious concerns about transparency and data security within the federal government.

The lawsuit also argues that the email system violates the E-Government Act of 2002, which requires federal agencies to conduct strict privacy assessments before creating databases containing personal information. The plaintiffs contend that OPM bypassed these requirements, putting employees at risk of having their information used without consent.

Broader Implications and Employee Anxiety

Beyond the legal issues, the case reflects growing anxiety among federal employees about potential restructuring under the new administration. Reports suggest that significant workforce reductions may be on the horizon, and the lawsuit implies that the email system could play a role in streamlining mass layoffs. If the allegations are proven true, it could have major implications for how employee information is collected and used in the future.

As of now, OPM has not officially responded to the allegations, and there is no definitive proof linking the email system to Musk or any specific policy agenda. However, the case has sparked widespread discussions about transparency, data security, and the ethical use of employee information within the federal government. The lawsuit highlights the need for stricter oversight and accountability to ensure that federal employees’ privacy rights are protected.

The lawsuit against OPM underscores the growing tension between federal employees and government agencies over data privacy and transparency. While the allegations remain unproven, they raise important questions about the ethical use of employee information and the potential for misuse in decision-making processes. As the case unfolds, it could set a precedent for how federal agencies handle employee data and implement new systems in the future. For now, the controversy serves as a reminder of the importance of safeguarding privacy and ensuring accountability in government operations.

Read more »
online games
Cookies Cyber Fraud Discord Email malware online games

Watch Out: Fake Game Invites on Discord Are Stealing Your Personal Data

 



There is a new online scam, where cyber criminals trick people into downloading harmful software under the pretext of beta testing a game. This campaign targets people on platforms such as Discord, email, and even text messages, aiming at stealing personal information and compromising accounts online. 


How does this work?

The scam starts by sending a harmless message. In this case, a user on Discord or elsewhere receives a direct message from a purported game developer claiming to have sent them a new game to play. The user is asked whether they would want to try the supposed game. In most cases, these messages come from compromised accounts, so the request seems all the more real.

If the victim consents, the attacker shares a download link and password to the target so that they can actually access and start downloading the game file. These links are usually Dropbox or even Discord's network because most malware authors upload their creations to an existing, popular platform. But what users download aren't games-these are referred to as information stealers.


What Do These Malware Applications Do?

Once installed, these programs, such as Nova Stealer, Ageo Stealer, or Hexon Stealer, begin extracting sensitive data. This may include: 

1. Saved browser passwords

2. Session cookies for services like Discord or Steam

3. Wallet information for cryptocurrencies

4. Credit card information

6. Two-factor authentication (2FA) backup codes

The Nova Stealer and Ageo Stealer are the new wave called Malware-as-a-Service (MaaS). This enables cybercriminals to rent these tools to conduct attacks. Nova Stealer even leverages a feature called a Discord webhook, allowing it to send information directly to hackers so they could know right away how much data had been stolen and not have to manually check.

Another tool that is used in these scams is the Hexon Stealer. It is a highly dangerous tool since it can gather a wide variety of personal information. Using such information, it hacks into Discord accounts and enables the attackers to send similar fake messages to the contacts of the victim, thereby further spreading the malware. 


Why Do Hackers Target Discord?

The main focus of these attacks is the Discord credentials. When hackers get access to a person's account, they can pretend to be that person, deceive their friends, and expand their network of victims. This cycle of exploitation of trust makes the scam so effective. 


How to Identify Fake Game Websites

Fake download pages are usually built using common web templates. Such sites appear legitimate but host malware. Among them are the following:  

  • dualcorps[.]fr
  • leyamor[.]com 
  • crystalsiege[.]com 
  • mazenugame[.]blogspot.com

These sites are hosted on platforms that are resistant to takedown requests, making it difficult for researchers to shut them down. If one site is removed, attackers can quickly set up a new one. 


How Can You Protect Yourself? 

To keep yourself safe, follow these simple guidelines:

1. Be cautious with unsolicited messages: If someone you don’t know—or even a known contact—sends a download link, verify its authenticity through another platform.  

2. Avoid downloading unknown files: Don’t download or install anything unless you’re certain it’s legitimate.  

3. Use updated security software: An active anti-malware program can block known threats.

4. Be watchful of phony websites: Be on the lookout for amateurism or copy-and-paste designs when viewing suspicious sites.


In the end, this scamming attack is meant to reap a financial reward; it may come in the form of stolen cryptocurrency, credit card information, or other sensitive details. Knowing how this attack works can help you safeguard your data from cybercrime attacks.

Stay informed and be careful—your online safety depends on it.

Read more »
Web
data security Email Internet Password Technology Web

Beware of These Email Warning Signs to Stay Safe Online

Beware of These Email Warning Signs to Stay Safe Online

Email, the backbone of communications in today's age, also serves as a common vector for cyberattacks, particularly phishing scams. Phishing emails are designed to trick recipients into revealing sensitive information or downloading malicious software. To protect yourself, it’s crucial to recognize the warning signs of a potentially dangerous email. 

1. Suspicious Subject Lines

One of the first things you notice about an email is its subject line. Phishing emails often use alarming or urgent language to grab your attention and prompt immediate action. 

Subject lines like “Urgent: Account Suspended,” “Action Required: Verify Your Identity,” or “Security Alert: Unusual Activity Detected” are red flags. Always approach such emails with caution and verify their authenticity before taking any action.

2. Generic or Overly Personalized Greetings

Phishing emails often use generic greetings such as “Dear Customer” or “Dear User” because they are sent to a large number of recipients. 

On the other hand, some phishing attempts may use overly personalized greetings to create a false sense of familiarity and trust. If the greeting seems off or doesn’t match the usual tone of communication from the supposed sender, it’s worth investigating further.

3. Suspicious Domain Names

Always check the sender’s email address carefully. Phishers often use email addresses that look similar to legitimate ones but contain subtle misspellings or unusual domain names. For example, an email from “support@paypa1.com” (with a numeral ‘1’ instead of the letter ‘l’) is likely a phishing attempt. Hover over the sender’s name to reveal the full email address and scrutinize it for any inconsistencies.

4. High-Risk Words

Phishing emails frequently use high-risk words such as “money,” “investment,” “credit,” and “free.” These words are designed to entice recipients into clicking on links or providing personal information. Be wary of emails that promise financial gains, free gifts, or urgent investment opportunities, especially if they come from unknown sources.

5. Hover Over Links

Before clicking on any link in an email, hover your mouse over it to see the URL it leads to. If the URL looks suspicious or doesn’t match the supposed sender’s website, do not click on it. Phishing links often lead to fake websites designed to steal your information. Instead, visit the official website directly by typing the URL into your browser.

Practical Tips for Email Safety

  • Do not share personal information: Never provide sensitive information such as passwords, credit card numbers, or social security numbers in response to unsolicited emails.
  • Use multiple email addresses: Separate your email addresses for different purposes, such as personal, professional, and online shopping. This can help contain the damage if one of your email addresses is compromised.
  • Keep your software updated: Ensure that your email client, browser, and antivirus software are up to date. Security updates often include patches for vulnerabilities that phishers exploit.

Read more »
Security Breach
CNI Email malware phishing Security Breach

Email Attacks Target 80% of Key Infrastructure Firms, Study Reveals

 


Strong security for emails is one of the top concerns of CNI dealing companies. According to a recent OPSWAT report, 80% of CNI companies reported an email-related security breach in the past year. Malicious emails are being exploited to target essential services, and email-based attacks are increasingly used as a key strategy for gaining unauthorised access.

CNI organisations, such as utilities, transportation, telecommunications, and data centres, are prime targets for cybercriminals. The appeal lies in the widespread disruption a successful attack can cause. For example, a report from Malwarebytes highlighted that the services industry, which includes many CNI sectors, has been heavily impacted by ransomware, accounting for nearly a quarter of global attacks.

Email attacks prove to be particularly effective, according to a report by OPSWAT, which polled 250 IT and security leaders of CNI firms. For instance, CNI organisations experienced 5.7 phishing incidents, 5.6 account compromises, and 4.4 instances of data leakage per year for every 1,000 employees. Yet still, more than half of the respondents assumed that email messages and attachments were safe by default.

Why Cybercriminals Target Emails

Emails are a straightforward way for attackers to deliver phishing scams, malicious links, and harmful attachments. Once opened, these can give hackers access to critical systems. More than 80% of CNI organisations believe that email threats will increase or stay the same over the next year, with phishing, data theft, and zero-day malware attacks being the most likely.

As operational technology (OT) and IT systems become more connected, the risk grows. The report warns that fewer OT networks are isolated from the internet today. This interconnection means a single email attack could spread from IT to OT systems, causing further damage and enabling attackers to launch new attacks from within the network.

UK Steps up Data Center Security End

Data centres have just been designated by the UK government as critical national infrastructure, thus putting them in a category qualifying for further protection from growing cyber threats. This is the first new CNI designation since 2015. The measure aims to enhance the security of these critical facilities that guarantee the running of all services across the country pretty slickly.

This change also means that data centres will receive more government support in the event of cyber incidents, including access to the National Cyber Security Centre and emergency services when necessary. However, the increased designation also comes with tighter regulations, including the need for physical security measures, audits, and updated contingency plans.

Despite the serious threat email attacks pose, most CNI companies struggle with compliance. As revealed in the OPSWAT report, 65% of leaders admit that their organisations do not meet regulatory standards. However, for EMEA companies, this number goes down to 28%. Poor compliance leaves these organisations more vulnerable to attack.

Recent data shows that cyber attacks on CNI organisations are on the rise. The NCC Group’s latest Threat Pulse found that in July alone, 34% of ransomware attacks targeted CNI, up from 32% in June. Experts suggest that cybercriminals may now feel less concerned about consequences from law enforcement. Initially, ransomware groups avoided high-profile targets like hospitals to avoid severe crackdowns. However, recent attacks on CNI suggest they are no longer holding back.

Legacy Technology: The Soft Underbelly 

One of the biggest issues facing CNI companies is their reliance on outdated technology. The National Cyber Security Centre’s 2023 Annual Review noted that many critical infrastructure organisations still use legacy systems that are not regularly updated, making them easy targets for cyber attacks. These systems are often decades old and lack basic security features, making it easier for attackers to exploit them. A Microsoft report from May supported these findings, showing that security measures for OT systems are often inadequate, making attacks on water and other key infrastructure systems both attractive and easy for hackers. As cyber threats continue to rise, the need for CNI companies to update their technology and strengthen their security protocols becomes increasingly urgent. 

As email attacks continue to plague critical infrastructure organisations, it’s clear that a stronger approach to email security is needed. OPSWAT’s report stresses the importance of prevention, urging CNI companies to prioritise email security measures to protect their networks. With cybercriminals targeting these vital systems more than ever before, improving defences against email-borne threats is essential for ensuring the security and stability of national infrastructure.

CNI companies are facing a growing threat from email-based cyber attacks. As technology develops and attackers become more sophisticated, it’s crucial for organisations to update their security measures and comply with regulations to safeguard their operations. Email remains a key entry point for cybercriminals, and without the necessary precautions, the consequences could be severe.



Read more »
Snake Keylogger
CVE-2017-0199 Data Breach Email Phishing Attack Sensitive Information Snake Keylogger

New Version of Snake Keylogger Targets Victims Through Phishing Emails


Researchers at Fortinet's FortiGuard Labs have uncovered a newly evolved variant of the Snake Keylogger, a type of malicious software notorious for capturing and recording everything a user types. Keyloggers are often used by cybercriminals to steal personal information, such as passwords, credit card numbers, and other sensitive data. This new variant of Snake Keylogger, also known as “404 Keylogger” or “KrakenKeylogger,” is being distributed through phishing campaigns and has been upgraded to exploit specific vulnerabilities, making it even more dangerous.

The attack is initiated by a deceptive phishing email that pretends to be a notification about a financial transaction. FortiGuard Labs’ security systems identified the email, which was flagged with the subject line “[virus detected],” and it contains an attached Excel file named “swift copy.xls.” Although the file may appear harmless, opening it sets off a chain reaction that ultimately leads to the installation of the Snake Keylogger on the recipient's computer.

The Excel file attached to the phishing email is no ordinary spreadsheet—it has been specially crafted to take advantage of a known security vulnerability, CVE-2017-0199. This vulnerability allows attackers to execute code remotely by embedding a malicious link within the file. When the victim opens the document, this hidden link discreetly connects to a remote server, which then delivers a secondary malicious file in the form of an HTA (HTML Application) file. This file, containing obfuscated JavaScript, is executed automatically by the Windows operating system, setting the stage for further malicious actions.

The HTA file is programmed to run a VBScript that initiates the download and execution of a final payload—a malicious executable named “sahost.exe”—from a remote server. This payload, known as the Loader module, is designed with multiple layers of encryption and obfuscation, making it difficult for antivirus software to detect or analyse. Once executed, the Loader module unpacks additional encrypted components, including the main module of the Snake Keylogger, which is hidden within an encrypted Bitmap resource.

The Loader module not only delivers the Snake Keylogger but also ensures that it remains undetected and continues operating on the infected system. It accomplishes this by decrypting and loading several key components into the computer's memory, where they can execute without being noticed. Among these components is a critical module called “Tyrone.dll,” which plays a crucial role in the keylogger’s ability to persist on the victim's system. This persistence is maintained through a scheduled task that launches the keylogger whenever the computer is started.

Once installed, the Snake Keylogger operates stealthily, capturing everything the user types and taking screenshots of their activities. It targets a wide range of applications, including web browsers, email clients, and messaging software, and is capable of extracting saved credentials and other sensitive information from these programs. To avoid detection, the keylogger uses a technique called process hollowing, which involves injecting malicious code into a legitimate process, allowing it to operate without raising alarms.

One of the most concerning features of this keylogger is its ability to send the stolen data directly to the attacker via email. The keylogger uses SMTP to transmit the victim’s credentials and other sensitive information in real-time, enabling the attacker to quickly exploit the data or commit financial theft. Additionally, FortiGuard Labs discovered that this variant of Snake Keylogger employs sophisticated anti-analysis techniques. For example, it can detect if it is being run in a security research environment, in which case it refrains from sending the stolen data, making it harder for researchers to analyse the malware.

To protect against these types of threats, FortiGuard Labs advises caution when it comes to emails from unknown sources, especially those with attachments. It's imperative to keep all software up-to-date and utilise robust security solutions to prevent such attacks. By staying informed and vigilant, individuals and organizations can better protect themselves from this and other emerging cyber threats.




Read more »
Phishing Scams
cyber attack Cyber Fraud Email Housing Scams Locata Manchester Phishing Scams

Cyber Attack Disrupts Housing Services Across Greater Manchester


A scathing cyber attack has disrupted housing services in three Greater Manchester boroughs, leaving thousands of residents at risk of a phishing scam. The breach, which affected the software company Locata, has caused the temporary closure of housing websites for Manchester, Salford, and Bolton councils, and resulted in fraudulent emails being sent to users, urging them to provide sensitive personal information.

Widespread Disruption from Cyber Incidents

The cyber attack first emerged last week, targeting Locata’s software, which is widely used by local councils to manage housing applications and services. Over the weekend, the attack escalated, causing disruptions to the public-facing housing websites operated by Manchester, Salford, and Bolton councils. Users of these services were targeted with phishing emails that appeared legitimate, asking them to "activate your tenancy options" by clicking on a link and submitting their personal details. This scam has potentially compromised the security of many individuals.

Locata’s Response and Council Actions

Locata, the company responsible for providing housing software to several councils, acknowledged the security breach on July 29. In a public statement, the company expressed regret for the incident and assured the public that they were working urgently with cybersecurity experts to investigate and contain the breach. Locata informed the affected local authorities and emphasised their commitment to resolving the issue as quickly as possible.

In response, Manchester City Council confirmed that the breach led to scam emails being sent to some Manchester Move applicants. The council acted promptly by taking the affected website offline to prevent further breaches and initiated an investigation with the Information Commissioner’s Office. They advised residents to exercise caution, avoid interacting with suspicious emails, and refrain from clicking on unverified links.

Impact on Bolton and Salford Residents

Bolton Council also reported that the cyber attack had affected its housing service, Homes for Bolton, leading to a similar phishing scam. The council has urged residents to stay alert and provided guidance on steps to take if they had mistakenly interacted with the fraudulent emails, including following advice from the UK’s National Cyber Security Centre.

Salford City Council was among the first to experience the breach, which led to the temporary suspension of the Salford Home Search website. To protect residents, the council advised users to monitor their financial accounts closely, report any suspicious activity, change passwords, and contact Action Fraud if they experienced financial losses.

The investigation into the cyber attack is ongoing, with Locata working closely with affected local authorities to restore services securely. Authorities have urged the public to follow cybersecurity best practices, remain alert against phishing scams, and take necessary precautions to safeguard their personal information.

The growing risks associated with cyber threats and the importance of strong cybersecurity measures for both organisations and individuals cannot be overstated


Read more »
Privacy
Cyberattacks CyberCrime DataBreaches Email Firefox Malware attacks Mozilla Privacy

Protecting User Privacy by Removing Personal Data from Data Broker Sites

 


As part of its new subscription service model, Mozilla Firefox is offering its users the possibility of finding and removing their personal and sensitive information from data brokers across the internet. This new subscription model is known as Mozilla Monitor Plus and will allow users to locate and remove their sensitive information. 

To eliminate their phone numbers, e-mail, home addresses, and other information that is usually sold to data broker platforms for profit, the company offers a new subscription model called Mozilla Monitor-Plus. This is particularly interesting since Mozilla already offers a free service of privacy monitoring called Firefox Monitor which was previously known as Mozilla Monitor - which is now being revamped to strengthen privacy for users.

Previously, Mozilla Monitor was a free service that sent users notifications when their email accounts had been compromised. The new version is now called Monitor-Plus, and it is a subscription-based service. Approximately 10 million current Mozilla Monitor users will now have the opportunity to run scans to see if their personal information has been hacked by using the subscription-based service. 

Whenever a breach is detected, Monitor Plus provides the tools to make sure that a user's information remains private again if a breach is detected. Data broker websites have a convoluted and confusing process that individuals have to deal with when they try to remove their information from them. It is not uncommon for people to find themselves unsure of who is using their personal information or how to get rid of it once they find it online.

However, most sites have either an opt-out page or require them to contact the broker directly to request removal. This process can be simplified by Mozilla Monitor, which searches across 190 data broker sites known for selling private and personal information proactively.

Mozilla will initiate a request on behalf of the user for removal if any data provided to Mozilla is discovered on those sites, including name, location, and birthdate. The removal process can take anywhere from a day to a month, depending on how serious the problem is. There are two subscription options available for users of this feature, the Monitor Plus subscription costs $13.99 per month or $8.99 per month with an annual subscription, which includes this feature. 

The free option for users who do not wish to subscribe to Firefox is to scan data broker sites once. However, these users will have to manually go through the steps to remove their information from these websites. This may encourage them to upgrade to the Monitor Plus subscription, as it provides automatic removals for a process that can be very tedious otherwise.

In regards to data breaches, both free and paid users will continue to receive alerts and will have access to tools to learn how to fix high-risk breaches. By providing their email addresses, as well as a few personal details such as their first and last name, city, state, and date of birth, users can initiate a free one-time scan for their device.

There will then be the possibility to scan the tool for potential exposures and let users know about them and how they can be fixed. It is Mozilla's policy to initiate a data removal request on behalf of users who wish to have their data removed. The status of the requests of users can be viewed, as well as the progress of their requests can be tracked. 

Furthermore, Mozilla will perform a monthly scan after the removal of personal information to ensure that it is kept safe on 190+ data broker sites even after the removal. Users must submit their first and last name, current city and state, date of birth, and email address to initiate a scan. Mozilla has an extensive privacy policy that protects the privacy of this information and encrypts it.

With this kind of information in hand, Mozilla applies a scan to your personal information, showing you where your information has been exposed by data breaches, brokers, or websites that collect personal information. In 2023 alone, 233 million people will have been affected by data breaches, and it is for this reason that a tool such as this is vital in the current environment. The Mozilla Monitor Plus subscription will include monthly scans and automatic removal of any malware that is found on your computer.
Read more »
Subscribe to: Posts (Atom)