Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Malicious Link. Show all posts
Scammer
Australia Cyber Attacks fake payment cards fake websites Malicious Link MyGov App Online Payment Fraud Payment Fraud Scammer

Scammers Use Fake Centrelink Promises to Target Australians Online

 

Australians have been cautioned about a recent wave of scam websites falsely advertising significant Centrelink payments. These sites promise financial boosts, sometimes hundreds or thousands of dollars, to low-income residents and seniors, exploiting people facing financial challenges. Fraudsters create convincing websites that mimic government agencies like Centrelink, Service Australia, and myGov, claiming these funds are aimed at helping Australians manage the rising cost of living. To create legitimacy, scammers have designed sites that appear to offer eligibility checks, which are actually tactics to gather personal details. 

These scams largely stem from international sources, including countries like India, and often display website URLs ending in “.in” instead of “.gov.au,” an indicator of their inauthenticity. If Australians are lured into these sites, they might be asked to enter personal information, leading to risks of identity theft, unauthorized access to accounts, or financial loss. Scammers also contact victims through text messages, emails, and even direct calls, adding urgency by claiming that immediate action is required to avoid consequences such as account closures or legal threats. The National Anti-Scam Centre has warned users not to trust unsolicited links or messages, as legitimate government organizations do not send out emails or texts asking for login credentials. 

To safeguard against these scams, Australians should only rely on official government websites such as servicesaustralia.gov.au and my.gov.au, as these sites have secure government domains that are easily recognizable. If users are unsure about a message or website, they should verify through official contact channels or report the suspected scam to authorities. Fake Centrelink promises have targeted people’s vulnerabilities by exploiting the challenging economic conditions many Australians currently face. As such, the National Anti-Scam Centre and Services Australia have been actively educating citizens on how to spot fake offers. Scams typically feature enticing language, such as “life-changing benefits,” or make claims about “one-off payments” to attract attention. 

Although these offers may sound appealing, it’s essential to remember that if a promise sounds too good to be true, it likely is. Identifying and reporting such scams can help prevent others from falling victim to these frauds. Authorities urge everyone to double-check website URLs, avoid clicking on suspicious links, and never disclose personal information to unverified sources. The Australian government has intensified efforts to address these scams, working to identify, block, and take down fraudulent sites where possible. While scammers’ techniques evolve, Australians can protect themselves by staying informed, cautious, and vigilant.
Read more »
T-Mobile
Cyber Attacks Malicious Link Mobile scam Mobile Security Phishing Attack Scams T-Mobile

T-Mobile Customers Alarmed by Unfamiliar Support Links, But They Are Legitimate

 

T-Mobile customers have recently raised concerns after receiving unusual-looking links from the company’s support channels, leading to fears of potential phishing scams. However, investigations have confirmed that these links are legitimate, though their appearance and unfamiliar origin have caused some confusion. The Mobile Report has revealed that T-Mobile’s support teams, including T-Force, the social media support team, are now utilizing a third-party service called Khoros to manage secure forms for customers. This change has led to the use of links with unfamiliar domain names, which naturally appear suspicious to users. 

For instance, one customer was directed to a “Handset Upgrade Form” through a link that, at first glance, seemed questionable. T-Mobile employees have assured The Mobile Report that these links are indeed authentic and part of a new procedure aimed at handling sensitive customer information more securely. In the past, T-Mobile hosted similar forms directly on its own servers using a T-Mobile domain, which customers were familiar with. The shift to an external platform, particularly one that customers do not recognize, has understandably caused some concern and confusion among users. 

Adding to the unease is the fact that Khoros, the company now hosting these forms, describes itself as a platform that uses AI and automation to analyze large amounts of data. While this approach is standard for many data-driven companies, it raises questions about the potential risks involved in sharing sensitive information with third-party services, especially when customers are not fully informed about the transition. Despite the legitimacy of these links in this instance, it is always wise for customers to exercise caution when dealing with unfamiliar links, even if they appear to originate from a trusted source. Phishing scams often rely on the use of seemingly legitimate links to deceive users into disclosing sensitive information. 

As a precaution, customers are advised to contact T-Mobile directly through official channels to verify the authenticity of any communication they receive, particularly when it involves providing personal or financial information. While T-Mobile’s new process using Khoros is legitimate, the lack of clear communication regarding the change has led to understandable concerns among customers. As always, caution and verification remain key to ensuring online safety, particularly when dealing with unexpected or unfamiliar links.
Read more »
ZIP File
Loader Malicious Link malware Phishing Attack ZIP File

Online Hackers Target Microsoft Teams to Propagate DarkGate Malware

 

Microsoft Teams conversations are being abused by a new phishing attempt to distribute malicious attachments that install the DarkGate Loader malware.

When two external Office 365 accounts were found to be hijacked and were detected sending Microsoft Teams phishing mails to other organisations, the campaign got underway in late August 2023.

These accounts were used as a ruse to get other Microsoft Teams users to download and open a ZIP file called "Changes to the vacation schedule."

When a user clicks on an attachment, a ZIP file from a SharePoint URL that contains an LNK file resembling a PDF document is downloaded. The script first verifies that Sophos antivirus software is present on the target device; if it isn't, it launches the shellcode and deobfuscates additional code. 

The Windows executable for DarkGate is built by the shellcode using a method known as "stacked strings" and loaded into memory. The malicious attachments are sent to other Teams organisations by the campaign, as observed by Truesec and Deutsche Telekom CERT, using hacked Microsoft Teams accounts. 

In a June 2023 report, Jumpsec cited an example of Microsoft Teams phishing. Jumpsec found a means to deliver malicious messages to other organisations via phishing and social engineering, which is comparable to this attack. 

Microsoft chose not to address the risk despite the stir this finding created. It is advised that administrators use secure configurations instead, such as narrow-scoped allow-lists and disabling external access, if communication with external tenants is not required.

The chance of this Microsoft Teams phishing attack being utilised in the wild was increased by a tool that a Red Teamer provided in July 2023. The attack chain of the recently observed campaign does not appear to use this strategy, though. Since its release in 2017, DarkGate has been employed cautiously by a select group of online criminals against specific targets. 

hVNC for remote access, cryptocurrency mining, reverse shell, keylogging, clipboard theft, and information theft (files, browser data) are just a few of the harmful behaviours supported by this powerful malware. 

According to a ZeroFox report from June 2023, ten people were offered access to DarkGate for the ludicrous price of $100,000 per year by a person claiming to be the original author of the software. 

In the following months, there have been numerous reports of DarkGate distribution ramping up and employing a variety of vectors, including phishing and malvertising. DarkGate is a growing threat that needs to be actively monitored even though it may not yet be a widespread threat due to its increased targeting and use of various infection channels.
Read more »
Subscribe to: Posts (Atom)