CySecurity News - Latest Information Security and Hacking Incidents: Phishing scam

Check Point Cyber Attacks data security Gmail Gmail Hack Gmail-Accounts Personal Data Phishing scam Rhadamanthys malware

Gmail Alert: Massive Phishing Campaign Spreads Rhadamanthys Malware

Cybersecurity experts have issued a new warning about a large-scale phishing attack targeting Gmail users worldwide. Researchers at Check Point have uncovered the threat, which uses fake Gmail accounts to send emails impersonating well-known companies. These fraudulent messages claim recipients have violated copyright laws on their social media accounts, urging them to take immediate action.

The goal of these emails is to trick victims into downloading attachments laced with the Rhadamanthys Stealer malware. Once installed, this malware infiltrates systems to steal sensitive personal data. The attackers’ strategy is both sophisticated and alarming. They create convincing fake Gmail accounts and customize emails to appear as if they are from legitimate organizations. Victims are informed of supposed copyright violations and pressured to resolve the issue by downloading attached files.

However, clicking on these files triggers the malware’s installation, granting hackers access to a victim’s computer. The malware operates silently, collecting private information such as login credentials and other sensitive data without the user’s knowledge. The phishing campaign has already reached a global audience, targeting users in Europe, Asia, and the United States. Check Point highlights the staggering scale of the operation, noting that nearly 70% of the impersonated companies belong to the entertainment, media, technology, and software industries. This wide range of targets makes the attack more challenging to detect and stop.

The campaign leverages people’s trust in established companies and creates urgency, making victims more likely to fall for the scam. One of the most concerning aspects of the attack is the advanced capabilities of the Rhadamanthys Stealer malware. This sophisticated program is specifically designed to evade detection by traditional security measures. Once installed, it can extract a variety of data from the infected system, including passwords, financial information, and personal files. The malware’s ability to operate covertly increases the risk for users who are unaware that their devices have been compromised.

Experts stress the importance of vigilance in protecting against this type of phishing attack. Email users should carefully verify the sender’s identity and be cautious of messages that create a sense of urgency or demand immediate action. Legitimate organizations rarely use generic Gmail accounts to contact users, and they typically do not send unsolicited attachments or links. Users should also avoid downloading files or clicking on links from unknown sources, as these actions can initiate malware installation.

Keeping antivirus software up to date is another critical step in preventing infections. Modern security programs are designed to detect and block malicious files like those associated with Rhadamanthys Stealer. Additionally, users are encouraged to report any suspicious emails to their email providers, which can help prevent further spread of such attacks. By staying informed and adopting safe online practices, individuals can reduce their vulnerability to these increasingly sophisticated phishing campaigns.



 

Quishing

Cyber Fraud Data Privacy Phishing scam QR Codes Quishing

Phishing And The Threats of QR Codes

Cybercriminals have always been adept at abusing the latest technological developments in their attacks, and weaponizing QR codes is one of their most recent strategies. QR codes have grown in popularity as a method for digital information sharing due to their ease of use and functionality.

However, their widespread use has created a new channel for phishing attempts, namely QR code phishing (or quishing). With the NCSC recently warning of an increase in these attacks, businesses must grasp how QR codes can be used to compromise staff and what they can do to effectively protect against these rising threats.

Leaders at risk from QR code attacks

Quishing attacks, like traditional phishing campaigns, typically attempt to steal credentials by social engineering, in which an email is sent from a supposedly trusted source and uses urgent language to persuade the target to perform a specific action.

In a quishing attack, the target is frequently induced to scan a QR code disguised as a fake prompt, such as updating an expired password or examining a critical file. The malicious QR code will then direct visitors to a counterfeit login page, prompting them to enter - and ultimately expose - their credentials.

CEOs and senior executives, who have the system access, are naturally appealing targets due to the high value of account credentials. In fact, the study discovered that C-Suite members were 42 times more likely than other employees to receive QR code phishing assaults.

Quishing attacks mainly follow the same standard phishing strategy, in which social engineering is employed to control the victim's actions. However, when it comes to QR code phishing, cybercriminals appear to prefer two methods.

Data collected in the second half of 2023 revealed that QR codes were most commonly used in false notifications for MFA activity (27% of all QR assaults) and shared documents (21%). Whatever the explanation for the malicious code, the majority of QR assaults security experts detected are credential phishing attempts.

Prevention tips

The best defence is to keep these attacks from reaching their intended targets at all. However, it is becoming increasingly evident that these new phishing schemes outperform secure email gateways (SEGs) and other legacy email systems. Unfortunately, these safeguards were not intended to thoroughly detect QR code threats or assess the code's destination.

Businesses need to be aware that new threats like QR codes will outsmart many of the classic security solutions, forcing them to switch to more contemporary, dynamic strategies like AI-native detection technologies.

Phishing Alert: Spotting the 'Vahan Parivahan' Speeding Violation Ticket Scam



 

Vahan Parivahan

Cyber Fraud Cyberattacks CyberCrime CyberThreat Phishing scam Vahan Parivahan

Phishing Alert: Spotting the 'Vahan Parivahan' Speeding Violation Ticket Scam

There is no doubt that traffic violations have also been victimized by scammers, as have most online services, as phishing has become one of the new ways in which unsuspecting victims have been tricked into giving out their personal information. The scammer sends users an e-challan that mentions an issue, and as soon as they click on it, or download the app, they use this information to wipe their bank account clean and get away from them.

Receiving an e-challan and questioning its legitimacy may indicate a scam is on the horizon. It has been found that cybercriminals have been exploiting traffic violations to lead unwitting individuals into phishing traps, leading unsuspecting individuals into phishing schemes. As the landscape of online fraud continues to evolve, a new scam has emerged, targeting unsuspecting vehicle owners through WhatsApp. A new scam dubbed the "Fake Traffic Violation Challan Scam" involves fraudsters sending bogus traffic challans through the messaging service, along with an APK file which is designed to take personal information.

Several online scams have surfaced over the past few months, ranging from job offers to investment schemes, however, now a new threat has emerged - a fake traffic violation Challan scam. Recently, a Reddit user, known as Dambu186, shared his experience with the scam, emphasizing the importance of being aware of these types of scams and avoiding them. It is important to understand that Android uses an APK file format for distributing and installing its apps.

APK files, a similar software installation process to EXE files for Windows computers, are used by Android devices for software installation. However, in this scam, the APK file isn't just another benign installer, but a Trojan horse designed to take control of users' phones. Vahan Parivahan phishing scams or e-challan scams are cyberattacks aimed at unsuspecting citizens who are notified via SMS that they have been charged with a traffic violation.

In most cases, scammers send users a message with a link that invites them to pay the fine or download an app called Vahan Parivahan and once the app is downloaded, they have access to users' data and can steal money from their bank account as a result. There has been an increase in the number of scams targeting vehicle owners and drivers. One example of this scam is the "Vahan Parivahan Fraud." It is a scam in which users receive an APK file via WhatsApp along with an SMS that informs them of a traffic violation.

There is a common fraud that one receives via SMS for an e-challan, and the link to the fake website or even an app will prompt users to download. Let's try to understand it and learn how to avoid it. There are fake websites that are similar to the official ones that are designed to steal information such as credit card numbers, Aadhaar numbers, login credentials, etc. These fake websites look like the official ones, but they are meant to steal information like these.

Despite its disarmingly simple mode of operation, the scam has been successfully evading people for years. In India, scammers impersonate the government traffic department Parivahan, and they send messages on WhatsApp informing victims of an alleged traffic violation registered against their vehicles. An APK file is attached to the message, which encourages recipients to download the app to view and pay the challan. There are several details included in the message, including the specific date, a location that was generated randomly, as well as a fake challan number.

This is an e-mail that seems legitimate enough to deceive the uninitiated, particularly those who are not familiar with traffic violation notifications or new car drivers. To stay safe from such scams, one of the best ways is to simply not click on any links in messages. The best thing users can do if they receive an e-challan notification is to go to the official website and check it out. Users can also contact the traffic police to verify the information. Despite what the message says, be aware of the ‘.gov.in’ extension when it comes to any official government website.

Whenever users visit an unknown website, do not share any personal information until they are certain the site is legitimate. Installing the provided APK unintentionally installs malware on the user's computer. To create these fake apps, the attackers present a fake payment gateway to steal credit card details or net banking credentials from the user. The fake apps take many forms, from spyware that records keystrokes, to more aggressive types that allow the attacker to control the device completely. Keeping a vigilant eye out for scams like these is crucial to protecting users from them.

Verify before Clicking, and ensure that all communication from official sources is authentic by verifying the authenticity of the communication through the official channels that they have verified. In no circumstances should users rely on messages received by WhatsApp or other social media platforms if they have not been verified. Keep an eye out for downloaded apps and unsolicited links. Never trust links or downloads from unknown sources, and do not download apps from them.

The official apps are only available on reputable stores such as Android Play, or they can be downloaded directly from the official website of the developer. Ensure that a secure network whenever possible protects users' financial information from being intercepted in case of public Wi-Fi networks or unprotected networks.

Be on the lookout for suspicious activity in their accounts: Make sure users routinely check their bank statements and transaction histories for any suspicious activity. It is crucial to educate others about such scams, especially those who might be less tech-savvy, and make sure they are aware of these threats. There are several things citizens can do to protect not only their personal information but to ensure their own peace of mind as well by staying informed and cautious. The key to a successful campaign against cybercrime is awareness, and action is the sword when it comes to fighting this crime.

eBay, VMware, and McAfee Taken Down in Widespread Phishing Operation



 

Site Hack

Cyber Attacks eBay Phishing scam Site Hack

eBay, VMware, and McAfee Taken Down in Widespread Phishing Operation

Hackers have taken control of over 8,000 subdomains belonging to reputable companies and organizations to launch a massive phishing campaign that sends millions of malicious emails every day.

Among the companies involved in "SubdoMailing" are MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, and eBay. The campaign, which is the center of a larger cybercrime operation and damages the credibility and trust of the compromised organizations, was identified by researchers from Guardio Labs.

"The discovered operation entails the manipulation of thousands of hijacked sub-domains associated with or related to major brands," security researcher Oleg Zaytsev and CEO of Guardio Labs-Cybersecurity Nati Tal stated in a Medium article. "Complex DNS manipulations for these domains allowed the dispatch of vast quantities of spammy and just outright malicious emails, falsely authorized under the guise of internationally recognized brands."

According to the researchers, the effort is designed to evade all industry-standard email security mechanisms, such as Sender Policy Framework (SPF), DKIM, SMTP Server, and DMARC, that are normally in place to prevent suspicious messages. Instead, emails appear to originate from trustworthy sites.

Finding the Hijacking Scheme

In the post, Guardio provides a detailed explanation of how its email protection algorithms detected an unusual trend in an email's metadata, leading to the operation's discovery. It led the researchers down a rabbit hole that eventually resulted in the lifestyle expert Martha Stewart and MSN.com parting ways for a long time.

"A particularly insidious email" warning of allegedly suspicious activity in a cloud storage account ended up in a user's "Primary" inbox when it should have been reported as spam, according to the example given.

More about the threat actor

According to Guardio, the vast effort is the result of a threat actor known as "ResurrecAds," which uses the tactic of resurrecting "dead" domains of large brands or those connected to them to utilize them as backdoors to exploit reputable services and businesses to ultimately make money as an "Ad-Network" entity.

"This approach enables them to circumvent contemporary email protection measures, showcasing their adeptness at manipulating the digital advertising ecosystem for nefarious gains," the authors stated.

According to Guardio, the actor's malicious behavior involves them constantly searching the Internet for abandoned subdomains of reputable brands to find chances to buy them or compromise them to send malicious emails.

Looking for damage

The campaign highlights the increasing sophistication of hostile email operations, which have been around almost since the beginning of digital communication. However, they are still evolving as more defenders use security measures like SPM, DKIM, and DMARC.

"Our research has revealed that threat actors are not merely reacting to security measures; they’ve been proactively adapting and evolving for some time," the investigators stated.

Guardio developed a unique website with the tool SubdoMailing Checker to determine whether a site's abandoned domain is being used in the operation due to the operation's widespread and ongoing nature.

More than 800 False "Temu" Domains Trick Customers Into Losing Their Credentials



 

Temu

Credential Theft Fake Domains Phishing scam Privacy Temu

More than 800 False "Temu" Domains Trick Customers Into Losing Their Credentials

Cybersecurity experts caution against falling for Temu phishing scams since they use phony freebies to obtain passwords. In the last three months, more than 800 new "Temu" domains have been registered.

The most recent company that con artists have used for their phishing schemes is Temu. With over 800 new domains registered as "Temu" in the last three months, cybersecurity researcher Jeremy Fuchs of Checkpoint's Harmony Email has observed that hackers are taking advantage of Temu's giveaway offers to persuade users to divulge their passwords.

Just so you know, Temu is an international e-commerce site with 40% of its users residing in the United States. It provides customers with direct shipping of discounted goods. Launched in 2022, Temu is accessible in 48 nations, encompassing Australia, Southeast Asia, Europe, and the Middle East.

It ranks second in the Apple App Store and first in the Google Play Store for shopping apps as of February 7, 2024. The majority of app users are older folks, aged 59 and up.

The Scam

According to analysts, Temu Rewards is the source of the example phishing email. On closer inspection, though, you'll see that it was received from an unconnected onmicrosoft.com email account. The email has a link to a page that harvests credentials and a blank image. By telling recipients they have won, the threat actors hope to draw in receivers.

Phishing and Brand Names

Threat actors have previously used popular brands and current trends to their advantage to obtain sensitive data, including credentials, from unsuspecting consumers.

Cyjax researchers uncovered a sophisticated phishing campaign that was aimed at over 400 firms in a variety of industries. To spread malware and get money from advertisements, the con artists—who most likely have Chinese ties—used 42,000 domains, and at least 24,000 survey and landing pages to advertise the scheme.

Bloster AI cybersecurity experts have uncovered a USPS Delivery phishing campaign that employs sophisticated tactics to target victims in the United States. CheckPhish from Bolster found more than 3,000 phishing domains that imitated Walmart. Customers were misled by the advertising into believing they had failed delivery and unpaid bills. Threat actors have refined their attack strategies, moving from misleading messaging to enticing victims to download apps that steal banking or financial data.

In January 2024, it was found that business owners of Meta Platforms, Inc. were the target of a phishing scam that attempted to obtain their email addresses and passwords to gain control of their Facebook page, profile, and financial information. The hoax created a sense of urgency and authenticity by leveraging Meta Platforms' authority.

Cybersecurity and Temu

Temu has experienced several cybersecurity-related problems, including claims that it was gathering data from users and devices, including SMS messages and bank account details.

A class-action lawsuit was launched in November 2023 in the United States, claiming that the corporation had obtained its customers' data illegally. Moreover, an additional revelation emerged that implicated Temu in the unapproved release of customer information, specifically concerning data that allegedly surfaced for sale on the dark web following transactions made by users of the app.

Decrypting the Threat: Telegram's Dark Markets and the Growing Menace of Phishing Networks



 

Website Security

Cyber Phishing Data Beach Phishing scam Telegram Website Security

Decrypting the Threat: Telegram's Dark Markets and the Growing Menace of Phishing Networks

In the last few years, social media has gradually become a one-stop shop for scammers. With easily available information, scammers are able to hand-pick their target and create a customized scam for them.

Telegram is one such platform that has also emerged as a hub for all things any scammer might need to create a perfect scam. Information that was once hidden behind the screens of the dark web is now readily and publicly available on Telegram, many of which are even free to access.

From instructional guides and phishing kits to the services of hackers for hire, this application has increasingly become a comprehensive hub, providing scammers with everything they might require for their illicit activities.

For a newcomer, it is astonishing to see how easy it is to find these marketplaces on Telegram, which were previously deep inside Tor Onion networks. Messages flow incessantly, unveiling an array of products, services, tips, and tricks—knowledge that was once exclusive to the depths of the dark web is now readily accessible.

One of the most known examples of such a scam is the “Bank of America” phishing page scam which was circulated in the US network. This scam was made to extract the bank account details of potential targets, which were then sold to higher players.

These scammers who work on the higher chain work by delving into the criminal abyss of cash extraction from these accounts unveils a new echelon of illicit activity, characterized by heightened complexity. This is precisely where the orchestrated network of the scammer's supply chain comes into play.

Planning a scheme as elaborate as this involves assembling several essential elements:

Firstly, the foundation lies in crafting a sophisticated phishing web page, often termed a "scam page." To deploy this page seamlessly, a dependable hosting solution is indispensable. An effective email-sending system is then required to initiate the deceptive process. Crafting a compelling email message, strategically designed to lure victims to the scam page, serves as another crucial element. The acquisition of targeted email addresses, known as "Leads," becomes pivotal for precision targeting. Unsurprisingly, there is a separate marketplace that is solely focused on gathering data of potential targets through malicious websites, surveys and pop-up emails offering discounts and free rewards.

Lastly, a mechanism for monetizing the stolen credentials completes the construction. Notably, all these necessary building blocks are readily available on Telegram, with some offered at remarkably low prices, and astonishingly, certain elements are even accessible for free. This holistic approach underscores the alarming accessibility and affordability of these illicit tools within the Telegram ecosystem.

After analyzing the scam creation process, it's evident that phishing scams exploit compromised security on legitimate websites.

Owners of such sites bear a dual responsibility of safeguarding their business interests and preventing their platforms from being exploited by scammers. This includes protecting against the hosting of phishing operations, sending deceptive emails, and other illicit activities that may occur without their knowledge. Vigilance and proactive measures are essential to ensure the integrity and security of online platforms.

Security Alert: Google AMP Used in Evasive Phishing Attacks



 

Phishing scam

Cyber Attacks Google Google AMP Phishing Attack Phishing scam

Security Alert: Google AMP Used in Evasive Phishing Attacks

In recent times, there has been an increase in phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to the inboxes of enterprise employees. This has been a cause of concern for security researchers and organizations alike.

What is Google AMP?

Google AMP is an open-source HTML framework co-developed by Google and 30 partners to make web content load faster on mobile devices. It is designed to improve the user experience by providing faster loading times for web pages. However, threat actors have found a way to abuse this technology for malicious purposes.

How are attackers using Google AMP?

According to a report by Bleeping Computers, attackers are using Google AMP to create phishing pages that can bypass email security measures. These pages are designed to look like legitimate login pages for popular services such as Microsoft Office 365 or Google Workspace. Unsuspecting users who enter their credentials into these fake login pages risk having their accounts compromised.

The use of Google AMP in phishing attacks is particularly concerning because it allows attackers to create pages that are difficult to detect by traditional security measures. AMP pages are hosted on Google's servers, meaning they have a high level of trust and legitimacy. This makes it easier for attackers to bypass email security measures and get their phishing emails into the inboxes of enterprise employees.

What can organizations do?

Organizations need to be aware of this threat and take steps to protect themselves from these types of attacks. This can include educating employees about the dangers of phishing and how to spot fake login pages, as well as implementing advanced email security measures to detect and block phishing emails that use Google AMP.

The abuse of Google AMP by threat actors for evasive phishing attacks is a growing concern for organizations. Companies must stay vigilant and take steps to protect themselves from these types of attacks. By being proactive and implementing strong security measures, organizations can reduce their risk of falling victim to these attacks.

Watch Out For These ChatGPT and AI Scams



 

Phishing scam

AI Phishing AI Scams ChatGPT Cyber Fraud Malicious Campaign Phishing scam

Watch Out For These ChatGPT and AI Scams

Since ChatGPT's inception in November of last year, it has consistently shown to be helpful, with people all around the world coming up with new ways to use the technology every day. The strength of AI tools, however, means that they may also be employed for sinister purposes like creating malware programmes and phishing emails.

Over the past six to eight months, hackers have been observed exploiting the trend to defraud individuals of their money and information by creating false investment opportunities and scam applications. They have also been observed using artificial intelligence to plan scams.

AI scams are some of the hardest to spot, and many people don't use technologies like Surfshark antivirus, which alerts users before they visit dubious websites or download dubious apps. As a result, we have compiled a list of all the prevalent strategies that have lately been seen in the wild.

Phishing scams with AI assistance

Phishing scams have been around for a long time. Scammers can send you emails or texts pretending to be from a trustworthy organisation, like Microsoft, in an effort to trick you into clicking a link that will take you to a dangerous website.

A threat actor can then use that location to spread malware or steal sensitive data like passwords from your device. Spelling and grammar mistakes, which a prominent corporation like Microsoft would never make in a business email to its clients, have historically been one of the simplest ways to identify them.

However, in 2023 ChatGPT will be able to produce clear, fluid copy that is free of typos with just a brief suggestion. This makes it far more difficult to differentiate between authentic letters and phishing attacks.

Voice clone AI scams

In recent months, frauds utilising artificial intelligence (AI) have gained attention. 10% of respondents to a recent global McAfee study said they have already been personally targeted by an AI voice scam. 15% more people claimed to be acquainted with a victim.

AI voice scams use text-to-speech software to create new content that mimics the original audio by stealing audio files from a target's social network account. These kinds of programmes have valid, non-nefarious functions and are accessible online for free.

The con artist will record a voicemail or voice message in which they portray their target as distressed and in need of money desperately. In the hopes that their family members won't be able to tell the difference between their loved one's voice and an AI-generated one, this will then be transmitted to them.

Scams with AI investments

Scammers are using the hype surrounding AI, as well as the technology itself, in a manner similar to how they did with cryptocurrencies, to create phoney investment possibilities that look real.

Both "TeslaCoin" and "TruthGPT Coin" have been utilised in fraud schemes, capitalising on the attention that Elon Musk and ChatGPT have received in the media and positioning themselves as hip investment prospects.

According to California's Department of Financial Protection & Innovation, Maxpread Technologies fabricated an AI-generated CEO and programmed it with a script enticing potential investors to make investments. An order to cease and desist has been given to the corporation.

The DFPI claims that Harvest Keeper, another investment firm, collapsed back in March. According to Forbes, Harvest Keeper employed an actor to pose as their CEO in an effort to calm irate clients. This demonstrates the lengths some con artists will go to make sure their sales spiel is plausible enough.

Way forward

Consumers in the US lost a staggering $8.8 billion to scammers in 2022, and 2023 is not expected to be any different. Periods of financial instability frequently coincide with rises in fraud, and many nations worldwide are experiencing difficulties.

Artificial intelligence is currently a goldmine for con artists. Although everyone is talking about it, relatively few people are actually knowledgeable about it, and businesses of all sizes are rushing AI products to market.

Keeping up with the most recent scams is crucial, and now that AI has made them much more difficult to detect, it's even more crucial. Following them on social media for the most recent information is strongly encouraged because the FTC, FBI, and other federal agencies frequently issue warnings.

Security professionals advised buying a VPN that detects spyware, such NordVPN or Surfshark. In addition to alerting you to dubious websites hidden on Google Search results pages, they both will disguise your IP address like a conventional VPN. It's crucial to arm oneself with technology like this if you want to be safe online.

Beware of "Quishing": Fraudsters Steal Data Using QR Codes



 

User Security

Cyber Fraud Online Safety Phishing scam QR Codes Quishing User Security

Beware of "Quishing": Fraudsters Steal Data Using QR Codes

The vulnerability of protected health data may be increased by the usage of QR codes, which are intended to speed up processes like picture file transfers but actually expose organisations' weak points in mobile device security.

A fake QR code that links people to a website that seems identical to the real thing might be substituted by cunning cybercriminals in order to intercept user data and patients' personal information. In a practice called "quishing," they can even incorporate fake QR codes inside emails that appear to be from trusted sources.

QR code scam

With a projected increase of more than seven times in 2022, "scan scams" are now virtually regular occurrences.

Patient data breaches, malware infestations, and identity theft are all risks posed by QR code phishing in particular to healthcare organisations and patients. Cybercriminals deceive clients or staff into scanning a QR code that takes them to a website that seems authentic and asks for personal information or log-in credentials.

To access patient portals, provider networks, and other digital services, hackers steal sensitive data, including medical histories, insurance details, social security numbers, and other personal identity data.

Patient data is an extremely alluring target since it has a market on the dark web. In fact, depending on the level of data, a single patient record can fetch up to $1,000 on the underground market. That sum of money is over 50 times greater than what is typically recorded on credit cards.

Role of organisations

Organisations can increase provider, carer, and patient communication and openness with the aid of QR codes. Employing a QR code generator with integrated capabilities like single sign-on, multi-factor authentication, custom domain, and user management can help healthcare organisations safeguard this technology.

The second crucial component is a platform for QR codes with incident management tools and security measures that are subject to recurring in-depth examinations. But education also contributes to preventing QR code fraud.

Healthcare organisations must educate their staff members and patients on how to use QR codes safely, including how to spot and stay away from malware, phishing scams, and other security risks.

Mitigation tips

Patients should be encouraged to check the legitimacy of the QR codes they scan before providing personal information. There are also security and privacy problems because a lot of individuals open a link right away after scanning a QR code without even checking it. To determine whether a destination is reliable, patients should check the website or app URL linked to the QR code or use a reliable QR code scanner app.

Additionally, patients must only scan QR codes from reputable websites and applications, such as the printed materials, website, or app of their healthcare practitioner. Patients shouldn't scan a QR code if it seems sketchy or is from an unknown source.

Finally, patients should exercise caution when sharing sensitive information via a QR code, such as their medical history or insurance details. They should only provide this information to reputable healthcare practitioners who can vouch for its secure and encrypted transmission.

Cryptocurrency Scams: How to Detect and Avoid Them



 

User Security

Crypto Phishing Crypto Scam Cyber Fraud Online Security Phishing scam User Privacy User Security

Cryptocurrency Scams: How to Detect and Avoid Them

Due to the prevalence of fraudulent activity since its inception, the bitcoin market has become well-known. Scammers employ a number of techniques to trick bitcoin consumers and take their hard-earned money.

How do crypto phishing scams work?

The well-known cyberattack known as phishing has been around for a while. The FBI Internet Crime Report for 2022 states that phishing was the most prevalent technique, with 300,497 victims losing $52 million as a result. This fraudulent activity has now spread to the world of cryptocurrencies.

A crypto phishing scam is a strategy used by scammers to steal sensitive information, such as the private key to your wallet. They accomplish this by posing as a trustworthy organisation or individual and requesting personal information from you. The information you supply is then used to steal your digital assets.

Crypto phishing scams have become more frequent in recent years. A well-known cryptocurrency hardware wallet maker, Trezor, issued a warning regarding a large crypto phishing attack in February 2023. Users of Trezor were the target of scammers who sent them fictitious security breach alerts in an effort to get them to divulge their recovery seed phrase, which the attackers could then use to steal their cryptocurrency.

Identifying crypto phishing scams

Following are five warning signals to watch out for to prevent becoming a victim:

The majority of the time, cybercriminals send mass emails or messages without checking the language, spelling, or sentence structure. As a result, grammatical errors are the clearest indication of a phishing letter. Clear communication with their clients is important to reputable businesses.

Scammers frequently copy the logos, colour schemes, typefaces, and messaging tones of respectable businesses. The branding of the crypto businesses you utilise should therefore be familiar to you.

The URLs in the message should always be double-checked because phishers often utilise links that look real but actually take you to dangerous websites.

Prevention tips

Don't disclose your private keys: Your private keys are what allow you to access your cryptocurrency wallet. Keep them confidential and never give them out.

Educate yourself: Stay up to date on the latest cyber risks and best practises for keeping your cryptocurrency secure. The more you know about self-defense, the better prepared you'll be to defend against cyber-attacks.

In-depth research: Before investing in any cryptocurrency, properly investigate the concept and the team behind it. Examine the project's website, white paper, and social media outlets to establish its legitimacy.

EU Privacy Watchdog Forms ChatGPT Task Force



 

Phishing scam

Artificial Intelligence ChatGPT Cyber Security Encryption EU Malicious actor Phishing scam

EU Privacy Watchdog Forms ChatGPT Task Force

The European Union’s privacy watchdog, known as the European Data Protection Supervisor (EDPS), has recently announced the formation of a task force to examine the potential privacy and data protection issues related to the ChatGPT language model. ChatGPT is a powerful artificial intelligence (AI) system that is designed to understand natural language and generate human-like responses to queries.

The EDPS has expressed concerns that ChatGPT could potentially pose significant privacy risks if it is not properly regulated and monitored. In particular, they have highlighted the potential for ChatGPT to be used for phishing scams, identity theft, and other forms of cybercrime.

One of the key vulnerabilities of ChatGPT is its ability to learn from the data it is given. This means that if it is fed with biased or malicious data, it could learn to replicate that behavior in its responses. This could potentially lead to harmful or discriminatory behavior towards certain groups of people.

Furthermore, ChatGPT is designed to generate responses based on a given context. This means that if it is given access to sensitive information, it could potentially reveal that information to unauthorized parties. This could lead to serious privacy breaches and data leaks.

To address these concerns, the EDPS has formed a task force that will work to develop guidelines and regulations for the use of ChatGPT. This task force will bring together experts from a range of fields, including AI research, privacy law, and cybersecurity.

The task force will be tasked with developing a set of best practices and guidelines for the use of ChatGPT. This will include recommendations on how to mitigate potential privacy risks, such as using robust encryption and access controls to protect sensitive data.

Overall, the formation of the ChatGPT task force is an important step towards ensuring that the use of AI systems like ChatGPT is properly regulated and monitored. By addressing potential vulnerabilities and developing best practices for their use, the EU can help to mitigate the risks associated with these powerful technologies and ensure that they are used in a responsible and ethical manner.

Don't Get Hooked: How Scammers are Reeling in YouTube Users with Authentic Email Phishing



 

Youtube

Cybersecurity email security online threats Phishing scam Youtube

Don't Get Hooked: How Scammers are Reeling in YouTube Users with Authentic Email Phishing

Are you a YouTube user? Beware of a new phishing scam that has been making rounds lately! In recent times, YouTube users have been targeted by a new phishing scam. The scammers use an authentic email address from YouTube, which makes it difficult to differentiate between a genuine email and a fraudulent one.

What is a phishing scam?

Phishing scams are fraudulent attempts to obtain sensitive information, such as usernames, passwords, and credit card details, by disguising themselves as trustworthy entity in electronic communication. Typically, scammers use social engineering techniques to trick users into clicking on a malicious link or downloading malware.

What is the new YouTube phishing scam?

The new YouTube phishing scam involves the use of an authentic email address from YouTube. The email appears to be from YouTube's support team, and it informs the user that their channel is at risk of being deleted due to a copyright infringement violation.

The email contains a link to a website where the user is asked to enter their YouTube login credentials. Once the user enters their login credentials, the scammers can access the user's account and potentially steal sensitive information or perform unauthorized actions.

How to identify the new YouTube phishing scam?

The new YouTube phishing scam is difficult to identify because the email address used by the scammers appears to be genuine. However, there are a few signs that you can look out for to identify the scam:

Check the sender's email address: Even though the email address appears to be genuine, you should always check the sender's email address carefully. In most cases, scammers use a similar email address to the genuine one but with a few minor differences.
Check the content of the email: The new YouTube phishing scam typically informs the user that their channel is at risk of being deleted due to a copyright infringement violation. However, if you have not received any copyright infringement notice, then you should be cautious.
Check the link in the email: Always check the link in the email before clicking on it. Hover your mouse over the link and check if the URL is genuine. If you are unsure, do not click on the link.

How to protect yourself from the new YouTube phishing scam?

To protect yourself from the new YouTube phishing scam, follow these tips:

Enable two-factor authentication: Two-factor authentication adds an extra layer of security to your account. Even if the scammers obtain your login credentials, they will not be able to access your account without the second factor of authentication.
Do not share your login credentials: Never share your login credentials with anyone, even if the email appears to be from a genuine source.
Report suspicious emails: If you receive a suspicious email, report it to YouTube immediately. This will help to prevent other users from falling victim to the scam.
Keep your software up to date: Keep your operating system and software up to date to ensure that you have the latest security patches and updates.

Stay cautious

The new phishing scam using an authentic email address is a serious threat to YouTube users. However, by following the tips mentioned in this blog, you can protect yourself from falling victim to the scam. Always be vigilant and cautious when dealing with emails that request sensitive information. Remember, if you are unsure, do not click on the link.

Watch Out for These Common Signs to Identify an Email Phishing Scam



 

User Safety

Cyber Fraud Data Leak Data Safety Email Phishing Phishing scam User Privacy User Safety

Watch Out for These Common Signs to Identify an Email Phishing Scam

Cybercriminals most frequently use phishing as a method of attack. This communication is a hoax designed to trick the recipient into disclosing private information, sending money, or clicking on a dangerous link. Usually, it is transmitted by email, social media direct messages, or some other text-based method.

There are many different kinds of phishing, but for big firms, whaling or imitation phishing is the most dangerous. In this kind of attack, the cybercriminal poses as a senior executive to target the employees of the target company. In order to mislead the recipient, deceptively similar email addresses, display names, and messages are used. Since an email from top management or a professional acquaintance is typically taken to be authentic and doesn't arouse suspicion, it is a particularly effective strategy.

To mitigate risks, watch out for these tell-tale signs to identify a phishing email.

Unexpected or unsolicited correspondence

When an email arrives unexpectedly, that's your first clue that it might be a fraud. Do you recall any offline or in-person discussions about the aforementioned subject? A warning sign that an email may be a phoney message is when you unexpectedly receive one from a top leader, client, or vendor without any prior context.

Scan the display name and email address

Always check the display name and email address of the sender. On closer inspection, you might discover that a "O" has been changed to a "0" or a I has been changed to a "!". It might initially appear to be genuine. Also, you need to regularly check the domains of the emails you get.

Internal communications will almost never come through a free email provider and will almost always come from the company's official domain. The same is true of external communication from other enterprises and companies. When you hover over a domain, the fraudulent one will often appear to be real or similar to the company's email address.

Prompting urgency

In most cases, phishing emails sound urgent. They want the victim to act without considering or confirming the legitimacy of the email's sender or contents. So, you should be wary of senior executives who unexpectedly request money transfers or information disclosures over email. Always confirm such requests using alternative methods. Call the sender directly, for instance, to confirm the communication.

Unusual query

Take into account the requests made in the email. There are some common calls to action in phishing emails. They request that you send them private or delicate business information that shouldn't ideally be communicated through email in an unforeseen or initial discussion. It can also request that you click a link to submit this data. You can be led to assume that a senior executive has sent you a paper pertinent to your job by including it in an email. It might even request that you transfer money, either your own or, if you have the power, the company's.

Prevention tips

The first thing to do if you think you've received a phishing email is to say nothing. That is, never reply to emails, click on any links, or download any attachments. Next, if you have any doubts about the communication's legitimacy, you should always get in touch with the sender directly through a different method, such as by phone, text, or in person.

Additionally, keep an eye on the emails that arrive in your mailbox. Even if they are from within the company, use extra caution when dealing with emails or senders you weren't anticipating.

Password Managers Can Protect Your Online Security



 

Phishing scam

Cyber Attacks CyberCrime data security Password Phishing scam

Password Managers Can Protect Your Online Security

Users need to create unique passwords for all their online accounts so that they can keep track of which password is associated with which account. Users should use both capital and lowercase letters, numbers, and symbols in their passwords.

Using the same password for everything will not cut it, yes, if you don't want to make yourself an easy target for cybercriminals, it would be smart to choose a different password for each account. Incorporating one easy-to-remember code across all of your accounts may be tempting, but it will end up jeopardizing your online security and you do not want to make yourself a victim of cybercrime.

Using a password manager can be one of the most vital tools you have to ensure that you remain safe online. This is because they simplify the process of creating, using, and protecting strong passwords that help you stay safe online.

It won't take you very long to figure out how to use them, and they are extremely easy. Although four out of five Americans do not use password managers at all, a study from Security.org found that nine out of ten do use one at some point.

Is a password manager necessary and what are the benefits?

Password managers are online services that allow you to store your passwords and any other data that you may need regularly. This includes credit card numbers, bank account information, and identification documents, in a secure, encrypted environment. It simplifies your job by removing this vulnerability.

You must not develop unwise password habits to ensure your digital security. It is advisable to use strong passwords on your accounts. This is because weak passwords make them easy to crack, and reusing passwords increases your risk of credential stuffing, an attack that can compromise accounts that use similar passwords.

By using a password manager, you only have to remember one master password. The password manager will handle the rest for you. This way, you can create strong, unique passwords for each of your online accounts without having to worry about remembering anything else. If you aren't sure how to create a strong password, you do not have to come up with one all by yourself. A password manager can generate one for you if you don't know how to come up with one on your own. Password managers also include current passwords. This will enable you to know which ones are weak or reused and need to be changed to prevent you from using them again.

There are also secure ways to share passwords and sensitive documents between you and your family and friends if necessary. If you are shopping online, you may be able to quickly and easily fill out your credit card information. This is because you may not need to worry about getting your physical credit card if you are making purchases online.

OpenSea Phishing Scam Swindled Millions in NFTs



 

Phishing scam

Bitcoins cryptocurrency Cyber Fraud Digital WAllets NFTs Phishing scam

OpenSea Phishing Scam Swindled Millions in NFTs

On Saturday, a phishing attack targeted 17 users of OpenSea, one of the major NFT markets, according to the company. The hack apparently resulted in the theft of over 250 NFTs worth at least $1.7 million.

A nonfungible token, or NFT, is a way of proving ownership of a digital asset. NFTs linked to digital art have been increasingly popular in recent months, owing to the involvement of high-profile personalities. The attacker, or attackers, stole NFTs from OpenSea users over a 3-hour window on Saturday by compromising the underlying code that allows NFTs to be bought and sold.

OpenSea tweeted late Sunday that the attack didn't appear to be active, with the most recent action 15 hours before. Nadav Hollander, the CTO of OpenSea, also provided a technical breakdown of the phishing attack. Phishing attacks are frequently carried out using emails that contain harmful links and fraudulently purport to be from a company. It's still unknown how OpenSea customers were lured into the phishing scam.

While the identity of the wallet's owner can be hidden in digital wallets used to keep NFTs, the transactions of digital assets on a blockchain are normally public. As a result, anyone with technical knowledge can track the NFTs from wallet to wallet.

OpenSea CEO Devin Finzer in a post on Twitter on Saturday after the attack stated, "The attacker has $1.7 million of ETH in his wallet from selling some of the stolen NFTs."

The hacker also appears to have returned some of the NFTs to the original owners. OpenSea tweeted on Sunday that the investigation into Saturday's phishing attack is still ongoing. OpenSea's CTO, Nadav Hollander, posted a Twitter thread summarising the company's current understanding of the attack, which the company believes did not originate from OpenSea.

Hollander said, "All of the malicious orders contain valid signatures from the affected users, indicating that they did sign an order somewhere, at some point in time. However, none of these orders were broadcasted to OpenSea at the time of signing."

Misinformation is a Hazard to Cyber Security



 

Virus Attack

cybercriminals Cybersecurity Fake news malware Misinformation Phishing scam Tactics Targeted cyber attacks Virus Attack

Misinformation is a Hazard to Cyber Security

Most cybersecurity leaders recognize the usefulness of data, but data is merely information. What if the information you've been given is actually false? Or it is deception? What methods does your cybersecurity program use to determine what is real and what isn't?

Ian Hill, Global Director of Cyber Security with Royal BAM Group defined misinformation as "inaccurate or purposely misleading information." This might be anything from misinformation to deceptive advertising to satire carried too far. So, while disinformation isn't meant to be destructive, it can cause harm.

The ideas, tactics, and actions used in cybersecurity and misinformation attacks are very similar. Misinformation takes advantage of our cognitive biases and logical fallacies, whereas cyberattacks target computer systems. Information that has been distorted, miscontextualized, misappropriated, deep fakes, and cheap fakes are all used in misinformation attacks. To wreak even more harm, nefarious individuals combine both attacks.

Misinformation has the potential to be more damaging than viruses, worms, and other malware. Individuals, governments, society, and corporations can all be harmed by misinformation operations to deceive and damage people.

The attention economy and advertisement-centric business models to launch a sophisticated misinformation campaign that floods the information channels the truth at unprecedented speed and scale. Understanding the agent, message, and interpreter of a specific case of information disorder is critical for organizations to stop it. Find out who's behind it — the "agent" — and what the message is that's being sent. Understanding the attack's target audience — the interpreter — is just as critical.

Misconceptions and deceptions from basic phishing scams, cyberattacks have progressed. Misinformation and disinformation are cybersecurity risks for four reasons, according to Disinfo. EU. They're known as the 4Ts:

Terrain, or the infrastructure that disseminates falsehoods
Misinformation tactics, or how the misinformation is disseminated
The intended victims of the misinformation that leads to cyberattacks, known as targets.
Temptations, or the financial motivations for disseminating false information in cyberattacks.

Employees who are educated on how threat actors, ranging from an amateur hacker to a nation-state criminal, spread false information will be less likely to fall for false narratives and harmful untruths. It is now up to cybersecurity to distinguish between the true and the fraudulent.

US Arrested Multi-year Phishing Scam Suspect



 

USA

Cyber Security hacker arrested Impersonation Techniques Phishing and Spam Phishing Attacks Phishing Campaign Phishing scam USA

US Arrested Multi-year Phishing Scam Suspect

An Italian man who was involved in a multi-year phishing scam aimed towards fraudulently stealing hundreds of unpublished book manuscripts from popular authors such as Margaret Atwood and Ethan Hawke − has been imprisoned. The accused will be in prison for a maximum of 20 years if found guilty of wire fraud and another additional two years for a count of aggravated identity theft.

The Department of Justice while reporting on the incident, stated, that the man is 29-year-old Filippo Bernardini, was arrested by the FBI on Wednesday at the John F. Kennedy International Airport, in New York. The report also said that he was previously working at London-based publisher Simon & Schuster who allegedly impersonated editors, agents, and others personnel involved in the publishing industry to obtain manuscripts of unpublished books fraudulently.

“We were shocked and horrified on Wednesday to learn of the allegations of fraud and identity theft by an employee of Simon & Schuster UK. The employee has been suspended pending further information on the case…” Simon & Schuster said in a statement to Variety.

“…The safekeeping of our authors’ intellectual property is of primary importance to Simon & Schuster, and for all in the publishing industry, and we are grateful to the FBI for investigating these incidents and bringing charges against the alleged perpetrator.”

Following the incident, agencies said that the scheme was started in August 2016 wherein Bernardini used various fake email addresses which were linked to over 160 domains spoofing literary talent agencies, literary scouting agencies, and publishing houses.

Furthermore, he also sent phishing emails attacking employees of a New York City-based literary scouting company and obtained their sensitive data to gain access to the organization’s database of synopses and other information regarding upcoming books.

"These prepublication manuscripts are valuable, and the unauthorized release of a manuscript can dramatically undermine the economics of publishing, and publishing houses generally work to identify and stop the release of pirated, prepublication, manuscripts," the Department of Justice said today.

"Such pirating can also undermine the secondary markets for published work, such as film and television, and can harm an author’s reputation where an early draft of the written material is distributed in a working form that is not in a finished state."



 

USA

Data Breach Data threats Lookout Phishing scam USA

Phishing Scam Tempts Military Families

Threat analysts at Lookout have reported in new findings that a phishing campaign is victimizing members of the United States military units and their families. As per the report, it is a long-running operation that has impersonated various military support organizations and personnel profiles to lure victims into advance-fee scams, stealing sensitive personal information and financial data.

Motivated by monetary benefits, malicious actors are stealing financial sensitive data from victims which includes bank account information, photo identification, names, addresses, and phone numbers, Lookout said in the report.

“Based on our analysis, it’s clear that the threat actor is looking to steal sensitive data from victims such as their photo identification, bank account information, name, address, and phone number…,” wrote Lookout’s threat analysts in a blog post published today.

“…With this information, the actor could easily steal the victim’s identity, empty their bank account and impersonate the individual online,” the blog further read.

The group of scammers created a series of websites that appears legitimate and genuine, the operators enhanced the authenticity of the sites by adding various advertisements for Department of Defense services (DODS) to falsely indicate their affiliation with the military.

Sources accounted, the operators offer high-priced services that are never delivered such as leave applications, communication permits, and care packages, to lure clients into thinking that they are interacting with a military member. Cybersecurity threat analysts have also reported that Nigeria is the scammers’ operational base.

“The websites were primarily hosted by Nigerian providers that are offshore or ignore the Digital Millennium Copyright Act (DMCA). We were able to further confirm the operator’s location from a phone number one of the web developers accidentally left on the draft version of the site. The country code of the number is from Nigeria,” said researchers.

“We were also able to link this group to numerous other scams advertising fake delivery services, crypto-currency trading, banks, and even online pet sales,” researchers added.

US SEC Alerts Investors of Ongoing Fraud



 

Security Alert

Cyber Data Cyber Security Frauds Phishing scam Scam SEC Security Alert

US SEC Alerts Investors of Ongoing Fraud

The Securities and Exchange Commission (SEC) is alerting investors about scammers posing as SEC officials and attempting to mislead them.

Fraudsters are contacting investors via phone calls, voicemails, emаils, and letters, according to the SEC's Office of Investor Educаtion and Advocаcy (OIE).

The alert stated, “We аre аwаre thаt severаl individuаls recently received phone cаlls or voicemаil messаges thаt аppeаred to be from аn SEC phone number. The cаlls аnd messаges rаised purported concerns аbout unаuthorized trаnsаctions or other suspicious аctivity in the recipients’ checking or cryptocurrency аccounts. These phone cаlls аnd voicemаil messаges аre in no wаy connected to the Securities аnd Exchаnge Commission.”

The SEC warned it never asks for payments linked to enforcement activities, offer to confirm trades, or seek sensitive personal and financial information in unsolicited communication, including emails and letters. It further stated that SEC officials will not inquire about shareholdings, account numbers, PINs, passwords, or other personal information.

Scammers appear to be employing a growing number of strategies in order to boost their chances of success. Investors should not disclose any personal information if they get communication that seems to be from the Securities and Exchange Commission, as per the notice. They are encouraged to contact the commission directly.

Investors can use the SEC's personnel locаtor at (202) 551-6000, call (800) SEC-0330, or emаil help@SEC.gov to confirm the identity of people behind calls or messages. Investors can also register a complaint with the Securities and Exchange Commission's Office of Inspector General by visiting www.sec.gov/oig or calling (833) SEC-OIG1 (732-6441).

Further, the alert stated, “Bewаre of government impersonаtor schemes. Con аrtists hаve used the nаmes of reаl SEC employees аnd emаil messаges thаt fаlsely аppeаr to be from the Securities аnd Exchаnge Commission to trick victims into sending the frаudster’s money. Impersonаtion of US Government аgencies аnd employees (аs well аs of legitimаte finаnciаl services entities) is one common feаture of аdvаnce fee solicitаtions аnd other frаudulent schemes. Even where the frаudsters do not request thаt funds be sent directly to them, they mаy use personаl informаtion they obtаin to steаl аn individuаl’s identity or misаppropriаte their finаnciаl аssets.”

Researchers Have Issued a Warning About Phishing Scams That Imitate Netflix



 

Phishing scam

Cyber Crime Dark Web Netflix Payment Data Phishing scam

Researchers Have Issued a Warning About Phishing Scams That Imitate Netflix

The tremendous shift of movie and television audiences to streaming services over the last year has offered scammers a golden opportunity to conduct phishing attacks in order to trick future customers into handing over their payment information. Cybercriminals will always follow payment data, according to Kaspersky's Leonid Grustniy, who warned of phishing attempts disguised as Netflix, Amazon Prime, and other streaming service offers.

Depending on their current streaming subscription status, Kaspersky's researchers detected several lures aimed at targets. Fake sign-up pages for services like Netflix were used to obtain victims' email addresses and credit card information. “Armed with your info, they can withdraw or spend your money right away; your email address should come in handy for future attacks,” Grustniy wrote.

Fans who did not have subscriptions were lured in by cybercriminals who offered them the chance to view popular series on a bogus website. They usually display a short clip as a teaser, which they try to pass off as a fresh, previously unaired episode. It's usually taken from trailers that have been in the public domain for a long time. Victims who are interested are then prompted to purchase a low-cost subscription in order to continue viewing. What happens next is a standard scenario: any payment information entered by users is sent directly to the fraudsters, and the never-before-seen episode continues.

Account credentials for streaming services are also popular among cybercriminals, who are interested in more than just bank account information. Because hijacked accounts with paid subscriptions are sold on the dark web.

Scammers are increasingly using the extensive cultural influence of video streaming platforms as a weapon. For example, the worldwide enthusiasm in Netflix's Squid Game has recently been used to scam crypto investors out of more than $3.3 million. Check Point Research identified a fraudulent Netflix application in the Google Play store last spring, which spread via WhatsApp chats.

Users should avoid clicking on any emails that appear to be affiliated with streaming services and be aware of obvious signals that it's a scam, such as misspellings in messages when payment information is requested. “Do not trust any person or site promising viewings of movies or shows before the official premiere,” Grustniy added.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

Finding the Hijacking Scheme

More about the threat actor

Looking for damage

The Scam

Phishing and Brand Names

Cybersecurity and Temu

What is Google AMP?

How are attackers using Google AMP?

What can organizations do?

What is a phishing scam?

What is the new YouTube phishing scam?

How to identify the new YouTube phishing scam?

How to protect yourself from the new YouTube phishing scam?

Stay cautious

Is a password manager necessary and what are the benefits?