Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Scammers. Show all posts
Voice-Based App
AI Tool Cyber Fraud Scammers User Security Voice-Based App

Meet Daisy, the AI Grandmother Designed to Outwit Scammers

 

The voice-based AI, known as Daisy or "dAIsy," impersonates a senior citizen to engage in meandering conversation with phone scammers.

Despite its flaws, such as urging people to eat deadly mushrooms, AI can sometimes be utilised for good. O2, the UK's largest mobile network operator, has implemented a voice-based AI chatbot to trick phone scammers into long, useless talks. Daisy, often known as "dAIsy," is a chatbot that mimics the voice of an elderly person, the most typical target for phone scammers. 

Daisy's goal is to automate "scambaiting," which is the technique of deliberately wasting phone fraudsters' time in order to keep them away from potential real victims for as long as possible. Scammers employ social engineering to abuse the elderly's naivety, convincing them, for example, that they owe back taxes and would be arrested if they fail to make payments immediately.

When a fraudster gets Daisy on the phone, they're in for a long chat that won't lead anywhere. If they get to the point when the fraudster requests private data, such as bank account information, Daisy will fabricate it. O2 claims that it is able to contact fraudsters in the first place by adding Daisy's phone number to "easy target" lists that scammers use for leads. 

Of course, the risk with a chatbot like Daisy is that the same technology can be used for opposite ends—we've already seen cases where real people, such as CEOs of major companies, had their voices deepfaked in order to deceive others into giving money to a fraudster. Senior citizens are already exposed enough. If they receive a call from someone who sounds like a grandchild, they will very certainly believe it is genuine.

Finally, preventing fraudulent calls and shutting down the groups orchestrating these frauds would be the best answer. Carriers have enhanced their ability to detect and block scammers' phone numbers, but it remains a cat-and-mouse game. Scammers use automated dialling systems, which allow them to phone numbers quickly and only alert them when they receive an answer. An AI bot that frustrates fraudsters by responding and wasting their time is preferable to nothing.
Read more »
Trade comminssion
Cyber Attacks CyberCrime Cybersecurity Hackers Scammers Tax Scams Trade comminssion

Tax Season Vigilance: Guarding Against Fraudulent Schemes

 


When people think about filing taxes, they get stressed out and intimidated. In this respect, they may be more susceptible to deception, including scammers' attempts to obtain valuable personal information from them, claim refunds under their names, and trick them into paying for fraudulent tax services, among others.

It is at the beginning of the tax season, which began on Jan. 29, when the Internal Revenue Service began processing and accepting federal income tax returns for 2023, that scammers will begin to attack us with scams. Tax season is coming up and the IRS is expecting more than 146 million individual returns to be filed by April 15, the due date. 

The Federal Trade Commission's Division of Financial Practices, led by an attorney who is a former employee of the agency, says that scammers use tax time to steal personal and financial information from individuals. 

To accomplish this, they pose as representatives of the Internal Revenue Service (IRS) and make people hand over their Social Security number and bank account information by contacting them over the phone using various high-pressure tactics. 

To maintain the trust of consumers, the IRS will not use aggressive techniques to obtain a taxpayer's personal information. They will initiate contact by letter and not use aggressive tactics to obtain the taxpayer's personal information. There are certain circumstances where the IRS may call users, but in most cases, they will send them mail messages or notices as a prelude to making the call. 

There have been a disturbing number of instances where people have been defrauded through the mail as well. It has been reported that in 2023 a scam in the mail was perpetrated by spoofing the IRS masthead, informing recipients that they had unclaimed refunds. There was a request in the letter for taxpayers to call a number to figure out more details, and also a request to provide sensitive information such as a photograph of the taxpayer's driver's license. 

Besides spoofing IRS caller IDs as well as other sophisticated tricks for fooling consumers, Dwyer says there are other methods for fooling consumers. A scammer in this case has altered the caller ID so that it appears as though the IRS is calling rather than some other unknown number. 

When the caller calls you, Dwyer advises that you let it go to voicemail and then search online to see if the number has already been reported as part of a scam before waiting to answer it. A scammer is also capable of sending emails that masquerade as IRS correspondence, with e-mail addresses, signatures, and logos that appear to be authentic, but are fakes. 

They may ask recipients to enter personal information on fraudulent websites when they click on the links in these emails. If a consumer has not heard back from the government agency about their tax filing or refund, they should generally view any phone calls or emails claiming to come from the IRS as highly suspicious. 

The IRS pays the consumer electronically in the form of a refund when they file a return in their name and provide the IRS with their bank account information, and the scammer then receives the refund by filing a return in the name of the consumer. There is no way they can accomplish this without possessing stolen personal information, including a Social Security number, which they can use to commit this crime. 

By filing your taxes as soon as possible, you can help prevent this outcome from occurring in the future. The consumer would not be made aware of the theft of their refunds until they attempt to file their tax returns after the refund has been stolen. Moreover, it would be a good idea to avoid sharing any personal information with identity thieves which would allow them to file a fake tax return to claim a refund that is not theirs. 

Scammers who ask for sensitive information by posing as people are not restricted to tax season only, so be mindful of their requests throughout the year. Individuals who have fallen victim to identity theft or are aware of a breach in their sensitive data are advised to exercise heightened caution and consider utilizing a credit monitoring service to ascertain if their information has been used for unauthorized account openings. 

Those affected by identity theft can leverage the services offered by the Federal Trade Commission's (FTC) website, IdentityTheft.gov, to formally report the theft and access a comprehensive recovery plan. This plan guides individuals through crucial tasks such as closing compromised accounts, rectifying inaccuracies in credit reports, and reporting the misuse of a Social Security number. 

For taxpayers grappling with the repercussions of a scam affecting their tax returns, seeking assistance from the federal Taxpayer Advocate Service is recommended. This independent organization, affiliated with the Internal Revenue Service (IRS), extends support to taxpayers unable to independently resolve tax-related issues. Advocates from this service are available to provide guidance and assistance in navigating challenges stemming from fraudulent activities.
Read more »
Scammers
Amazon CIA agent Cyber Fraud Federal Trade Commission Financial Exploit Scammers

How a Fake CIA Agent Duped Someone out of $50,000

 



Given a recent incident reported by The Cut, freelance finance writer Charlotte Cowles fell victim to an elaborate scam that highlights the dangers of social engineering. The scam began with a call from a number appearing as "Amazon," leading Cowles to believe she was a victim of identity theft. The caller, posing as a Federal Trade Commission official, connected her with a fake CIA agent named Michael. Over hours on the phone, "Michael" convinced Cowles that she faced serious charges related to the identity theft and persuaded her to withdraw $50,000 in cash. The twist? She was instructed to hand over the money to the CIA, which would inexplicably issue her a check for her own funds.

Despite suspicions during the ordeal, the scammers manipulated Cowles into isolation, urging her not to involve her family or the police, claiming it could jeopardise their safety. This tactic of isolating the victim is a common element in scams, aiming to heighten emotions and push individuals into making decisions they might not otherwise make. The scammers played on Cowles' fears for herself and her family, using personal details like the last four digits of her Social Security number to further erode her judgement.

Experts emphasise that falling victim to professional scammers is not a matter of lacking savvy. Selena Larson, a senior threat intelligence analyst, stresses that fraud perpetrators excel at social engineering and employ tactics like instilling fear, excitement, or urgency to manipulate their targets. To protect against such scams, Larson advises people to be wary of anyone trying to isolate them from friends and family, cautioning against trusting individuals posing as government officials or celebrities. Immediate requests for money and a sense of urgency are red flags that should prompt individuals to break off contact and report the activity.

This cautionary tale serves as a reminder that anyone can be targeted by scams. Larson suggests a vigilant approach, emphasising the importance of staying connected with loved ones and not succumbing to isolation. Additionally, adopting a strategy similar to Cowles' newfound tactic—never answering calls from unknown numbers—can be an effective way to avoid falling prey to scams.

As online threats continue to multiply, it is crucial for individuals to remain informed and alert. The incident also borders on the broader issue of cyber threats, including state-backed hacking efforts, ransomware attacks on hospitals, and the impact of cyberattacks on vulnerable communities. Stay safe and informed as we venture through the complexities of online security.

Read more »
Vishing
Cyber Fraud Cybersecurity Federal Trade Commission Mobile Security Scammers Vishing

Watch Out for Phone Scams

 


At the extent of people's gullibility, there is an increasing cybersecurity threat known as "vishing" which has become a cause for concern, impacting unsuspecting individuals and even businesses. Vishing, short for voice phishing, involves scammers attempting to trick people into revealing sensitive information over the phone. These calls often impersonate authorities like the IRS or banks, creating urgency to manipulate victims. In 2022 alone, victims reported median losses of $1,400, per the Federal Trade Commission (FTC).

What Is Vishing?

Vishing operates on social engineering tactics, relying on psychological manipulation rather than malware. The scammers may pose as government officials or company representatives to extract financial details, Social Security numbers, or other sensitive data. Notably, technological advancements, such as caller ID spoofing and AI-driven voice mimicking, contribute to the rising prevalence of vishing attacks.

Detecting a Vishing Attempt

Identifying vishing calls involves recognizing key signs. Automated pre-recorded messages claiming urgent matters or unsolicited requests for sensitive information are red flags. Scammers may pose as government officials, exploiting the authoritative tone to create a sense of urgency. The use of aggressive tactics during the call is another indicator.

What To Do? 

To safeguard against vishing scams, individuals can adopt practical strategies. Screening calls carefully and letting unknown numbers go to voicemail helps avoid falling prey to scammers who may attempt to spoof caller IDs. Remaining suspicious of unsolicited calls and refraining from sharing personal data over the phone, especially Social Security numbers or passwords, is crucial. Joining the National Do Not Call Registry can also reduce exposure to illegitimate calls.

Preventive Measures

Taking preventive measures can further fortify against vishing attacks. Signing up for the National Do Not Call Registry informs marketers about your preference to avoid unsolicited calls. Additionally, services like AT&T's TruContact Branded Call Display provide an extra layer of security, displaying the name and logo of the business calling AT&T customers.

In case one suspects falling victim to a vishing scheme, prompt action is essential. Contacting financial institutions, placing a security freeze on credit reports, and changing passwords, especially for sensitive accounts, are immediate steps. Reporting any attempted scams to the FTC and FBI adds an extra layer of protection.

As vishing scammers continually refine their tactics, individuals must stay vigilant. Being sceptical of unsolicited calls and refraining from sharing personal information over the phone is paramount in protecting against these evolving threats.

To look at the bigger picture, vishing poses a significant risk in the digital age, and awareness is key to prevention. Individuals can strengthen themselves against these deceptive attacks by staying informed and adopting precautionary measures. Remember, scepticism is a powerful tool in the fight against vishing scams, and every individual can play a role in ensuring their cybersecurity. Stay informed, stay cautious.


Read more »
URLs
Cyber Fraud Data Theft FTC Mallicious URLs Online Scams Personal Data QR code Scammers Scams URLs

FTC Warns: QR Codes May Result in Identity Theft


One might want to reconsider before scanning QR codes.

The codes, which are a digital jumble of white and black squares that are frequently used to record URLs, are apparently commonplace; they may as well be seen, for example, on menus at restaurants and retail establishments. The Federal Trade Commission cautioned on Thursday that they could be dangerous for those who aren't cautious.

According to a report by eMarketer, around 94 million US consumers have used QR scanner this year. The number is only increasing, with around 102.6 million anticipated by 2026. 

As per Alvaro Puig, a consumer education specialist with the FTC, QRs are quite popular since there are endless ways to use them.

“Unfortunately, scammers hide harmful links in QR codes to steal personal information,” Puig said.

Why is Stolen Personal Data a Threat? 

The stolen data can be misused by threat actors in a number of ways: According to a separate report by FTC, the identity thieves can use victim’s personal data to illicitly file tax returns in their names and obtain tax refunds, drain their bank accounts, charge their credit cards, open new utility accounts, get medical treatment on their health insurance, and open new utility accounts.

In some cases, criminals cover the legitimate QR codes with their own, in places like parking meters, or even send codes via text messages or emails, luring victims into scanning their codes. 

One of the infamous tactic used by scammers is by creating a sense of urgency in their victims. For example, they might suggest that a product could not  be delivered and you need to reschedule or that you need to change your account password because of suspicious activity.

“A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” Puig wrote. “And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.”

How can User Protect Themselves?

According to FTC, some of the measures one can follow to protect themselves from scams are:

  • Inspect URLs before clicking: Even if a URL looks familiar, it is advisable to check for any misspelling or switched letters in order to ensure it is legit. 
  • Do not scan a QR code in a suspicious/unexpected message: This is particularly valid when the text or email demands a quick response. If a user believe this to be a genuine message, it is advisable to get in touch with the business using a reliable channel, such as a working phone number or website. 
  • Protect devices and online accounts: Users are advised to use strong passwords and multifactor authentication and keep their phones’ OS in their latest versions.  

Read more »
Technology
AI Data Data Safety data security Phone Scam Scammers Security Technology

Phone Scammers Evolve: AI-Powered Voice Mimicry Poses New Threat

 

In an ever-evolving battle against phone scammers and robocalls, a growing concern is the use of artificial intelligence (AI) to mimic victims' voices, making these scams even more convincing. While efforts have been made to curb scam calls, it's imperative for individuals to bolster their phone defenses and remain vigilant.

Phone scammers and robocalls have become an epidemic, with billions of spam calls plaguing people worldwide. Voice security company Hyia reported a staggering 6.5 billion instances of phone spam calls in a single quarter. In the United States, the problem is particularly acute, with an average of 12 scam calls per month per person, and one in four calls being unwanted, according to a Q2 report.

AI Voice Mimicry Adds a Dangerous Twist

The latest development in the world of phone scams involves the use of AI technology to record victims' voices and replicate them in vishing (voice phishing) attacks. This advanced generative AI text-to-speech technology allows scammers to pose as someone familiar to their victims, even incorporating personal details to enhance the believability of the scam. This puts individuals at risk of inadvertently sharing sensitive information with scammers.

As scammers become more sophisticated, individuals need to strengthen their defenses against phone scams. Cross-referencing multiple apps that offer call filtering and spam protection can enhance overall prevention. If a suspicious call does get through, it's essential to hang up without divulging personal information and report the number to relevant apps. Furthermore, caution in sharing personal phone numbers and considering the use of virtual numbers or secondary lines for public or one-time purposes can be a wise approach.

Setting Phone Defenses on Android and iPhone

For Android users, enabling "Caller ID and spam protection" on Samsung phones or using the Phone by Google app with built-in spam filtering can help screen and block unwanted calls. However, it's crucial to verify caller IDs, as scammers can manipulate them.

Apple iPhone users can benefit from the "Silence Unknown Callers" feature and explore third-party apps for call blocking and identification. While these features are effective, there may be occasional false positives, so individuals should monitor their call history.

AI voice mimickers have made scam calls more convincing than ever, with up to 70% accuracy in cloning voices. Scammers often exploit a sense of urgency and fear to elicit information from their targets. In response, individuals should avoid picking up calls from unknown numbers, refrain from saying "yes," and confirm the legitimacy of calls directly with relevant organizations.

The Role of Reporting and Data Protection

Reporting suspected scammers to tech companies is vital for identifying and flagging problematic numbers quickly. Most phone apps offer reporting features, allowing users to block or report spam calls. Additionally, data breaches have contributed to the surge in fraudulent calls, making it essential for individuals to safeguard their personal information.

Google has taken steps to combat spam calls with AI-powered screening. The latest Call Screen, which utilizes improved AI, helps users receive 50% fewer spam calls on average. Google encourages countries to adopt the STIR/SHAKEN protocol to reduce spam calls effectively.

In the ongoing battle against phone scammers, individuals must remain vigilant, employ available defense strategies, and report suspicious activity to protect themselves and others from falling victim to these evolving scams.
Read more »
Security
Amazon Web Services attackers AWS Cloud Device Cyber Attacks Data Data Safety data security Hackers Safety Scammers Scams Security

SCARLETEEL Hackers Target AWS Fargate in Latest Cryptojacking Campaign

 

An continuing sophisticated attack effort known as SCARLETEEL continues to target cloud settings, with threat actors currently focusing on Amazon Web Services (AWS) Fargate.

According to a new report from Sysdig security researcher Alessandro Brucato, "Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture."

The cybersecurity firm originally revealed SCARLETEEL in February 2023, describing a complex attack chain that resulted in the theft of confidential information from AWS infrastructure and the installation of bitcoin miners to illicitly profit from the resources of the compromised systems.

However, Sysdig told The Hacker News that it "could be someone copying their methodology and attack patterns." Cado Security's follow-up investigation revealed possible connections to the well-known cryptojacking outfit TeamTNT.

The threat actor's recent action is a continuation of his propensity to target AWS accounts by taking advantage of weak public-facing web apps in order to achieve persistence, steal intellectual property, and maybe earn $4,000 per day utilizing bitcoin miners.

According to Brucato, "The actor discovered and exploited a flaw in an AWS policy which allowed them to escalate privileges to AdministratorAccess and gain control over the account, enabling them to then use it however they wanted."

The rival starts by taking advantage of JupyterLab notebook containers that are set up in a Kubernetes cluster. Using this initial foothold, the adversary conducts reconnaissance on the target network and gathers AWS credentials to gain further access to the victim's environment.

The installation of the AWS command-line tool and the Pacu exploitation framework for later exploitation come next. The assault is notable for using a variety of shell scripts, some of which target AWS Fargate compute engine instances, to retrieve AWS credentials.

"The attacker was observed using the AWS client to connect to Russian systems which are compatible with the S3 protocol," Brucato said, adding the SCARLETEEL actors used stealthy techniques to ensure that data exfiltration events are not captured in CloudTrail logs.

Other actions done by the attacker include the employment of a DDoS botnet virus known as Pandora and the Kubernetes Penetration Testing tool Peirates, all of which point to continued efforts on the side of the actor to monetize the host.

"The SCARLETEEL actors continue to operate against targets in the cloud, including AWS and Kubernetes," Brucato said. 

"Their preferred method of entry is exploitation of open compute services and vulnerable applications. There is a continued focus on monetary gain via crypto mining, but [...] intellectual property is still a priority."



Read more »
Security
attackers attacks CryptoLabs Cyber Fraud Data Data Safety data security hack Hackers Investors Safety Scam Scammers Security

CryptosLabs Scam Ring Preys on French-Speaking Investors, Amasses €480 Million

 

A group of cybersecurity researchers has uncovered the inner workings of a fraudulent organization known as CryptosLabs. This scam ring has allegedly generated illegal profits amounting to €480 million by specifically targeting individuals who speak French in France, Belgium, and Luxembourg since April 2018.

According to a comprehensive report by Group-IB, the scam ring's modus operandi revolves around elaborate investment schemes. They impersonate 40 prominent banks, financial technology companies, asset management firms, and cryptocurrency platforms. The scam infrastructure they have established includes over 350 domains hosted on more than 80 servers.

Group-IB, headquartered in Singapore, describes CryptosLabs as an organized criminal network with a hierarchical structure. The group comprises kingpins, sales agents, developers, and call center operators. These individuals are recruited to lure potential victims by promising high returns on their investments.

"CryptoLabs made their scam schemes more convincing through region-focused tactics, such as hiring French-speaking callers as 'managers' and creating fake landing pages, social media ads, documents, and investment platforms in the French language," Anton Ushakov, deputy head of Group-IB's high-tech crime investigation department in Amsterdam, stated.

"They even impersonated French-dominant businesses to resonate with their target audience better and be successful in exploiting them."

The scam begins by enticing targets through advertisements on social media, search engines, and online investment forums. The scammers masquerade as the "investment division" of the impersonated organization and present attractive investment plans, aiming to obtain the victims' contact details.

Once engaged, the victims are contacted by call center operators who provide them with additional information about the fraudulent platform and the credentials needed for trading. After logging into the platform, victims are encouraged to deposit funds into a virtual balance. They are then shown fabricated performance charts, enticing them to invest more in pursuit of greater profits. However, victims eventually realize they cannot withdraw any funds, even if they pay the requested "release fees."

"After logging in, the victims deposit funds on a virtual balance," Ushakov said. "They are then shown fictitious performance charts that trigger them to invest more for better profits until they realize they cannot withdraw any funds even when paying the 'release fees.'"

Initially, the victims are required to deposit around €200-300. However, the scam is designed to manipulate victims into depositing larger sums by presenting them with false evidence of successful investments.

Group-IB initially uncovered this large-scale scam-as-a-service operation in December 2022. Their investigation traced the group's activities back to 2015 when they were experimenting with various landing pages. CryptosLabs' involvement in investment scams became more prominent in June 2018 after a preparatory period of two months.

A key aspect of the fraudulent campaign is the utilization of a customized scam kit. This kit enables the threat actors to execute, manage, and expand their activities across different stages of the scam, ranging from deceptive social media advertisements to website templates used to facilitate the fraud.

The scam kit also includes auxiliary tools for creating landing pages, a customer relationship management (CRM) service that allows the addition of new managers to each domain, a leads control panel used by scammers to onboard new customers to the trading platform, and a real-time VoIP utility for communicating with victims.

"Analyzing CryptosLabs, it is evident that the threat group has given its activities a well-established structure in terms of operations and headcount, and is likely to expand the scope and scale of its illicit business in the coming years," Ushakov said.
Read more »
Scammers
Artificial Intelligence Cyber Attacks McAfee Scammers

Top Victim of AI Voice Scams with 83% Losing Money

A new report has revealed that India tops the list of countries most affected by AI-powered voice scams. The report, released by cybersecurity firm McAfee, shows that 83% of Indians who fell victim to voice scams lost money, making them the most financially affected.

Voice scams are a growing concern in India and around the world. Criminals use artificial intelligence (AI) technology to create lifelike voice bots that mimic real human voices, making it harder for victims to detect fraud. Once they gain the victim's trust, scammers use various tactics to steal their money or personal information.

According to the McAfee report, almost half of all Indians have experienced an AI-enabled voice scam. These scams can take many forms, such as impersonating bank officials, telecom providers, or even government officials. The scammers trick victims into revealing their bank account or credit card details or even convincing them to transfer money to a fake account.

The report highlights the need for greater awareness of AI-powered voice scams and how to avoid falling victim to them. It recommends that individuals take basic precautions such as not sharing personal information over the phone, verifying the identity of the person calling before divulging any information, and being wary of unsolicited calls.

McAfee also recommends that organizations invest in anti-fraud technology to help detect and prevent these scams. The report suggests that organizations could use advanced voice analytics to identify fraudulent calls and stop them in real time.

As AI technology continues to evolve, it is likely that voice scams will become even more sophisticated and harder to detect. It is therefore essential that individuals and organizations remain vigilant and take proactive steps to protect themselves from this growing threat.

The rise of AI-powered voice scams is a cause for concern in India and globally. With India topping the list of victims, it is clear that more needs to be done to combat this threat. By raising awareness, investing in anti-fraud technology, and taking basic precautions, individuals and organizations can help protect themselves from these scams and prevent criminals from profiting at their expense.


Read more »
Server Exploit
Cyber Security Japanese hackers Malicious actor phone scams Scammers Sensitive Data Leak Server Exploit

Cambodia Deports 19 Japanese Cybercrime Scam Suspects

Cambodia has deported 19 Japanese nationals for allegedly running online scams. According to reports, these individuals were involved in a cybercrime operation that used telephone calls to deceive people and steal their money. This incident highlights the need for improved cybersecurity measures to protect individuals and businesses from such scams.

The suspects were arrested in Cambodia after Japanese authorities requested their extradition. They were accused of running a call center from Cambodia to target people in Japan. The scam involved posing as officials from banks, tax offices, or other organizations, and asking victims to transfer money or reveal their personal information.

The arrests were part of a joint operation between Japanese and Cambodian law enforcement agencies. The suspects were charged with violating Japan's organized crime laws, as well as Cambodia's immigration laws. The Japanese authorities have commended the Cambodian government for their cooperation in this matter.

The incident highlights the vulnerabilities of online systems and the need for individuals and businesses to be vigilant. Cybercriminals often use social engineering tactics to trick people into revealing their personal information, such as passwords or bank account details. They may also use malware to gain access to computer systems and steal sensitive data.

To protect against such threats, it is important to implement robust cybersecurity measures. This may include using strong passwords, encrypting data, and regularly updating software and security systems. Additionally, individuals should be wary of unsolicited calls or emails, and should never disclose personal information unless they are certain of the identity and legitimacy of the caller.

In conclusion, the deportation of 19 Japanese nationals for their involvement in cybercrime highlights the need for improved cybersecurity measures. Online scams and fraud are a growing threat, and it is essential that individuals and businesses take steps to protect themselves against such threats. By remaining vigilant and implementing robust cybersecurity measures, we can help to safeguard our personal and financial information from cybercriminals.
Read more »
Scammers
BEC Attacks Business Email Compromise Cyber Crime Phishing Campaigns Psychological Tricks Scammers

Psychological Tactics Used by Cybercriminals to Conduct Malicious Activities


Recently, the emergence of finance and accounting related cyberattacks via phishing campaigns and Business Email Compromise (BEC) attack has been a hot topic for South African companies having gaps in their payment systems. 

BEC attack is a type of cybercrime wherein the threat actor poses as a trusted figure in order to dupe the victims to give off money or entice them into exposing confidential company information. 

However, according to Ryan Mer, CEO of eftsure Africa, a KYP platform provider, “robust financial controls together with strong server, IT, and email monitoring processes aren’t enough if staff aren’t savvy to the psychological tricks scammers use to manipulate people, making them more vulnerable to tricker and deception.” 

Mer rejects the idea that hackers target solely credulous, unskilled professionals. “The misconception that only foolish individuals fall victim to cybercrime and payment fraud is dangerous because it leads to complacency in the highly educated who occupy senior positions within organizations. Criminals engaging in payment are often well-skilled, well-resourced and armed with enough industry knowledge to appear legitimate.” 

Manipulating Trust and Competence 

Human tendencies to be cooperative, avoid conflict, and find quick and efficient solutions to problems are used as a bait by threat actor to obtain information or persuade their victims to take certain actions. 

A popular tactic is to pretend to be someone they know or trust in order to gain the trust of a potential victim. Examples include a worker receiving a letter from the financial director of a company telling them to make a quick payment to a vendor or an HR manager receiving a polite email from a worker asking that their bank information be altered for payroll purposes. 

Banking on Urgency 

While scammers are becoming more creative, a tried-and-true strategy that hackers frequently use is making their victims feel as though they need to act quickly. According to Mer, phishing emails and business email compromise scams are made to increase employees' likelihood of complying with potential threats they are supposed to notify. 

“Scammers lure victims into acting quickly before they have time to think rationally about the activities they’re undertaking. Implementing processes that require staff to slow down and double-check any actions that involve payments is vital,” he says. 

A new point of contact, a change in email address, or a change in banking information are examples of abrupt changes in customer or supplier business procedures that, he continues, should be viewed with care and thoroughly investigated before agreeing with an urgent request. 

Additional Automated Protection 

The continuous evolution in Cybercrime is making it a moving target. South Africa ranked third globally in terms of the number of cybercrime victims, according to Interpol's most recent African Cyberthreat Assessment Report, which was published in 2021. This crime costs the nation a staggering 2.2 billion yearly. 

“Ongoing education on the latest scams and the tactics used to execute them is crucial for South African companies. In addition, independent third-party verification systems like eftsure can offer a much-need extra layer of protection by automating payment checking and supplier verification, saving time on manual processes and reducing human error,” notes Mer.  

Read more »
Scammers
Cyber Attacks Cyber Scams CyberCrime Email Phishing Scammers

Air Fryers are Offered by Scammers as a 'Free' Kitchen Gadget

 


The deputy chief executive officer of Sainsbury's and Argos has warned shoppers to be vigilant against an air fryer scam targeting them at the moment. 

Taking part in an online survey is the only way to receive a free Ninja Air Fryer, which is the subject of the air fryer scam. To receive the free item, they will need to enter their credit card details as well as their shipping address. 

There is a convincing scam out there, as reported by secure card payment provider Dojo, in which fraudsters pose as Argos to entice you into making a payment. 

Due to the ongoing cost of living crisis, many people are still keen to buy air fryers, mostly at the cheapest possible price, to get the most bang for their buck. Unfortunately, the scam came at an unfortunate time. You can reduce your energy bills and cooking time by using this handy kitchen gadget.

There is a phishing email going around now that claims to offer a free Ninja Air Fryer, but Dojo is warning people to be wary of it. To qualify for the free item, users must complete an online survey and submit their card payment details along with the survey to receive it. In many ways, this is quite similar to the scam that has been going around with Curry's Smeg kettle in recent weeks, 

A link to the survey is provided on the Argos UK website, which appears to be an official Argos survey page. There are, however, several red flags that consumers should be aware of when it comes to online shopping. It is important to note that the website address and email address are not from Argos or its parent company, Sainsbury's. 

As far as the currency is concerned, it is the dollar. The payment offers will disappear after a certain time, which adds to the pressure on victims by adding another dimension to the scam. It is also intended to encourage anyone who has not completed the survey to fill it out and input their personal information. 

A concept known as a survey scam is a form of communication through email, text messages, and social media that mostly looks legitimate and tries to entice consumers to enter a survey to get free stuff. Usually, once fraudsters gain access to the consumer's credit card details, they will use those details to make lavish online purchases or empty the victim's bank account with the money they stole. 

According to Dojo's chief security officer Naveed Islam, one of the most common warning signs of a scam is to entice consumers with free items that seem too good to be true, thereby enticing them to become victims. As is visible in the Argos scam, these offers are usually time-limited to pressure victims into entering their bank details without any double-checking as to whether the transaction is legitimate, which is what many people do when they are scammed by these offers. 

The recent Currys scam, which has now spread to other retailers like Argos, has made consumers aware that they must remain vigilant about any offers they are presented with via their inboxes or social media accounts. If you are a victim of a scam, you should contact your bank immediately so that your credit card and account be suspended. Once that has taken place, your bank or building society's scam unit will provide you with specialized support.   
Read more »
Typo Squatting
Cyber Security Google Ads Infostealer Malicious actor MFA Microsoft Scammers Typo Squatting

Info-stealing Ads Spread by Malvertising

HP Wolf Security's cybersecurity researchers have issued a warning about various ongoing activities that aim to use typosquatting domains and malicious advertising to spread different types of malware to unwitting victims.

Additionally, the scammers paid various ad networks to broadcast ads promoting these bogus websites. Search engines can end up presenting harmful versions of the websites alongside trustworthy ones when users search for these programs in this manner. Users risk being misdirected if they are not careful and double-check the URL of the website they are viewing.

Bogus installers

A total of 92 domains that look like other software and may have been used to spread IcedID were found. If victims do find themselves in the incorrect location, they would not likely notice the difference.

The websites are meticulously created to resemble the real ones in practically every way. In the context of Audacity, the website hosts a malicious.exe file that poses as the installation for the program. 'audacity-win-x64.exe' is the file's name, and it is larger than 300MB in size. The attackers strive to avoid detection by being this large, in addition to antivirus software. The researchers found that several antivirus products' automatic scanning functions do not check really huge files.

According to Cyble security experts, Rhadamanthys was used to steal data from web browsers, crypto wallets, and messaging apps. It was spread using Google Ads that imitated AnyDesk, Zoom, Bluestacks, and Notepad++.

Another issue involved DEV-0569 abusing Google Ads to distribute BatLoader, according to Microsoft researchers. As part of the spreading process, the group imitated LogMeIn, Adobe Flash Player, and Microsoft Teams.

Due to their extensive capabilities, info-stealers are now a common type of malware utilized by hackers. The demand for this malware is so great that it rules many underground market forums.

Increased sales of victim data on the dark net will result from selling these new malware strains and the accessibility of info-stealer malware source code.

Users should double-check the integrity of these websites before downloading any installers as the most recent assault campaign mostly uses bogus websites that look legal to distribute malware. To reduce the risk of info-stealer malware, it is also advised to deploy MFA across all accounts.




Read more »
Scammers
Cyber Fraud Fraud Pig Butchering Scam Scammers

Pig Butchering Scam: Here's Everything you Need to Know

 

Criminals make billions of dollars via digital tricks including romance scams and business email hacks. And they always begin with a small amount of "social engineering" to deceive a victim into taking an unfavourable action, like transferring money into thin air or placing their faith in someone they shouldn't. These days, a new form of these schemes known as "pig butchering" is on the rise, entangling unwary victims to take all of their money and functioning on a big scale in large part due to forced labour. 

Due to a technique where attackers effectively fatten victims up and then take everything they have, pig butchering scams began in China, where they are known by the Chinese name shzhpán. The majority of these schemes use cryptocurrencies, however they can also incorporate other forms of financial trading.

Scammers use SMS texting or other social networking, dating, and communication platforms to make cold calls to potential victims. They frequently just greet you and say something like, "Hey Josh, it was great catching up last week!" The scammer takes advantage of the opportunity to start a discussion and lead the victim to believe they have a new friend if the recipient responds by saying that the attacker has the wrong number. After building a connection, the assailant will mention that they have been successful in investing in cryptocurrencies and urge the target to do the same while they still have the chance.

The scammer then installs a malicious app or web platform on the target that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims are frequently presented with curated real-time market data designed to demonstrate the investment's potential. And, once the target has funded their "investment account," they can begin to watch their balance "grow." The creation of malicious financial platforms that appear legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, such as allowing victims to make a video call with their new "friend" or withdraw a small amount of money from the platform to reassure them. The latter is a strategy used by scammers in traditional settings.

The swindle has some new twists, but you can see where it's going. The attackers close the account and disappear once the victim has deposited all of their money and everything the scammers can get them to borrow.

“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated. They want to get every last bit of oink, and they are persistent.” 

Though carrying out pig butchering scams requires a significant amount of communication and relationship building with victims over time, researchers claim that crime syndicates in China developed scripts and playbooks that allowed them to offload the work at scale onto inexperienced scammers or even forced laborer's who are victims of human trafficking.

“We can already see the damage and the human cost both to scam victims and to forced laborers,” says Michael Roberts, a longtime digital forensic analyst who has been working with victims of pig butchering attacks. “That’s why we need to start educating people about this threat so we can disrupt the cycle and reduce the demand for these kidnappings and forced labor.”

The idea is similar to ransomware attacks and digital extortion, in which law enforcement encourages victims not to pay hackers' ransom demands in order to disincentive them from trying again.

Although the Chinese government began cracking down on cryptocurrency scams in 2021, criminals were able to relocate their pig butchering operations to Southeast Asian countries such as Cambodia, Laos, Malaysia, and Indonesia. Governments all over the world have been warning about the threat. The FBI's Internet Crime Complaint Center received over 4,300 submissions related to pig butchering scams in 2021, totaling $429 million in losses. In addition, the US Department of Justice announced at the end of November that it had seized seven domain names used in pig butchering scams in 2022.

“In this scheme, fraudsters, posing as highly successful traders in cryptocurrency, entice victims to make purported investments in cryptocurrency providing fictitious returns to encourage additional investments,” the FBI stated in an October alert.

Government officials and researchers emphasize the importance of public education in preventing people from becoming victims of pig butchering schemes. People are less likely to be taken in if they recognize the warning signs and understand the concepts underlying the scams. The challenge, they say, is reaching out to a larger audience and convincing people who learn about pig butchering to share their knowledge with others in their families and social circles.

According to researchers, pig butchering scams, like romance scams and other highly personal and exploitative attacks, take an enormous psychological toll on victims in addition to their financial toll. And the use of forced labor to carry out pig butchering schemes adds another layer of trauma to the situation, making it even more crucial to address the threat.

“Some of the stories you hear from victims—it eats you up,” says Ronnie Tokazowski, a longtime business email compromise and pig butchering researcher and principal threat advisor at the cybersecurity firm Cofense. “It eats you up really freaking bad.”
Read more »
Theft
Credentials Cyber Fraud Fraud Safety Scammers Scams Security Theft

How to Prevent Corporate Login Credential Theft?

 

Expenditure on enterprise cybersecurity is growing rapidly. According to the most recent estimates, the average figure for 2021 will be more than $5 million. Despite this, US organizations reported a record number of data breaches in the same year. 

So, what's the problem? Static passwords, user errors, and phishing attacks continue to undermine security efforts. Threat actors benefit greatly from easy access to credentials. And user training alone will not be enough to restore the balance. A strong credential management strategy is also required, with multiple layers of protection to ensure credentials do not fall into the wrong hands.

During the first half of this year, nearly half of all reported breaches involved stolen credentials. Once obtained, these credentials allow threat actors to disguise themselves as legitimate users in order to deploy malware or ransomware or move laterally through corporate networks. Extortion, data theft, intelligence gathering, and business email compromise (BEC) can all be carried out by attackers, with potentially huge financial and reputational consequences. Breaches caused by stolen or compromised credentials cost an average of $4.5 million in 2021, and they are more difficult to detect and contain (327 days).

It may come as no surprise that the cybercrime underground is rife with stolen credentials. In fact, 24 billion were in circulation in 2021, a 65% increase over 2020. Poor password management is one factor.  Since password reuse is common, these credential hauls can be fed into automated software to unlock additional accounts across the web, a technique known as credential stuffing. They are quickly put to use once they are in the hands of hackers. 

As per one study, cybercriminals gained access to almost a quarter (23%) of accounts immediately after the compromise, most likely through automated tools designed to quickly validate the credibility of the stolen credential.

Phishing is a particularly serious enterprise threat that is becoming more sophisticated. Unlike the error-ridden spam of yesteryear, some efforts appear so genuine that even a seasoned pro would have difficulty detecting them. Corporate logos and typefaces are accurately reproduced. Domains may use typosquatting to appear identical to legitimate domains at first glance.

They may even use internationalized domain names (IDNs) to imitate legitimate domains by replacing Roman alphabet letters with lookalikes from non-Latin alphabets. This enables fraudsters to register phishing domains that look exactly like the original.

The same holds true for the phishing pages that cybercriminals direct employees to. These pages are intended to be convincing. URLs will frequently use the same tactics mentioned above, such as letter substitution. They also intend to imitate logos and fonts. These techniques make pages appear to be the "real deal." To trick users, some login pages display fake URL bars that display the real website address. This is why you can't expect employees to know which sites are legitimate and which are attempting to dupe them.

This means that user awareness programs must be updated on a regular basis to account for specific hybrid-working risks as well as constantly changing phishing tactics. Short, bite-sized lessons with real-world simulation exercises are required. Creating a culture in which reporting attempted scams is encouraged is also important.

But be aware that there is no silver bullet, and user education alone will not reliably prevent credential theft. Bad actors only need to be fortunate once. And there are numerous ways for them to contact their victims, including email, social media, and messaging apps. It is unrealistic to expect every user to detect and report these attempts. Education must use technology and solid processes.

Credential management should be approached in layers by organizations. The goal is to reduce the number of sites where users must enter passwords. Single sign-on (SSO) should be implemented by organizations for all reputable necessary work applications and websites. SSO should be supported by all SaaS providers.

In the meantime, a password manager would be useful if there are logins that require different credentials. This also allows employees to determine whether a login page can be trusted, as the password manager will not provide credentials for a site it does not recognize. To secure logins, organizations should also enable multi-factor authentication (MFA).

FIDO2 is also gaining popularity. It will provide a more robust solution than traditional authenticator apps, though those apps will still be superior to text-message codes. Not everything is foolproof, and risky login pages may slip through the cracks. Employees should only be flagged for risky login pages as a last resort. 

This can be accomplished by analyzing threat intelligence metrics, webpage similarities, domain age, and how users arrived at a log in page in real-time. This rating can then be used to either block high-risk login pages or warn users to check again for less-risky ones. Importantly, because this technology only intervenes at the last second, security appears transparent to the user and does not make them feel watched.

A layered approach to credential management, when combined with an architectural approach to security across the entire stack, can help reduce the attack surface and mitigate risk from an entire class of threat.
Read more »
User Privacy
Canada Cyber Fraud Holiday Scam Internet Scam Online fraud Scammers User Privacy

Customers are Advised to Exercise Caution as Internet Frauds Approach Record Levels

 

Online shoppers are being advised to exercise additional caution as the holiday shopping season draws to a close and the pressure to find the ideal gift builds. 

Scams, according to the Canadian Anti-Fraud Centre, the local police, and the Better Business Bureau of Vancouver Island, are at an all-time high. 

Fraudsters are most active in times of crisis, such as the one we are currently experiencing, when consumers must simultaneously contend with rising interest rates, rising inflation, and the holiday shopping frenzy, according to Rosalind Scott, CEO of the BBB Vancouver Island. 

“People, when they’re desperate to get a little bit more money, are quicker to believe these scams because they want it to be true,” she stated. 

Scott claimed that despite only 5% of individuals actually reporting being conned, there is a tremendous amount of internet fraud. “But we do know literally millions and millions of dollars are lost every year,” he said. 

More than $380 million US were lost to online shopping scams in North America last year, according to the Better Business Bureau's Scam Tracker, marking a rise of 87% since the tracker's introduction in 2015. 

The tracker stated that almost 36% of all allegations of online retail fraud originated from a fake website and that 40% of reported frauds were started by con artists using social media and email. 

Experts’ advice 

The Canadian Anti-Fraud Centre noted that in a bulletin released just before Black Friday and Cyber Monday, the two busiest online shopping days of the year, fraudsters have flooded social media feeds with deals that seem too good to be true while "spoofing" websites and email addresses — creating addresses that look like they come from a trusted or legitimate source — to entice unsuspecting customers. 

“Unfortunately, fraudsters and cybercriminals use holiday promotions to continue to victimize people. The best way to protect yourself and those around you is by learning what fraud and cybercrime look like and report it,” stated Chris Lynam, the centre’s director general. 

This means that customers should be on the lookout for warning signs like prices that seem excessively low, complicated payment procedures, poorly designed websites, stores that omit vital information like return policies, privacy policies, and contact information, online stores that lack security features, or websites with misspelled URLs. 

Online fraud is probably underreported, according to Victoria police Const. Terri Healy, because it is hard to investigate and most consumers interact with their credit card providers and financial institutions directly.  

Healy advised customers to shop with reputable online merchants, constantly check their credit card and bank statements for any unusual or suspicious behaviour, and steer clear of offers that look "too good to be true. Education and knowledge are your finest lines of defence against fraud. Discuss it if someone has been a victim of fraud or a scam. Inform your family, friends, and coworkers."

Consumers should never store credit card information in a web browser and should only make online purchases on private Wi-Fi networks, not public ones, according to the Canadian Anti-Fraud Centre. Use cellular data or create a virtual private network if transactions must be done over open networks. Additionally, they encourage conducting research, reading reviews, and exercising common sense. 

According to the centre, frauds involving online purchases or sales of products or services cost Canada more than $21.1 million in damages in 2021. Over 47,000 victims nationwide have reported $420 million in fraud of all types over the first ten months of this year. 
Read more »
Security
Cyber Fraud Fraud Hackers phishing Scam Scammers Security

DHL: Most-Spoofed Brand in Phishing

 

DHL is the most spoofed brand in phishing emails, according to Check Point. Between July and September 2022, crooks most frequently used the brand name in their attempts to steal personal and payment information from marks, with the shipping giant accounting for 22% of all global phishing attempts intercepted by the cybersecurity firm. 

On June 28, DHL informed customers that it was the victim of a "major global scam and phishing attack," and that it was "working hard to block the fraudulent websites and emails." In the phishing attempts, criminals used a tried-and-true phony message, falsely alerting customers that their package could not be delivered and requesting personal and payment information to proceed with the delivery.

These types of urgent requests — to change a password or, in this case, delivery or payment information — are especially effective at stealing credentials, as we saw with the recent Oktapus cybercrime spree.

Check Point discovered one phishing email that attempted to impersonate DHL and was sent from the address "info@lincssourcing[.]com." The report stated that crooks altered it to appear as if the sender was "DHL Express."

The subject line of the email, "Undelivered DHL(Parcel/Shipment)," as well as the message, attempted to dupe the victim into clicking on a malicious link claiming that they needed to update their delivering address in order to receive the package. Of course, the URL does not actually lead to DHL's website. Instead, it redirects them to a bogus, attacker-controlled website with a form asking the victim to enter their name and password, which the crooks then steal.

These stolen credentials can then be used to obtain additional account information, such as payment information, or simply sold to other identity thieves on dark-web forums. While DHL tops the list of stolen brands, Check Point reports that Microsoft is in second place for third-quarter phishing scams, accounting for 16% of all campaigns based on brand recognition. LinkedIn, which topped the list in both the first and second quarters of this year, fell to third place with 11 percent.

Victims are more likely to click on a malicious link that appears to be sent from a trusted brand, which feeds the phishing pool. It is a low-cost crime with a high return on investment for criminals. Last year, phishing attacks were by far the most commonly reported cybercrime, with 323,972 reported to the FBI and victims losing $44.2 million.

Check Point detailed another brand-spoofing phish example in which criminals used a fake OneDrive email to try to steal a user's Microsoft account information. The message was sent from "websent@jointak[.]com[.]hk," with "OneDrive" as a bogus sender name, and the subject: "A document titled 'Proposal' has been shared with you on Onedrive."

The Microsoft-brand phish, like the DHL spoof, attempts to trick the victim into clicking on a malicious link that spoofs a Microsoft web app login page and then enter their account password. As a general rule, users should avoid emails that request personal information or credit card information.

Read more »
Scammers
Cyber Fraud EU Anti-Fraud EU Commission Phishing Campaign Scammers

Scammers Impersonating European Anti-Fraud Office to Launch Phishing Campaigns

 

Threat analysts have unearthed multiple incidents of fraud and phishing attempts via malicious texts, letters, and scam phone calls purporting to be from OLAF, the European Anti-Fraud Office. 

The European Anti-Fraud Office (also known as OLAF,) is a body mandated by the European Union (EU) with guarding the Union's financial interests. It was established on 28 April 1999, under the European Commission Decision 1999/352. 

To target entities and individuals, scammers often impersonate the European Commission or OLAF’s logo and the identity of OLAF staff members to look convincing. They try to lure victims by offering to transfer the money on the condition that if the victim pays a charge and provides financial and private data.

European Anti-Fraud Office methodology 

OLAF’s investigators achieve their goal by launching independent internal and external investigations. Threat analysts coordinate the activities of their anti-fraud partners in the Member States to counter fraud activities. 

OLAF supplies EU member states with the necessary support and passes technical knowledge to assist them in anti-fraud activities. It also contributes to the design of the anti-fraud strategy of the European Union and takes adequate measures to strengthen the relevant legislation. 

Targeting prominent names and businesses 

Earlier this year in April, European Union's anti-fraud agency accused France's far-right presidential candidate Marine Le Pen and members of her party of misusing thousands of euros' worth of EU funds while serving in the European Parliament. 

According to the Investigative website Mediapart, the OLAF report claimed Le Pen had misappropriated 140,000 euros of public money with party members, diverting 617,000 euros. However, none were accused of profiting directly, but of claiming EU funds for staff and event expenses. 

In 2017, OLAF put an end to an intricate fraud scheme via which more than EUR 1.4 million worth of European Union funds, meant for emergency response hovercraft prototypes, had been misused. 

The investigators unearthed the fraud pattern as part of their investigation into alleged irregularities in a Research and Innovation project granted to a European consortium. The Italian-led consortium, with partners in France, Romania, and the United Kingdom, was handed the responsibility of managing two hovercraft prototypes to be utilized as emergency nautical mediums able to reach remote areas in case of environmental accidents. 

During on-the-spot checks performed in Italy by OLAF and the Italian Guardia di Finanza, OLAF identified multiple disassembled components of one hovercraft, as well as another hovercraft that was completed after the deadline of the project. It became crystal clear that, in order to obtain the EU funds, the Italian partners had falsely attested to the existence of the required structural and economic conditions to carry out the project. 

Preventive tips 

The European Anti-Fraud Office recommends users follow the tips mentioned below: 

If an individual receives any such request regarding transferring money and claims to be from OLAF or one of its staff members, then it is a scam because OLAF NEVER offers or requests money transfers to or from citizens. OLAF only investigates fraud impacting the EU budget, and suspicions of misconduct by EU staff. Additionally, do not reply or carry out any of the actions contained in the correspondence.

The impacted individual should immediately report any fraud and/or phishing attempt to national authorities competent for crimes and/or cybercrime. OLAF does not investigate scams related to cryptocurrencies or personal finances.
Read more »
Scammers
Cyber Fraud Fraudsters phishing PyPI Package Scam Scam Emails Scammers

PyPI Alerts of First-ever Phishing Campaign Against its Users

 

The Python Package Index, PyPI, issued a warning this week about an ongoing phishing campaign aimed at stealing developer credentials and injecting malicious updates into the repository's packages.

“Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI.” states the warning.

The phishing messages are intended to trick recipients into clicking a link in order to comply with a new Google mandatory validation process for all packages. Recipients are urged to complete the validation process by September to avoid having their packages removed from PyPI.

When users click the link, they are taken to a Google Sites landing page that looks similar to PyPI's login page. After obtaining the user account credentials, the attackers were able to push malicious updates to legitimate packages.

“The phishing attempt and the malicious packages are linked by the domain linkedopports[.]com, which appears in the malicious package code and also functions as the location to which the phishing site tries to send the stolen credentials.” reads the analysis published by Checkmarx.

This campaign's malicious packages attempt to download and execute a file from the URL hxxps:/python-release[.]com/python-install.scr. The packages had a low detection rate at the time of discovery; the malicious code is digitally signed and unusually large (63MB) in an attempt to evade AV detection).

The researchers also discovered another domain associated with this attacker's infrastructure, "ledgdown[.]com," which was registered under the same IP address. This domain masquerades as the official website of the cryptocurrency assets app "ledger live."
`
“This is another step in the attacks against open source packages and open source contributors.” concludes the post. “We recommend checking your network traffic against the IOCs listed below and as always, encouraging contributors to use 2FA.”

PyPI announced that it is revising its eligibility requirements for the hardware security key programme in the aftermath of the phishing attack. Any maintainer of a critical project, regardless of whether they already have TOTP-based 2FA enabled, it said.
Read more »
Security
Blockchain Crypto Cyber Fraud Data Fraud Deepfake Fraud Holograms Scam Scammers Security

Binance Executive: Scammers Created a 'Deep Fake Hologram' of him to Fool Victims

 

According to a Binance public relations executive, fraudsters created a deep-fake "AI hologram" of him to scam cryptocurrency projects via Zoom video calls.

Patrick Hillmann, chief communications officer at the crypto hypermart, stated he received messages from project teams thanking him for meeting with them virtually to discuss listing their digital assets on Binance over the past month. This raised some suspicions because Hillmann isn't involved in the exchange's listings and doesn't know the people messaging him.

"It turns out that a sophisticated hacking team used previous news interviews and TV appearances over the years to create a 'deep fake' of me," Hillmann said. "Other than the 15 pounds that I gained during COVID being noticeably absent, this deep fake was refined enough to fool several highly intelligent crypto community members."

Hillmann included a screenshot of a project manager asking him to confirm that he was, in fact, on a Zoom call in his write-up this week. The hologram is the latest example of cybercriminals impersonating Binance employees and executives on Twitter, LinkedIn, and other social media platforms.

Scams abound in the cryptocurrency world.
Despite highlighting a wealth of security experts and systems at Binance, Hillman insisted that users must be the first line of defence against scammers. He wrote that they can do so by being vigilant, using the Binance Verify tool, and reporting anything suspicious to Binance support.

“I was not prepared for the onslaught of cyberattacks, phishing attacks, and scams that regularly target the crypto community. Now I understand why Binance goes to the lengths it does,” he added.

The only proof Hillman provided was a screenshot of a chat with someone asking him to confirm a Zoom call they previously had. Hillman responds: “That was not me,” before the unidentified person posts a link to somebody’s LinkedIn profile, telling Hillman “This person sent me a Zoom link then your hologram was in the zoom, please report the scam”.

The fight against deepfakes
Deepfakes are becoming more common in the age of misinformation and artificial intelligence, as technological advancements make convincing digital impersonations of people online more viable.

They are sometimes highly realistic fabrications that have sparked global outrage, particularly when used in a political context. A deepfake video of Ukrainian President Volodymyr Zelenskyy was posted online in March of this year, with the digital impersonation of the leader telling citizens to surrender to Russia.

On Twitter, one version of the deepfake was viewed over 120,000 times. In its fight against disinformation, the European Union has targeted deepfakes, recently requiring tech companies such as Google, Facebook, and Twitter to take countermeasures or face heavy fines.
Read more »
Subscribe to: Posts (Atom)