Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label SMS. Show all posts
TRAI
Airtel Cyber Security Jio Mobile Network Network Security OTP SMS Telecommunication TRAI

India’s New SMS Traceability Rules to Combat Fraud Begin November 1, 2024

 

Beginning November 1, 2024, Indian telecom providers Airtel, Jio, and Vi will follow a new set of SMS traceability and monitoring guidelines mandated by the Telecom Regulatory Authority of India (TRAI). Aimed at combating cybercrime, these measures seek to enhance security by allowing users to block suspicious calls and messages effectively. By tracing SMS sources more accurately, telecom operators can swiftly identify and block fraudulent messages, improving the fight against scams and phishing attempts. 

Additionally, organizations sending promotional SMS, such as banks and e-commerce companies, must adhere to TRAI’s telemarketing standards, or risk their messages being blocked. This initiative aims to create a safer SMS ecosystem, giving users a clearer means to distinguish legitimate messages from scams. Yet, the vast volume of commercial messages sent in India—between 1.5 and 1.7 billion daily—makes it challenging to implement such a system seamlessly. With high-volume traffic, the infrastructure for monitoring requires robust capabilities to ensure message traceability without slowing down service for time-sensitive messages, especially for critical banking and transaction-related OTPs. Another layer of concern involves potential delays in urgent messages. 

These requirements could slow the delivery of essential communications, such as OTPs used in online banking. Telecoms are working to prevent this issue, as delays in these transactional messages could interrupt online financial processes. Balancing security and timely delivery is essential for TRAI and telecom providers, particularly for consumers who rely on timely OTPs and other immediate notifications. The Cellular Operators Association of India (COAI), which represents key telecom companies like Airtel, Jio, and Vodafone-Idea, has requested a two-month delay to facilitate a smoother transition. This extension would allow telecom operators additional time to set up necessary infrastructure and conduct thorough testing to avoid unintentional service disruptions. 

While TRAI maintains its commitment to the November deadline, telecom companies argue that extra preparation time could ensure reliable service delivery and a smoother rollout. Telecom providers have committed to ensuring user security remains intact while providing efficient service. TRAI’s objective is to foster a more secure digital communication environment where consumers feel protected against fraud and unauthorized data use. However, the effectiveness of these changes depends heavily on the ability of telecom companies to meet these new standards without compromising service quality. 

TRAI’s new SMS traceability requirements represent a meaningful step forward in enhancing consumer protection against digital scams. Despite logistical challenges, this initiative could make India’s messaging landscape safer, allowing consumers greater peace of mind. The success of this system depends on how effectively telecom providers can balance secure traceability with minimal disruption to essential services, paving the way for a digital space that prioritizes both security and efficiency.
Read more »
TRAI
Airtel Cyber Attacks CyberCrime Cyberfraud Cyberhackers Cyberspam CyberThreat DoT Malicious calls SMS Telecom TRAI

India Launches New Initiatives to Combat Spam and Cyber Fraud

 


There is a renewed effort underway in the fight against spam and unsolicited commercial communication as the Department of Telecom (DoT), the telecom regulator Trai, and private telecommunication companies are launching new programs to combat cyber fraud and phishing attacks that are on the rise. 

Several regulatory agencies have been working hard to crack down on spammers and block the numbers of individuals who are engaging in fraudulent activities as detected by Trai and the DoT. It has been reported that the Trai and DoT have been targeting spammers and blocking numbers that seem suspicious. 

Additionally, they have met with representatives from telecom companies to establish new rules regarding vigilance and curbing unwanted activities to control them more effectively. The company has developed an AI-driven tool that helps identify spam and sends an alert to customers if it detects it. A blockchain-based spam control system has been rolled out by Vodafone Idea as part of its SMS spam control program. 

As part of Bharti Airtel's campaign to handle the issue of spam for customers, the company launched India's first network-based, AI-powered spam detection solution on Wednesday. It has been a long time since they met with top representatives from telecom companies and asked them to be vigilant against these criminal activities as well as stipulating new rules to counter them in the future. 

A report issued by the Telecom Regulatory Authority of India and the Department of Telecommunications has indicated that over a crore fraudulent mobile connections have been disconnected, as well as 2.27 lakh handsets that are subject to financial fraud and cybercrime. According to Trai, mobile operators have been encouraged to disconnect telecom resources that are used for bulk spam calls and they have stated that such entities could be blacklisted for up to two years if they are not disconnected. 

Furthermore, telecom companies will be required to check all SMS transmissions containing non-whitelisted URLs, to reduce the misuse of SMS headers and templates and, as a result, ensuring that standard SMS protocols are followed. Trai has mandated as of November 1, all telecommunications operators shall ensure the traceability of messages from the point of origin to the point of destination. 

 According to Airtel CEO Gopal Vittal, spam has become a menace for its customers. It is believed that the entire industry needs to work together to resolve this problem comprehensively... (and) to shield our customers from the continuous onslaught of intrusive and unwanted communications. The Vodafone Idea announced that it will launch soon a URL whitelisting platform, stating, "Vi is participating actively on the topic along with the TRAI, COAI, and other relevant groups.". 

Airtel's data scientists are using a proprietary algorithm to identify and classify calls and SMSs as 'suspected SPAM' through the AI-powered solution developed in-house by Airtel's data scientists. A network powered by artificial intelligence analyzes, in real-time, several parameters including the usage patterns of the caller or sender, the frequency of calls and SMS, and the duration of the calls, among other factors. 

As a result of comparing the information you provide with this information with known spam patterns, the system can flag suspicious calls and SMSs. Further, Airtel has developed a system that notifies customers when malicious links are sent via SMS. To achieve this, Airtel has built a centralized database of blacklisted URLs, and every SMS is scanned in real-time by an AI algorithm to alert users in order not to click on those links accidentally.
Read more »
Yemeni
Cyberattacks Cyberhackers CyberThreat Cyebrcrime Military Phones Privacy. SMS Yemeni

Yemeni Hackers Unmasked Spying on Middle Eastern Military Phones

 


According to researchers at MIT, a Yemeni hacking group has been eavesdropping on the phone calls of military personnel in the Middle East, the latest example of mobile surveillance becoming prevalent in conflicts around the world as a result of the proliferation of mobile technologies. According to new research, American Shia Islamist allies of an organization that operates in Yemen have been using surveillance technology to target militaries in a range of countries throughout the Middle East since 2019. It has been discovered that a threat actor aligned with the Houthis has used malware known as GuardZoo to steal photos, documents, and other files from devices infected with the malware, researchers at Lookout reported in a report posted Tuesday. 

A majority of the roughly 450 victims, according to unprotected controller logs, were found in Yemen, Saudi Arabia, Egypt, and Oman. In contrast, a smaller number were found in the United Arab Emirates, Turkey, and Qatar, based on unsecured server logs. There was a civil war between Houthis and Arab soldiers in the city of Sanaa in 2014 when they took control. This led to a famine in the city. According to human rights groups, there have been a series of arbitrary arrests, torture, and enforced disappearances in Yemen since June 2019, following a controversial Saudi-led intervention there. 

According to Lookout, the campaign is believed to have started as early as October and has been attributed to a threat actor aligned with the Houthi militia, based on information such as the application lures, control-and-control server logs, targets, and the location of the attack infrastructure, and Lookout confirmed this. Lookout says its surveillance tool draws its name from a piece of source code that persists on an infected device for a long period. 

According to the report, the malware not only steals photos and documents from an infected device, but it can also "coordinate data files related to marked locations, routes, and tracks" and can identify the location, model number, cellular service provider, and configuration of a Wi-Fi enabled device. Developed by Symantec, the GuardZoo Java application is a modified version of a remote access trojan (RAT) called Dendroid RAT which was originally discovered in March 2014 by Broadcom-owned Symantec. Earlier in August, it had been revealed that there had been a leak of the entire source code for the crimeware solution. 

This piece of malware was first sold for a one-off price of $300, but the capabilities it offers go far beyond what is expected from commodity malware. It is equipped with phone numbers and call logs that can be deleted, web pages that can be accessed, audio and call recordings, SMS messages that can be accessed, and even HTTP flood attacks. The researchers from Lookout said in a report shared with us that the code base underwent many changes, new functionalities were added and unused functions were removed. They added that many changes had been made for the betterment of the code base. As Guardzoo says in a statement, the command and control (C2) backend is no longer based on Dendroid RAT's leaked PHP web panel but rather uses an ASP.NET-based backend created specially for C2. 

After embarking on a military campaign against the then government in 2014, the Houthi movement became internationally known when it caused that government's fall, and set off the post-war humanitarian crisis that followed. Iran backs this group, and they have been fighting against a Saudi-backed military force for years. The militant group recently carried out a series of crippling attacks against international ships transiting the Strait of Hormuz in retaliation for Israel's military operation in Gaza, which has put a strain on international shipping.   

There has been an increase in the use of cyber capabilities by the Houthis in recent years. Researchers from Recorded Future have observed hackers with likely ties to the Houthis carrying out digital espionage campaigns that were carried out using WhatsApp as a method of sending malicious lures to targeted individuals last year.   On Tuesday, Lookout's report revealed that an ongoing campaign not only relied on direct browser downloads but also utilized WhatsApp to infect its targets. Lookout’s senior security researcher, Alemdar Islamoglu, noted that the group behind this campaign, which had not been previously observed by their researchers, showed a particular interest in maps that could disclose the locations of military assets. 

The campaign predominantly employed military themes to attract victims. However, Lookout researchers also identified the use of religious themes and other motifs, including examples such as a religious-themed prayer app or various military-themed applications. Additionally, Recorded Future released a report on Tuesday concerning a group likely affiliated with pro-Houthi activities, which they have named OilAlpha. This group continues to target humanitarian organizations operating in Yemen, including CARE International and the Norwegian Refugee Council. The report noted that military emblems from various Middle Eastern countries, such as the Yemen Armed Forces and the Command and Staff College of the Saudi Armed Forces, were used as lures in military-themed applications. 

Recorded Future’s Insikt Group documented that OilAlpha is targeting humanitarian and human rights organizations in Yemen with malicious Android applications. The group's objective appears to be the theft of credentials and the collection of intelligence, potentially to influence the distribution of aid. The Insikt Group first detected this exploit in May, with CARE International and the Norwegian Refugee Council among the affected organizations.
Read more »
SMS
Cyber Frauds Cyber Security Cyberatttacks CyberCrime CyberThreat DoT Government Crackdown SMS

Fraudulent SMS Entities Blacklisted in Government Crackdown



An official release states that the government has blacklisted 'principal entities' behind SMS headers that have been sent over 10,000 fraudulent messages over the past three months as part of a crackdown on SMS scammers. As part of the Sanchar Saathi initiative, the Department of Telecom (DoT) and the Ministry of Home Affairs (MHA) have taken decisive steps to prevent potential SMS fraud, which was launched by the Department of Telecom (DoT). 

According to the Indian Cyber Crime Coordination Centre (I4C), eight SMS headers are being misused to send fraudulent messages for committing cybercrime. In the past three months, the Department of Transport has taken down more than 10,000 fraudulent messages sent using eight headers. These messages belong to eight different Principal Entities (PEs). 

There is a list of the 8 principal entities listed below, along with the 73 SMS headers they own and the 1522 SMS content templates associated with them. There is no longer any possibility of sending SMS via any telecom operator thanks to DoT's steps, which have prohibited the use of any of these Principal Entities, SMS Headers, or templates. 

According to the Indian Cyber Crime Coordination Center, which is under the Ministry of Human Resources, eight SMS headers were misused to send fraudulent communications to commit cybercrime. The term 'principal entity' is commonly used in telecom parlance to refer to business or legal entities that send out commercial messages via SMS to subscribers of mobile operators. Headers can be considered to be alphanumeric strings assigned to a 'principal entity' to send commercial communications. 

In addition, DoT has reiterated its commitment to safeguarding citizens against cybercrime by blacklisting these entities to prevent further victimization of citizens. According to the release, “Citizens can report suspected fraud communications at Chakshu facility on Sanchar Saathi to help DoT in preventing cybercrime and financial frauds from being perpetrated by telecom companies.” TRAI has mandated that only registered principal entities can send promotional and marketing messages to mobile consumers as per its mandate. 

Following the mandate, all commercial messaging (one-time passwords, promotional messages, account balance updates etc) was required to be moved onto the blockchain-based platform by telecom operators. In the country, the government does not permit telemarketing activities, so mobile numbers cannot be used. Upon the first complaint, consumers may be disqualified from their telephone connection if they use the connection to send promotional messages

Additionally, they may also be blacklisted for two years with their name and address being blacklisted. You can identify telemarketing calls by their prefixes: 180, 140, and 10-digit numbers cannot be used for telemarketing. You can report spam by dialing 1909, or by using the Do Not Disturb (DND) service.  

Read more »
VoIP
Cisco Data Breach Employee Data Information Security Multi-Factor Authentication (MFA) SMS Supply chain vulnerability third party VoIP

Cisco Duo raises awareness over a breach in third-party data security, revealing the exposure of SMS MFA logs.

 

In the ever-evolving landscape of cybersecurity, safeguarding sensitive information and ensuring secure access to corporate networks are paramount concerns for organizations worldwide. Recently, Cisco Duo, a leading provider of multi-factor authentication (MFA) and Single Sign-On services, found itself grappling with a significant breach that shed light on the evolving threats confronting modern enterprises. 

On April 1, 2024, Cisco Duo's security team sent out a warning to its extensive customer base regarding a cyberattack targeting their telephony provider, which handles the transmission of SMS and VoIP MFA messages. According to reports, threat actors leveraged employee credentials acquired through a sophisticated phishing attack to infiltrate the provider's systems. 

Following the breach, the attackers successfully obtained and extracted SMS and VoIP MFA message logs linked to specific Duo accounts, covering the timeframe from March 1, 2024, to March 31, 2024. The ramifications of this breach are deeply concerning. While the provider assured that the threat actors did not access the contents of the messages or utilize their access to send messages to customers, the stolen message logs contain data that could be exploited in targeted phishing campaigns. 

This poses a significant risk to affected organizations, potentially resulting in unauthorized access to sensitive information, including corporate credentials. In response to the breach, Cisco Duo swiftly mobilized, collaborating closely with the telephony provider to conduct a thorough investigation and implement additional security measures. The compromised credentials were promptly invalidated, and robust measures were instituted to fortify defenses and mitigate the risk of recurrence. 

Additionally, the provider furnished Cisco Duo with comprehensive access to all exposed message logs, enabling a meticulous analysis of the breach's scope and impact. Despite these proactive measures, Cisco Duo has urged affected customers to exercise heightened vigilance against potential SMS phishing or social engineering attacks leveraging the stolen information. Organizations are advised to promptly notify users whose phone numbers were contained in the compromised logs, educating them about the risks associated with social engineering tactics. 

Furthermore, Cisco has emphasized the importance of promptly reporting any suspicious activity and implementing proactive measures to mitigate potential threats. This incident serves as a stark reminder of the persistent and evolving threat landscape faced by organizations in today's digital age. As reliance on MFA and other security solutions intensifies, proactive monitoring, regular security assessments, and ongoing user education are indispensable components of an effective cybersecurity posture. 

Moreover, the Cisco Duo breach underscores the broader issue of supply chain vulnerabilities in cybersecurity. While organizations diligently fortify their internal defenses, they remain susceptible to breaches through third-party service providers. Hence, it is imperative for businesses to meticulously evaluate the security practices of their vendors and establish robust protocols for managing third-party risks. 

As the cybersecurity landscape continues to evolve, organizations must remain agile, adaptive, and proactive in their approach to cybersecurity. By prioritizing robust security measures, fostering a culture of cyber resilience, and fostering close collaboration with trusted partners, organizations can effectively mitigate risks and safeguard their digital assets in the face of evolving threats.
Read more »
virus
Advanced Encryption Standard Android Phone CERT-In Cyber Attacks CyberCrime Cybersecurity Daam Government Hacked SMS URL virus

Android Phone Hacked by 'Daam' Virus, Government Warns

 


It has been announced by the central government that 'Daam' malware is infecting Android devices, and the government has issued an advisory regarding the same. CERT-IN, the national cyber security agency of the Indian government, released an advisory informing the public about the possibility of hackers hacking your calls, contacts, history, and camera due to this virus.

The virus' ability to bypass anti-virus programs and deploy ransomware on targeted devices makes it very dangerous, according to the Indian Computer Emergency Response Team or CERT-In, which provided the information. 

As quoted by the PTI news agency, the Android botnet is distributed primarily through third-party websites or apps downloaded from untrusted or unknown sources, according to the Federal Bureau of Investigation. 

The malware is coded to operate on the victim's device using an encryption algorithm known as AES (advanced encryption standard). The advisory reports that the other files are then removed from local storage, leaving only the files that have the extension of ".enc" and a readme file, "readme_now.txt", that contain the ransom note. 

To prevent attacks by such viruses and malware, the central agency has suggested several do's and don'ts. 

The CERT-IN recommends that you avoid browsing "untrusted websites" or clicking "untrusted links" when they do not seem trustworthy. It is advisable to exercise caution when clicking on links contained within unsolicited emails and SMS messages, the organization stated. Specifically, the report recommends updating your anti-virus and anti-spyware software regularly and keeping it up to date.

Once the malware has been installed, it tries to bypass the device's security system. In the case it succeeds in stealing sensitive data, as well as permissions to read history and bookmarks, kill background processing, and read call logs, it will attempt to steal sensitive information of the user. 

"Daam" is also capable of hacking phone calls, contacts, images, and videos on the camera, changing passwords on the device, taking screenshots, stealing text messages, downloading and uploading files, etc. 

In the Sender Information field of a genuine SMS message received from a bank, the Sender ID (abbreviation of the bank) is typically mentioned instead of the phone number, according to the report. 

A cautionary note was provided to users warning them to be aware of shortcut URLs (Uniform Resource Locators) such as the websites 'bitly' and 'tinyurl', which are both URLs pointing to web addresses such as "http://bit.ly/" "nbit.ly" and "tinyurl.com" "/". 

To see the full domain of the website the user is visiting, it is recommended that they hover over the shortened URL displayed. As suggested in the consultation, they may also be able to use a URL checker that allows them to enter both a shortened URL and the complete URL when completing the check. 

This is being viewed as a serious warning by the government to Android phone users throughout the world to remain vigilant and to take all necessary precautions to protect their mobile devices.

The Central Government strives to educate citizens about "Daam" malware, as well as its potential impacts, so citizens can take proactive measures to protect their Android devices and stay safe from cyber threats in the ever-evolving environment we live in today.
Read more »
SMS
Cyber Attacks Cyber Fraudsters Cybersecurity HDFC Banks PAN Phishing Scams PIB SMS

Stay Alert Against Messages Like 'Account Suspended, Update PAN'



Banking fraud has increased in recent years. There has been an increase in digital phishing attacks claimed by HDFC Bank customers as the social media outcry has mounted in recent days. Several HDFC Bank customers reported to the authorities that many of the incidents involved phishing SMSes that they received in February. 

There are indications that they have adopted a revised method of operation to step up their efforts to protect others which may have been the case. To strengthen cybersecurity measures, phishing links masquerade as verification processes as part of their phishing campaign. 

There has been a significant number of customers who have been receiving false text messages in the last few days, which claim that they have been blocked or suspended because they have not updated their Permanent Account Numbers (PAN) because their PAN has not been updated. The message you are receiving is a fake one, so keep an eye out and be aware of it. 

The Public Information Bureau (PIB) has recently issued a warning to the customers of the State Bank of India (SBI) regarding fake messages purporting to be from SBI officials that claim the recipient's YONO account has been disabled as a result of a power cut. 

One of the most common ways scammers use to trick people is through phishing SMS messages, which is one of the methods they use to steal their money in different ways. Cyber fraudsters use phishing bank SMS as a means of scaring people away by telling them their bank account has been suspended by cyber thieves. 

A link is attached to the SMS and it asks the users to click on it to update their KYC or PAN details. The problem arises, however, when someone is tricked into believing that the SMS is legitimate and clicks on the link, and their phone is hacked and money is lost. 

Often more common than you might think is phishing SMS fraud. Most banks have issued an advisory informing customers not to be fooled by them. Earlier this month, HDFC alerted its customers that these types of frauds have been taking place. 

There was a viral HDFC bank SMS sent to some of its users that they received on their mobile phones. Some of their users tagged the bank with the message. There has been an attempt by fraudsters to create a fake HDFC Bank website, giving the false appearance that there is a verification process when it is not. HDFC customers have now received a link with the details of the offer.  

An alert was sent by Manoj Nagpal, the CEO of Outlook Asia Capital, who posted a picture of the infected email to Twitter with a description of what he had seen. The same message has also been received by many other customers as well. It has been recommended by Nagpal that people should refrain from clicking on links that have been sent via email or SMS.  

What Are the Methods Used by Fraudsters?

To use fraudsters to commit fraud. Here is how HDFC bank explains how this happens. 

First step: The fraudsters create bogus emails impersonating bank employees that ask consumers to activate a link in the email that instructs them to verify or update the account information in their accounts as soon as possible. 

Second step: When a customer clicks on the link provided by the email, the victim is taken to a fake site that appears to be the official website of the Bank. There is a web form on this site that allows the customer to enter their personal information so that we can communicate with them. 

If you doubt any SMS request, report any suspicious SMSes, or confirm a bank alert with a bank manager to avoid having your account hacked, make sure to check the sender's identity before acting on it.   

 A two-factor authentication system should be implemented for online banking to keep personal information secure. The OTP and password that you used to access your account must be entered every time you want to access it. Using your fingerprints as a second password is even possible if you have a secure device. The message you receive should not be clicked on and any unidentified links should be deleted.    

Read more »
User Security
cyber espionage Cyber Espionage Campaign Cyber Security Cyber Security News Economy Hacking SMS User Security

Cyberattacks On Small Businesses: The US Economy’s ‘Achilles Heel’?


Small business firms play an important role when it comes to the economy, but they are more vulnerable to cyberattacks. 

At the time when Elena Graham, co-founder of Canada-based security service CYDEF, started selling cyber security software to smaller firms and businesses, business was relatively slow. However, now the demand is increasing, driven by a sharp rise in remote work that has exposed small businesses to cyberattacks. 

Since the start of the year, business at her security firm has tripled reaching an all-time high. "It was a total head-in-the-sand situation. 'It's not going to happen to me. I'm too small.' That was the overwhelming message that I was hearing five years ago. But yes, it is happening." says Elena. 

But with the booming security services, one can deduce that small businesses are comparatively at higher risk of being attacked by threat actors, than large businesses, as noted by Barracuda Networks.  

The risks were dramatically bolstered by the global pandemic. According to a report by RiskReconm, a Mastercard company that evaluated companies’ cyber-security risk, cyberattacks on small companies surged by more than 150% between 2020-21. 

"The pandemic created a whole new set of challenges and small businesses weren't prepared," says Mary Ellen Seale, chief executive of the National Cybersecurity Society, a non-profit that helps small businesses create cyber-security plans. 

In March 2020, at the peak of the pandemic, a survey of small businesses by broadcaster CNBC concluded that only 20% planned on investing in cyber-protection. 

Working remotely, during the pandemic, meant that more personal devices like smartphones, tablets, and laptops had access to sensitive corporate information.  

Lockdown, however, put a strain on budgets, curtailing the amount of money businesses could invest in security. Cybersecurity and costly in-house experts were frequently out of reach. Consequently, the weak cyber-security infrastructure was prone to cyber-attacks. 

With just one compromised supplier, cyber criminals could access networks of organizations further up the supply chain. According to Ms. Seale, "Large businesses depend on small businesses[…]They are the lifeblood of the United States, and we need a wake-up call." Small businesses account for more than 99% of companies in the US and employ nearly half of all Americans, playing a critical role in the global economy. In regard to this, Dr. Kim says they are like the economy's "Achilles heel". 

“They may be a small company but what they sell to large businesses could be very important. If they're hacked, [their product] won't be fed into supply chains and everything will be affected," Dr. Kim further adds. 
Read more »
SMS
Data Breach Inbox Multi-factor authentication OTP Issues SMS

A Breach on Multi-Factor Authentication Leads to a Box Account Takeover

 



According to new research from Varonis, a vulnerability in Box's implementation of multi-factor authentication (MFA) allows attackers to take over accounts without having access to the victim's phone. Because of the flaw, which was patched in November 2021, an attacker just needed stolen credentials to get access to a company's Box account and steal sensitive information if SMS-based MFA was activated. Users without Single Sign-On (SSO) can further secure their accounts using an authenticator app or SMS for second-factor authentication, according to Box, which says that close to 100,000 firms utilize its platform.

How Does SMS Verification Work in Box?

After providing a username and password in Box's login form, the user is redirected to one of two pages:
  • If the user is enrolled with an authenticator app, a form to enter a time-based one-time password (OTP).
  • If the user has opted to receive a passcode via SMS, a form to enter an SMS code will appear. 
  • A code is delivered to the user's phone when they go to the SMS verification form. To gain access to their Box.com account, they must enter this code. 

When a user attempts to log into a Box account, the platform saves a session cookie and leads to a page where they must enter a time-based one-time password (TOTP) from an authenticator app (at /mfa/verification) or an SMS code (at /2fa/verification). When a user adds an authenticator app to their account, Box provides them a factor ID and the user must enter a one-time password issued by the app in addition to the credentials when logging in. 

Researchers from Varonis revealed that an attacker might circumvent MFA for accounts that had SMS-based MFA enabled by abandoning the SMS-based verification procedure instead of commencing TOTP-based MFA. By combining the MFA modalities, the attacker might gain access to the victim's account by giving a factor ID and code from a Box account and authenticator app that the attacker controls.

The entire talk about required MFA from firms like Salesforce and Google, as well as a White House executive order, is to emphasize that MFA implementations, like any other programming, are prone to flaws. MFA can give the impression of security. Because MFA is enabled, an attacker does not necessarily need physical access to a victim's device to compromise their account.
Read more »
User Credentials
Banking scam Cyber Crime Hackers SMS User Credentials

The Zelle Scam Aims to Steal Your Bank Credentials

 

One of the most prevalent methods for hackers to gain access to bank accounts is to drain the victim's assets via Zelle, a "peer-to-peer" (P2P) payment service utilised by many banking institutions that allows users to send money to friends and family instantly. Naturally, many of the phishing scams that lead up to these bank account takeovers start with a counterfeit SMS from the target's bank alerting them to a suspected Zelle transfer. 

According to the text, someone attempted to withdraw a substantial sum of money from their bank account and deposit it into their Zelle account. The notification asks for a response of "Yes," "No," or "1" to decline. Regardless of which option is selected, the recipients are instantly contacted by a person posing as a bank official. Incoming phone numbers are frequently faked to make it appear as if they are from the person's bank. 

The scammer asks for the customer's online banking username and then instructs them to recite back a passcode given through text or email to "verify their identity." In actuality, the fraudster begins a transaction — such as the "forgot password" option on the financial institution's website — that creates the member's authentication passcode. 

Ken Otsuka is a senior risk consultant of CUNA Mutual Group, an insurance company that offers credit unions financial services. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. What’s your username?” 

“In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.’” 

Once the scammer obtains control of the bank account, they will make different deposits to other accounts before draining the customer's funds. When a victim understands what has happened, they typically contact their bank right away. Unfortunately, most consumers who fall victim to this type of direct contact phishing fraud rapidly discover that many banks are unable to help them recover their stolen funds in any way. The banks argue that the transaction was initiated by the customer and thus does not fall under Regulation E's "unauthorised transaction" protection.
Read more »
United States
Crypto Currency Multi-factor authentication SMS Technology Threat actor United States

Thousands of Coinbase Clients were Robbed due to an MFA Flaw

 

After exploiting a vulnerability in Coinbase's SMS multi-factor authentication security mechanism, a threat actor stole cryptocurrency from 6,000 customers, according to the firm. A threat actor executed a hacking campaign between March and May 20th, 2021 to penetrate Coinbase customer accounts and steal cryptocurrency, according to a warning given to impacted consumers this week. 

The hackers apparently required to know the user's email address, password, and phone number, as well as have access to their email accounts, according to the US-based exchange, which has roughly 68 million customers from over 100 countries. It's unclear how the hackers got their hands on that information. 

"In this incident, for customers who use SMS texts for two-factor authentication, the third party took advantage of a flaw in Coinbase's SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account," Coinbase told customers in electronic notifications. 

Customers' personal information was exposed as well, according to the report, "including their complete name, email address, home address, date of birth, IP addresses for account activity, transaction history, account holdings, and balances."

According to Coinbase, a flaw in their SMS account recovery process allowed hackers to acquire access to the SMS two-factor authentication token required to access a secured account. Coinbase claims to have updated the "SMS Account Recovery protocols" after learning of the incident, preventing any further bypassing of SMS multi-factor authentication. 

Because the Coinbase bug allowed threat actors to gain access to accounts that were thought to be secure, the exchange is depositing funds in affected accounts equal to the stolen amount. 

"We will be depositing funds into your account equal to the value of the currency improperly removed from your account at the time of the incident. Some customers have already been reimbursed -- we will ensure all customers affected receive the full value of what you lost," promised Coinbase. It's unclear whether Coinbase will credit hacked users with the stolen cryptocurrency or fiat currency. If fiat currency is used, it may result in a taxable event for the victims if their profits increase. 

Coinbase recommends implementing multi-factor authentication (MFA) with security keys, Time-based One-Time Passwords (TOTP) with an authenticator app, or SMS text messages as a last resort in their account security guide.
Read more »
SMS
Credit Card Fraud Cyber Fraud Hackers OTP Singapore SMS

Hackers Impersonate Bank Customers and Make $500k in Fraudulent Credit Card Payments

 

Hackers from other countries were able to impersonate 75 bank clients and made $500,000 in fraudulent credit card payments. This was accomplished using a clever way of intercepting one-time passwords (OTPs) sent by banks via SMS text messages. In a joint statement released on Wednesday, the Infocomm Media Development Authority (IMDA), the Monetary Authority of Singapore (MAS), and the Singapore Police Force detailed how hackers redirected SMS OTPs from banks to foreign mobile networks systems. 

The SMS diversion method, they said, “requires highly sophisticated expertise to compromise the systems of overseas telecommunication networks”. Last year's fraudulent transactions took place between September and December. The bank clients claimed that they did not initiate the transactions and that they did not get the SMS OTPs that were required to complete them. 

According to Mr. Wong, the MAS' deputy chairman, the Monetary Authority of Singapore (MAS) would engage with financial institutions to fine-tune the existing framework on fraudulent payment transactions, which covers the responsibilities and liabilities of banks and customers in such instances. 

Between September last year and February, the police received 89 reports of fraudulent card transactions using SMS one-time passwords (OTPs), according to Mr. Wong. Ms. Yeo Wan Ling (Pasir-Ris Punggol GRC) had inquired if bank-related cyber frauds had increased in the previous six months.

"While these cases represent less than 0.1 percent of fraudulent online card transactions reported, and the number of cases has come down since March 2021, it is nevertheless concerning," Mr. Wong said. 

Singapore's financial and telecommunications networks have not been hacked, according to the authorities. Affected customers who took efforts to safeguard their credentials would not be charged for any of the fraudulent transactions as a gesture of goodwill from the banks, according to the authorities. The names of the banks involved were kept under wraps. 

The cybercriminals utilized this method to get the victims' credit card information and mobile phone numbers in this incident. They also got into the networks of international telecoms and exploited them to alter the location information of the Singapore victims' mobile phones. 

By doing so, the hackers deceived Singapore telecom networks into believing that Singapore phone numbers were roaming overseas on the networks of other countries. The hackers subsequently made fraudulent online card payments using the victims' stolen credit card information.

As a result, when banks issued SMS OTPs to victims to authenticate transactions, the criminals were able to reroute these text messages to foreign mobile network systems. The fraudulent card payments were subsequently completed using the stolen OTPs. This corresponds to the victims' claims that they did not get the OTPs.
Read more »
SMS
Android Botnet Credential stealing malware SMS

UBEL is the Android Malware Successor to Oscorp

 

As part of a fresh campaign that began in May 2021, an Android malware that was discovered misusing accessibility features in the device to steal user credentials from European banking applications has morphed into an altogether new botnet. Oscorp, a mobile malware built to attack several financial targets with the purpose of stealing funds from unsuspecting users, was revealed by Italy's CERT-AGID in late January. 

The Oscorp malware, like other Android malware, convinces users to provide them access to the Android Accessibility Service, which allows them to read text on the phone screen, determine an app installation prompt, traverse through the permission list, and install apps on the user's behalf. “Not being able to access the private files of other applications, the actions of these malicious apps are “limited” to the theft of credentials through phishing pages, to blocking the device and possibly to the capture of audio and video,” read the advisory published by Italy’s CERT-AGID. 

Malicious SMS messages were used to spread the malware, with attackers pretending as bank operators to deceive targets over the phone and secretly get access to the infected device using WebRTC protocol, allowing them to execute unlawful bank transfers. While no fresh activities have been detected since then, it appears as Oscorp has returned after a brief hiatus in the shape of the UBEL Android botnet. 

"By analysing some related samples, we found multiple indicators linking Oscorp and UBEL to the same malicious codebase, suggesting a fork of the same original project or just a rebrand by other affiliates, as its source-code appears to be shared between multiple [threat actors]," Italian cybersecurity company Cleafy said on Tuesday, charting the malware's evolution. 

UBEL, like its predecessor, is marketed on underground forums for $980 and asks for invasive permissions that allow it to read and send SMS messages, record audio, install and delete apps, initiate itself automatically after system boot, and exploit Android accessibility services to collect confidential data such as login credentials and two-factor authentication codes, the results of which are exfiltrated back to a remote server. 

Once installed on the system, the malware tries to disguise itself as a service and hide its presence from the target, allowing for long-term persistence. Surprisingly, using WebRTC to communicate with the hijacked Android phone in real-time eliminates the requirement to enroll a new device and take over an account in order to commit fraud. 

"The main goal for this [threat actor] by using this feature, is to avoid a 'new device enrolment', thus drastically reducing the possibility of being flagged 'as suspicious' since device's fingerprinting indicators are well-known from the bank's perspective," the researchers said.
Read more »
WhatsApp
Mobile Security OTP Scammers SMS two step verification WhatsApp

WhatsApp Hijack Scam, Here's All You Need To Know

 

By posing as a friend and asking for SMS security codes, scammers are continuing to target WhatsApp users and hijack their accounts. The con has been around for years, yet victims have continued to fall for it, with many sharing their stories on social media. Users should never give out their security codes to anyone, even if they appear to be a buddy, according to WhatsApp. 

If users receive six-digit WhatsApp codes that they did not expect, they should be concerned. When setting up a new account or signing in to an existing account on a new device, such codes are frequently seen. However, if the code is obtained unexpectedly (without the user's request), it could be a scammer attempting to gain access to your account. 

The fraudster would then send you a WhatsApp message asking for the code. The most essential thing to remember is not to share the code, as the message appears to be from a legitimate friend or family member in most circumstances, even though the account has already been hacked. 

One victim, Charlie, told the BBC, "I got a WhatsApp message from my good friend Michelle, stating she was locked out of her account. She stated she sent the access code to my phone instead of hers by accident and that I could just screenshot it and send it over." In actuality, Charlie had given the scammer the code to his own account. 

He told the BBC, "I guess I fell for it since we all know how annoying technology can be and I was eager to help. I didn't realise what had happened for a day." Charlie stated that he had deleted WhatsApp and would no longer use it. 

The hijacker can pretend to be you and send messages to your friends and family using a stolen account. They might act as if you're facing a financial emergency and beg your contacts for money. It also provides them with the phone numbers of your contacts, allowing them to try the six-digit code trick on fresh victims. By gaining access to your account, the fraudster will be able to see sensitive information in your group chats. 

WhatsApp advises users to be cautious and not reveal their One Time Password (OTP) or SMS security code to anybody, even friends and relatives. Citizens can also enable two-step verification for added security.
Read more »
SMS
Credential stealing Cyber Attacks Google Chrome phishing SMS

Fake Chrome App is Being Used as Part of a Cyberattack Campaign

 

According to researchers at cybersecurity company Pradeo, a new Android malware has been discovered that imitates the Google Chrome software and has already infected hundreds of thousands of smartphones. The hazard has been labeled a "Smishing Trojan" by the researchers. 
 
According to the researchers, the false Google Chrome app is part of a smartphone attack campaign that uses phishing to steal your credit card information. By downloading the fake software, the device becomes a part of the attack campaign as well. 

“The malware uses victims’ devices as a vector to send thousands of phishing SMS. We evaluate that the speed at which it is spreading has enabled it to already target hundreds of thousands of people in the last weeks. ”, said the researchers in their ‘Security Alert’ post on their website. 

The assault begins with a simple "smishing" gambit, according to Pradeo researchers: targets receive an SMS text telling them to pay "custom fees" to open a package delivery. If they fall for it and press, a message appears informing them that the Chrome app needs to be updated. If they accept the order, they'll be directed to a malicious website that hosts the phony app. It is, in reality, ransomware that is downloaded into their phones. 

After the ostensible "update," victims are directed to a phishing list, which completes the social engineering: According to the study, they are asked to pay a small sum (usually $1 or $2) in a less-is-more strategy, which is of course just a front to collect credit card information.

“Attackers know that we’re accustomed to receiving alerts of all types on our smartphones and tablets,” Hank Schless, senior manager of security solutions at Lookout said. “They take advantage of that familiarity to get mobile users to download malicious apps that are masked as legitimate ones.” 

The campaign is especially risky, according to Pradeo researchers, because it combines an effective phishing tactic, dissemination malware, and multiple security-solution bypasses. “The attack could be the work of a regular level but very ingenuous cybercriminal,” Pradeo’s Roxane Suau said. “All the techniques (code concealment, smishing, data theft, repackaging…) used separately are not advanced, but combined they create a campaign that is hard to detect, that spreads fast and tricks many users.”
Read more »
SMS
Android Android Security malware Malware Attack McAfee SMS

Smishing Campaign: Roaming Mantis Attacks OS Android Systems With Malware

A smishing campaign which goes by the name Roaming Mantis is imitating a logistics firm to hack SMS messages and contact list of Android users from Asia since 2018. Last year, Roaming Mantis advanced its campaign impact by sending phishing URL messages and dynamic DNS services that attacked targets with duplicate Chrome extension "MoqHao." From the start of 2021, Mcafee Mobile Research Team has confirmed that the group is attacking users from Japan with the latest malware named SmsSpy. 

The corrupted code infects Android users that use either one of the two versions that depend upon variants of operating systems used by attacked systems. The phishing technique incorporated here shares similarities with earlier campaigns, still, the Roaming Mantis URL has the title "post" in composition. A different phishing message impersonates to be a Bitcoin handler and then takes the target to a malicious site (phishing) where the victim is requested to allow an unauthorized login attempt. 

McAfee reports, "During our investigation, we observed the phishing website hxxps://bitfiye[.]com redirect to hxxps://post.hygvv[.]com. The redirected URL contains the word “post” as well and follows the same format as the first screenshot. In this way, the actors behind the attack attempt to expand the variation of the SMS phishing campaign by redirecting from a domain that resembles a target company and service." Different malware, as a characteristic of the Malware distribution program, is sent which depends upon the Android OS variant that gained login to the phishing site. In Android OS 10 and later variants, malicious Google Play applications will get downloaded. In Android OS 9 and earlier variants, malicious Chrome applications will get downloaded. 

Because the infected code needs to be updated with each Android OS update, the malware actor targets more systems by spreading the malware that finds OS, instead of just trying to gain a small set with a single malware type. "The main purpose of this malware is to steal phone numbers and SMS messages from infected devices. After it runs, the malware pretends to be a Chrome or Google Play app that then requests the default messaging application to read the victim’s contacts and SMS messages," said McAfee.
Read more »
SMS
Canada Customer Data Cyber Crime Hackers Phishing Campaign SMS

Hackers Target Rogers With a New SMS Phishing Campaign

 

Rogers Communications Inc. is advising Canadians to be wary of SMS phishing scams that promise to refund consumers for a system outage that occurred earlier last week. Users were unable to use cellular voice and data networks after the network experienced a nationwide blackout a week ago. Threat actors are also sending fraudulent text messages to recipients, instructing them to click on a link to receive a rebate. 

An SMS circulated on social media falsely reports that “R0GERS WIRELESS INC.” (spelled with a zero instead of an O) is providing a $50 credit to anyone who clicks on a link provided.

Rogers Communications Inc. is a communications and publishing corporation based in Canada. With substantial additional telecommunications and mass media infrastructure, it mainly functions in the areas of cellular broadcasting, cable television, telephony, and Internet connectivity. Rogers' offices are located in Toronto and Ontario. While the business dates back to 1925, when Edward S. Rogers Sr. formed Rogers Vacuum Tube Company to market battery less radios, the current venture dates back to 1960, when Ted Rogers and a partner purchased the CHFI-FM radio station, and then became part-owners of a consortium that created the CFTO television station.

Rogers replied that it never sends credit alerts via text message and advises anyone who receives one to ignore the embedded link. Furthermore, the credit amount will vary based on the cellular plan and will not include a registration link, according to the company. 

According to Ericsson, the 16-hour wireless system blackout on April 19th was triggered by a software update that caused devices to be disconnected from the network. A message from Rogers CTO Jorge Fernandes to customers the next day said, "We have addressed the software issue and our engineering and technical teams will continue to work around the clock with the Ericsson team to restore full services for our customers." 

The links in these texts all point to websites that are hosted on an IP address rather than a domain name. It's unclear what information was phished because the pages have all been taken offline, but it's definitely Rogers customers' personal and account information. 

Rogers is aware of the scam and has advised users to "forward the content of the SMS to 7726 (SPAM), to register it for investigation/blocking from the network," according to a tweet from the company.
Read more »
SMS
Cyber Attacks cybercriminals Dark Web SMiShing SMS

What are Smishing Attacks? How to Prevent Them?

 

Smishing is a cyber assault that utilizes SMS text messages to delude its victims into giving sensitive data to a cybercriminal. Sensitive data incorporates your account name and password, name, banking account, or credit card numbers. The cybercriminal may likewise implant a short URL link into the text message, inviting the client to tap on the link which in most cases is a redirect to a pernicious site. Smishing is identified with two other 'smishing' cyber assaults, phishing and vishing. 

Cybercriminals today are essentially inspired by monetary benefit. They create code intended to obfuscate your sensitive data for benefit. At the point when they acquire this information, they may hope to sell your compromised credit card or credentials on the dark web. They may likewise utilize sensitive information to open an account in your name or hold your information ransom in exchange for a large pay-out. 

Back in May 2018, Fifth Third Bank clients were the targets of a smishing assault. The assailants claimed to represent Fifth Third Bank. They contrived a plan to caution clients that their accounts were locked. Within the body of the text message, they gave a link to the clients to open their accounts. The link took the clueless client to a phony webpage that seemed to be like Fifth Third's genuine site. The phishing site prompted the visitors to enter their user name and password, one-time code, and PIN codes to open their account. The cybercriminals then utilized the stolen account data to expunge almost $68,000 from 17 ATMs across three states. 

Some of the ways to prevent smishing attacks are: 

• Try not to react to text messages that demand private or monetary data from you. 

• On the off chance that you get a message that has all the earmarks of being from your bank, financial institution, or other entity that you work with, contact that business directly to decide whether they sent you a genuine solicitation. Review this entity’s policy on sending text messages to clients. 

• On the off chance that a text message is encouraging you to act or react rapidly, pause and consider the big picture. Recall that crooks utilize this as a strategy to get you to do what they need. 

• Never reply to a dubious text message without doing your research and checking the source.
Read more »
SMS
Cybersecurity phishing SMS

Users on Alert as Text Scamming Attack on The Rise


The fear of scam messages may seem far now, and even distant.  With the rise of well-engineered and sophisticated attacks in recent time,  the threat of scam messaging attacks may seem low, however, they are still a persistent danger. SMS (short message service) scams are similar to email phishing attacks, they work through social engineering attacks. Popular as "Smishing" (SMS and phishing), the attacks try to lure victims into providing information and user access, which benefits the hacker.  

Present SMS hacking techniques 
The SMS scam warns users of a new, packaging delivery, which is considered to be better and effective than before. If the user replies, the hacker steals user data for money theft, identity theft, or stealing sensitive organization data.  In one particular attack, the message leads the victim to a website and then rewards with a small gift (a smartphone, for instance) in return, for filling a survey. The attackers ask for credit card credentials for shipping and then steals the money.  Similarly, another SMS scam variant uses fake bank messages for its attack. The hacker lures the victim to give away their banking credentials, and if the victim does so, the attacker uses Emotet malware to infect their devices.  Whereas in some scams, the victim is threatened with violence if he doesn't pay the ransom. The approaches in all these attacks may be different, but they all share a common goal, which is to gain access to personal information. In all these attacks, the victim is asked to open a link or go to a website, the hackers use these malicious links and websites to steal user data.  Some other scam campaigns use relief funds, food aids, bank, covid-19, or jury duty to fool the victim. It is quite difficult to grasp the content of these attacks, however, in the future, these attacks would be even more sophisticated and dangerous, with brand new content.   

Why these attacks are successful. 
Scammers are constantly striving to attack smartphone users, which is a part of a larger threat campaign series. The hackers here have the upper hand, first, they always come up with new techniques to attack users, secondly, in most of cases, victims are not even aware of these attacks. About social engineering, the initial stage is misdirection, where the user is excited and they become assured about whatever texts they receive.  For example, "you've got a text but there's a problem with your credit card."  A different variant of this theme delves into people's likes or interests to get their attention.  An attacker might use an emotional text to trigger user action.  This is why people often receive scam texts which have- Fire! Politics! Lottery! Crime! Hackers use these event references to trigger user action and make them click on a link, or open a website.  

How to protect yourself from scams.  
It is crucial for users to know how to stay safe from these scams and attacks. Application security, mobile data protection, and mobile phone security are the key components here.  Here's what a user can do: 

1. Avoid responding to suspicious messages, especially texts that ask you to click a link. Contact the source to confirm whether the information is authentic.  You may get a text from the delivery service, asking you to click the link to confirm, visit the website instead.  

2. Do not get tricked by messages or brands that seem to be genuine. Fake branding is one of the most common ways of fooling users.  

3. If possible, always report a scam text to be safe in the future. Most importantly, do not think that scamming is a threat of the past. 

In reality, these attacks are on the rise, evolving daily with new techniques. As an organization, staff must undergo training to identify and report scam texts and to be always prepared for the challenges.
Read more »
Subscribe to: Posts (Atom)