Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Scam Emails. Show all posts

UK Cybersecurity Agency Issues Warning: AI to Enhance Authenticity of Scam Emails

 

The UK's cybersecurity agency has issued a warning that artificial intelligence (AI) advancements may make it challenging to distinguish between genuine and fraudulent emails, particularly those prompting users to reset passwords. The National Cyber Security Centre (NCSC), affiliated with the GCHQ spy agency, highlighted the increasing sophistication of AI tools, such as generative AI, which can create convincing text, voice, and images based on simple prompts.

According to the NCSC's assessment of AI's impact on cyber threats, it anticipates a significant rise in cyber-attacks over the next two years. Generative AI, coupled with large language models like those powering chatbots, is expected to complicate the identification of various attack types, including phishing, spoofing, and social engineering.

The agency emphasized that by 2025, assessing the legitimacy of emails or password reset requests would become challenging for individuals, regardless of their cybersecurity expertise. Ransomware attacks, which have affected institutions like the British Library and Royal Mail, are also projected to increase. The NCSC pointed out that AI's sophistication lowers the entry barrier for amateur cybercriminals, enabling them to paralyze computer systems, extract sensitive data, and demand cryptocurrency ransoms.

Generative AI tools are already being used to create more convincing approaches to potential victims by crafting fake "lure documents" without typical errors associated with phishing attacks. While generative AI won't enhance ransomware code effectiveness, it will assist in identifying potential targets.

In 2022, the UK reported 706 ransomware incidents, compared to 694 in 2021, according to the Information Commissioner's Office. The NCSC warned that state actors likely possess enough malware to train AI models capable of creating new code that can evade security measures.

The report acknowledged AI's dual role, stating that it can also serve as a defensive tool by detecting attacks and designing more secure systems. In response to the rising threat of ransomware, the UK government introduced new guidelines, the "Cyber Governance Code of Practice," urging businesses to prioritize information security alongside financial and legal management.

Despite these measures, cybersecurity experts, including Ciaran Martin, the former head of the NCSC, have called for stronger actions. Martin emphasized the need for a fundamental shift in approaching ransomware threats, suggesting stronger rules on ransom payments and abandoning unrealistic notions of retaliatory measures.

New Phishing Scam Targets User's With Fake ChatGPT Platform

The general population is fascinated with AI chatbots like OpenAI's ChatGPT. Sadly, the popularity of the AI tool has also attracted scammers who use it to carry out extremely complex investment frauds against naive internet users. Nevertheless, security experts warn that ChatGPT and other AI techniques may be used to rapidly and on a much wider scale produce phishing emails and dangerous code.

Bitdefender Antispam Labs claims that the most recent wave of "AI-powered" scams starts with a straightforward unwanted email. In reality, our researchers were instantly drawn to what seemed to be a harmless marketing ploy, and they went on to uncover a complex fraud operation that poses a threat to participants' wallets and identities.

The initiative is currently focused on Denmark, Germany, Australia, Ireland, and the Netherlands.

How does the Scam Operate?

In the past several weeks, fake ChatGPT apps have appeared on the Google Play and Apple App Stores, promising users weekly or monthly memberships to utilize the service. The con artists behind this specific scheme go above and beyond to deceive customers.

Users who click the email's link are taken to a clone of ChatGPT that tempts them with money-making chances that pay up to $10,000 per month 'just on an exclusive ChatGPT platform.'

The recipient must click on an embedded link to access further information because the email itself is short on specifics. They click on this link to be taken to a bogus ChatGPT chatbot, where they are prompted to invest at least €250 and provide their contact information, including phone number, email address, and card details.

The victim is then given access to a copy of ChatGPT, which varies from the original chatbot in that it provides a limited number of pre-written responses to user inquiries. Only a domain that is blacklisted allows access to this chatbot.

It's nothing unusual for scammers to take advantage of popular internet tools or patterns to trick users. Use only the official website to test out the official ChatGPT and its AI-powered text-generating capabilities. Avoid clicking on links you get in unsolicited mail, and be particularly suspicious of investment schemes distributed on behalf of a corporation, which generally are scams.

PyPI Alerts of First-ever Phishing Campaign Against its Users

 

The Python Package Index, PyPI, issued a warning this week about an ongoing phishing campaign aimed at stealing developer credentials and injecting malicious updates into the repository's packages.

“Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI.” states the warning.

The phishing messages are intended to trick recipients into clicking a link in order to comply with a new Google mandatory validation process for all packages. Recipients are urged to complete the validation process by September to avoid having their packages removed from PyPI.

When users click the link, they are taken to a Google Sites landing page that looks similar to PyPI's login page. After obtaining the user account credentials, the attackers were able to push malicious updates to legitimate packages.

“The phishing attempt and the malicious packages are linked by the domain linkedopports[.]com, which appears in the malicious package code and also functions as the location to which the phishing site tries to send the stolen credentials.” reads the analysis published by Checkmarx.

This campaign's malicious packages attempt to download and execute a file from the URL hxxps:/python-release[.]com/python-install.scr. The packages had a low detection rate at the time of discovery; the malicious code is digitally signed and unusually large (63MB) in an attempt to evade AV detection).

The researchers also discovered another domain associated with this attacker's infrastructure, "ledgdown[.]com," which was registered under the same IP address. This domain masquerades as the official website of the cryptocurrency assets app "ledger live."
`
“This is another step in the attacks against open source packages and open source contributors.” concludes the post. “We recommend checking your network traffic against the IOCs listed below and as always, encouraging contributors to use 2FA.”

PyPI announced that it is revising its eligibility requirements for the hardware security key programme in the aftermath of the phishing attack. Any maintainer of a critical project, regardless of whether they already have TOTP-based 2FA enabled, it said.