Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Scams. Show all posts
vigilance
Cyber Fraud Cyber Threats Cybersecurity Data Theft phishing Scams Sensitive Information Spear Phishing Spoofing vigilance

The Evolution of Phishing Emails: From Simple Scams to Sophisticated Cyber Threats

 

Phishing emails have undergone significant changes over the past few decades. Once simple and easy to detect, these scams have now evolved into a sophisticated cyber threat, targeting even the most tech-savvy individuals and organizations. Understanding the development of phishing attacks is key to protecting yourself from these ever-evolving cyber dangers.

In the late 1990s and early 2000s, phishing emails were quite basic and easily identifiable. One of the most well-known scams was the "Nigerian Prince" email. These messages claimed to be from foreign royalty or officials, offering large sums of money in return for a small processing fee. The common signs included poor language, unrealistic promises, and large financial rewards—elements that eventually made these scams easy for users to recognize and dismiss.

As people became aware of these early scams, phishing attacks shifted focus, aiming to steal sensitive financial information. By the mid-2000s, attackers began impersonating banks and financial institutions in their emails. These messages often used fear-inducing language, such as warnings of account breaches, to pressure recipients into handing over personal details like login credentials and credit card information. During this time, phishing attempts were still marked by clear warning signs: poorly written emails, generic greetings, and inaccurate logos. However, as technology advanced, so did the attackers' ability to produce more convincing content.

The evolution of phishing took a major step forward with the introduction of spear phishing. Unlike traditional phishing, which targets a broad audience, spear phishing focuses on specific individuals or companies. Attackers gather personal information through social media and public records to craft emails that appear highly legitimate, often addressing the victim by name and referencing workplace details. This tailored approach makes the scam more believable and increases the chances of success.

Phishing emails today have become highly sophisticated, utilizing advanced techniques such as email spoofing to mimic trusted sources. Attackers frequently impersonate colleagues, supervisors, or official entities, making it difficult for users to tell the difference between genuine and malicious messages. Modern phishing schemes often rely on psychological tactics, using fear or urgency to pressure recipients into clicking harmful links or downloading malware. This evolution reflects the growing complexity of cybercriminal activities, demanding greater awareness and stronger cybersecurity defenses.

In summary, phishing emails have evolved from basic scams to intricate, personalized attacks that are harder to detect. Being informed about these tactics and staying vigilant is critical in the digital age. If you're ever in doubt about an email’s legitimacy, contact your Information Security Team for verification.
Read more »
Scams
Cyber Crime Cyber crimes DNS fraudulent activities Google Scams

New Coalition to Take Down Online Scams, Led by Google

 




As cybercrime continues to cost the world economy billions annually, a robust new coalition launched by Google, the DNS Research Federation, and the Global Anti-Scam Alliance (GASA) is working to disrupt online scammers at a global level. By all accounts, this partnership constitutes a "game changer." The United Coalition focuses on revealing and thwarting fraudulent activity online.

Online Scam Fighting via the Global Signal Exchange

The coalition will be launching a data platform called Global Signal Exchange, which will 24/7 scan open cyberspaces for signs of fraudulent activity and issue alerts. For a platform, it will leverage the DNS Research Federation's DAP.live: an aggregation platform that consolidates feeds from over 100 sources to spot potential scams. Google enhances these efforts while providing relevant feeds from DAP.live that should provide an even more comprehensive view of online fraud as it begins to take shape.

A Growing Threat in the Digital Age

Some scams are becoming almost too clever nowadays, to the extent that an estimated $8.6 billion is lost worldwide due to such scams each year, with few cases going to convictions. In the UK alone, each person is targeted nearly 240 times a year by a scammer via emails or texts from fake legitimate businesses or offices asking them for personal information, such as bank or credit card details.

Britain estimates the average loss per person due to scams is £1,169. Overall, 11% of adults admit that they have fallen for online fraud. More alarming is the economic loss in the proportion of older adults, which indicates people aged 55 and above lose an average amount of £2,151. Those between 36 and 54 lose about £1,270, while those less than 35 years old lose about £851.

The Call for International Cooperation

Another challenge while combating online scams is that many of the criminal organisations behind these scams are operating from abroad, often from such countries as Russia and North Korea. This international nature makes it even more difficult for local authorities to keep an eye on and legally prosecute them. The coalition aims to balance this gap by sharing scam information in real time, thereby creating a chance to respond quickly to new emerging threats. This collaborative approach will serve crucially because cybercriminals often operate in groups and have done all of this work so fast, which has made it really hard to fight scams alone by any single organisation.

Scammers collaborate, they pool and they act fast. The days when individual brands could combat cybercrime on their own are gone. Global Signal Exchange usher in a new chapter in the battle against cybercrime, and Google's partnership promises to be the game-changer," said Emily Taylor, Chief Executive of DNS Research Federation.

Scammers Use All Too Familiar Brand Names Trapping Victims

The research carried out by the coalition indicates that fraudsters make use of the identity of conspicuous brands to acquire victims. Some of the very popular brands currently being used in scams are: home delivery and courier services; financial services, including banks, insurance, and loan companies; companies in the Technology, Media, and Telecoms sector; many public sector organisations, including HMRC and local councils; and, in a few instances, prominent charities.

According to DNS Research Federation, the volume of scams seems to peak each year in November during the Black Friday promotions and associated online shopping. Much of such activity is occurring because of heightened online activity. Thus, proper defences are quite essential when activity reaches such peak levels.

An alliance towards consumers' protection around the world

The Global Anti-Scam Alliance was established in 2021 to create a network of businesses that stand together to protect consumers online from fraud. GASA, in partnership with Google and the DNS Research Federation, will decrease the profitability of scams in order to make them less appealing to cybercriminals.

As threats in cyber continue to grow and seemingly intensify, this alliance will very largely form a critical element in the protection of users internationally. The Global Signal Exchange represents a major leap forward in efforts on anti-scam activities as it promises that consumers will be better protected from online fraud, and are able to navigate an increasingly complex digital environment more securely.


Read more »
Singapore
Cyber Crime Cyber Fraud Financial Loss Impersonation Attack Meta Scams Singapore

Scammers Exploit Messaging Apps and Social Media in Singapore


 


Singapore is experiencing the dread of scams and cybercrimes in abundance as we speak, with fraudsters relying more on messaging and social media platforms to target unsuspecting victims. As per the recent figures from the Singapore Police Force (SPF), platforms like Facebook, Instagram, WhatsApp, and Telegram have become common avenues for scammers, with 45% of cases involving these platforms. 

There was a marked increase in the prevalence of scams and cybercrime during the first half of 2024, accounting for 28,751 cases from January to June, compared to 24,367 in 2023. Scams, in particular, made up 92.5% of these incidents, reflecting a 16.3% year-on-year uptick. Financial losses linked to these scams totaled SG$385.6 million (USD 294.65 million), marking a substantial increase of 24.6% from the previous year. On average, each victim lost SG$14,503, a 7.1% increase from last year.

Scammers largely employed social engineering techniques, manipulating victims into transferring money themselves, which accounted for 86% of reported cases. Messaging apps were a key tool for these fraudsters, with 8,336 cases involving these platforms, up from 6,555 cases the previous year. WhatsApp emerged as the most frequently used platform, featuring in more than half of these incidents. Telegram as well was a go-to resort, with a 137.5% increase in cases, making it the platform involved in 45% of messaging-related scams.

Social media platforms were also widely used, with 7,737 scam cases reported. Facebook was the most commonly exploited platform, accounting for 64.4% of these cases, followed by Instagram at 18.6%. E-commerce scams were particularly prevalent on Facebook, with 50.9% of victims targeted through this platform.

Although individuals under 50 years old represented 74.2% of scam victims, those aged 65 and older faced the highest average financial losses. Scams involving impersonation of government officials were the most costly, with an average loss of SG$116,534 per case. Investment scams followed, with average losses of SG$40,080. These scams typically involved prolonged social engineering tactics, where fraudsters gradually gained the trust of their victims to carry out the fraud.

On a positive note, the number of malware-related scam cases saw a notable drop of 86.2% in the first half of 2024, with the total amount lost decreasing by 96.8% from SG$9.1 million in 2023 to SG$295,000 this year.

Despite the reduction in certain scam types, phishing scams and impersonation scams involving government officials continue to pose serious threats. Phishing scams alone accounted for SG$13.3 million in losses, making up 3.4% of total scam-related financial losses. The SPF reported 3,447 phishing cases, which involved fraudulent emails, text messages, and phone calls from scammers posing as officials from government agencies, financial institutions, and other businesses. Additionally, impersonation scams involving government employees increased by 58%, with 580 cases reported, leading to SG$67.5 million in losses, a 67.1% increase from the previous year.

As scammers continue to adapt and refine their methods, it remains crucial for the public to stay alert, especially when using messaging and social media platforms. Sound awareness and cautious behaviour is non negotiable in avoiding these scams.


Read more »
T-Mobile
Cyber Attacks Malicious Link Mobile scam Mobile Security Phishing Attack Scams T-Mobile

T-Mobile Customers Alarmed by Unfamiliar Support Links, But They Are Legitimate

 

T-Mobile customers have recently raised concerns after receiving unusual-looking links from the company’s support channels, leading to fears of potential phishing scams. However, investigations have confirmed that these links are legitimate, though their appearance and unfamiliar origin have caused some confusion. The Mobile Report has revealed that T-Mobile’s support teams, including T-Force, the social media support team, are now utilizing a third-party service called Khoros to manage secure forms for customers. This change has led to the use of links with unfamiliar domain names, which naturally appear suspicious to users. 

For instance, one customer was directed to a “Handset Upgrade Form” through a link that, at first glance, seemed questionable. T-Mobile employees have assured The Mobile Report that these links are indeed authentic and part of a new procedure aimed at handling sensitive customer information more securely. In the past, T-Mobile hosted similar forms directly on its own servers using a T-Mobile domain, which customers were familiar with. The shift to an external platform, particularly one that customers do not recognize, has understandably caused some concern and confusion among users. 

Adding to the unease is the fact that Khoros, the company now hosting these forms, describes itself as a platform that uses AI and automation to analyze large amounts of data. While this approach is standard for many data-driven companies, it raises questions about the potential risks involved in sharing sensitive information with third-party services, especially when customers are not fully informed about the transition. Despite the legitimacy of these links in this instance, it is always wise for customers to exercise caution when dealing with unfamiliar links, even if they appear to originate from a trusted source. Phishing scams often rely on the use of seemingly legitimate links to deceive users into disclosing sensitive information. 

As a precaution, customers are advised to contact T-Mobile directly through official channels to verify the authenticity of any communication they receive, particularly when it involves providing personal or financial information. While T-Mobile’s new process using Khoros is legitimate, the lack of clear communication regarding the change has led to understandable concerns among customers. As always, caution and verification remain key to ensuring online safety, particularly when dealing with unexpected or unfamiliar links.
Read more »
Vulnerability
Awareness Cyber Criminals Cyber Fraud Cybersecurity elderly Financial Loss fraud prevention Online Scams Scams vigilance Vulnerability

India's Digital Rise Sees Alarming Surge in Online Scams Targeting the Elderly

 

With India advancing in the digital landscape, the country is also witnessing a concerning rise in online scams. In recent months, thousands of individuals have lost substantial sums to these cyber criminals, either hoping to earn more money or after being threatened. Scammers employ new tricks, targeting people across all age groups, with a notable increase in elderly victims. Cyber criminals use increasingly sophisticated techniques to exploit the vulnerability and trust of senior citizens, causing significant financial and emotional distress.

In one case from Bengaluru, a 77-year-old woman named Lakshmi Shivakumar lost Rs 1.2 crore to a scam. It began with a call from someone posing as a Telecom Department representative, falsely claiming a SIM card in her name was involved in illegal activities in Mumbai. The caller mentioned a complaint with the Mumbai Crime Branch to add credibility.

Within hours, she received another call from individuals impersonating Mumbai Crime Branch officers, accusing her of laundering Rs 60 crore and demanding her bank account details for verification. Using threats of arrest and showing a fabricated FIR and arrest warrant, the scammers coerced her into sharing her bank details, ultimately transferring Rs 1.28 crore from her account, promising the money's return after the investigation.

In another case from Chandigarh, an elderly woman was deceived out of Rs 72 lakh under the pretense of a digital arrest scam. She received a call from someone claiming to be from the Central Bureau of Investigation (CBI) office in Andheri, Mumbai, falsely implicating her in a drug case connected to a man named Naresh Goyal and threatening to freeze her bank accounts.

The scammer linked her ATM card to the suspect and claimed obscene messages from her phone were circulating. Under immense pressure, she complied with the demands, participating in a video call where a fake police ID was shown. Over a week, the scammers defrauded her of Rs 72 lakh, promising to return the money after proving her innocence.

Older people are particularly vulnerable to such scams due to several reasons. They often struggle to keep up with the latest technology and digital security measures, making them easy targets for tech-savvy criminals. Additionally, older adults are more likely to trust authoritative figures and may not recognize the signs of deceit in official-looking communications. Their financial stability and natural inclination to trust and cooperate with law enforcement further increase their susceptibility.

How to stay safe and protect the elderly from scams

To protect the elderly from falling prey to such scams, awareness and vigilance are crucial. Here are some essential tips:

  • Inform elderly family members about common types of scams and the tactics used by fraudsters. Regular discussions can help them recognize and avoid potential threats.
  • Encourage seniors to verify any unsolicited calls or messages by contacting the official organization directly using known contact details, not the ones provided by the caller.
  • Ensure that devices used by the elderly have updated security software to protect against malware.
Read more »
Technology
Cyber Outage Global IT Outage phishing Scams Technology

Crowdstrike: How to Stay Safe After a Global IT Outage

Crowdstrike: How to Stay Safe After a Global IT Outage

Cyber-security experts and agencies around the world are warning people about a wave of opportunistic hacking attempts linked to the IT outage.

Beware of Scams: Fake Emails and Websites Target Users After IT Outage

Although there is no evidence that the CrowdStrike outage was caused by malicious activity, some bad actors are attempting to take advantage.

Cyber agencies in the UK and Australia are warning people to be vigilant to fake emails, calls and websites that pretend to be official.

And CrowdStrike head George Kurtz encouraged users to make sure they were speaking to official representatives from the company before downloading fixes. “I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.,” Kurtz said in a blogpost.

Fear and Paranoia

Anytime there is a major news event, particularly one involving technology, hackers respond by adjusting their existing methods to account for the anxiety and uncertainty.

We witnessed the same thing with the Covid-19 pandemic when hackers modified their phishing email campaigns to include viral information and even pretended to have an antidote to hack people and organizations.

The Surge in Scams Post-Outage

Because the IT breakdown has become a global news issue, hackers are capitalising.

According to SecureWorks researchers, there has already been a significant increase in CrowdStrike-themed domain registrations, which involve hackers registering new websites that appear to be official and potentially trick IT managers or members of the public into downloading malicious software or handing over private information.

Managers on the Lookout

The advice is mostly for IT managers, who are being impacted while they work to restore their organizations' online operations.

Individuals may also be targeted, thus experts advise caution and to only act on information obtained through legitimate CrowdStrike channels.

Protecting Yourself from Scams

  • Verify the Source: Always verify the authenticity of any communication you receive. Contact the company directly using official contact information from their website, not the contact details provided in the suspicious message.
  • Look for Red Flags: Be wary of unsolicited messages that create a sense of urgency or pressure you to take immediate action. Check for spelling and grammatical errors, which are common in phishing attempts.
  • Use Security Software: Install and regularly update security software on your devices. This can help detect and block malicious websites and emails.
  • Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
  • Educate Yourself: Stay informed about the latest scam tactics and share this information with friends and family. Awareness is a powerful tool in preventing cybercrime.
Read more »
Vishing Campaign
Cyber Security cybercriminals Information Security Personal Data QR code Quishing Scams Vishing Vishing Campaign

Understanding Vishing and Quishing: Protecting Yourself Against Telephone and QR Code Scams

 

In our digitally interconnected world, cybercriminals continuously devise new methods to exploit technology for their malicious intents. Two prevalent schemes gaining traction are vishing and quishing scams. These fraudulent activities capitalize on telephone calls and QR codes to deceive unsuspecting individuals into revealing sensitive personal and financial information. 

Vishing, derived from "voice" and "phishing," entails perpetrators posing as trusted entities over the phone to trick individuals into sharing confidential data like bank account details or passwords. Employing tactics such as urgent requests or threats of repercussions, these scammers manipulate victims into compliance. For instance, a vishing scam might involve a caller impersonating a bank representative, claiming an account issue that necessitates immediate action from the victim. 

Alternatively, fraudsters may masquerade as technical support agents from reputable companies, coercing victims into paying for unnecessary services or software under false pretenses of fixing non-existent computer problems. Another vishing variant, the "police officer tactic," targets vulnerable individuals, particularly the elderly, by feigning as law enforcement officers. Fabricating stories about imminent criminal threats, these scammers persuade victims to surrender valuables or cash, ostensibly for protection. 

On the flip side, quishing represents a newer cybercrime form exploiting QR codes to entice victims to fraudulent websites for data compromise. With QR code prevalence in daily life, quishing has become an increasingly insidious threat. Cybercriminals send deceptive emails containing QR codes, enticing recipients to scan them with their smartphones under false pretenses. Once scanned, these QR codes redirect users to malicious websites designed to distribute malware-infected files or capture login credentials entered by unsuspecting victims. 

Seamless QR code scanning integration into daily activities makes it easy for individuals to fall prey to quishing attacks without recognizing the danger. Protecting against vishing and quishing necessitates heightened vigilance and adherence to cybersecurity best practices. When receiving unsolicited phone calls, it's crucial to verify the caller's identity by independently contacting the organization they claim to represent using official contact information. 

Refrain from divulging personal or financial information over the phone unless legitimacy is verified. To guard against quishing scams, exercise caution when scanning QR codes, especially from unfamiliar or suspicious sources. Verify the website URL before entering sensitive information and ensure it's encrypted (https). Additionally, consider enabling multi-factor authentication for online accounts to add an extra security layer against unauthorized access. 

By staying informed about vishing and quishing tactics and implementing proactive security measures, individuals can safeguard themselves from falling victim to these malicious schemes. Awareness and caution remain paramount in protecting personal and financial well-being in today's digital landscape.
Read more »
Scams
malware Malware attacks Minecraft Source Packs online gaming scams online threats Scams

Malware Lurking in Minecraft Source Packs

In the world of gaming, customization is king. Players love tweaking their favourite games to make them even more exciting. But while mods and customizations can enhance your gaming experience, they can also hide dangerous threats. A new version of this malware (identified as d9d394cc2a743c0147f7c536cbb11d6ea070f2618a12e7cc0b15816307808b8a) was recently found concealed within a WinRAR self-extracting archive, cunningly masquerading as a Windows screensaver. Enter zEus, a sneaky malware that is making its way into Minecraft source packs. 


Let's Understand In Detail How It Works

Unsuspecting players download what seems like a harmless source pack, only to find themselves unknowingly installing zEus onto their systems. Once activated, the malware gets to work, stealing sensitive data and sending it off to a Discord webhook, where the perpetrators eagerly await their ill-gotten gains. But the trickery doesn't stop there. 

The self-extract file not only runs the malicious software but also opens an innocuous-looking image file, featuring the word "zEus." This simple image serves as a distraction while the malware does its dirty work in the background. It's a cautionary tale for gamers everywhere: be vigilant when downloading mods and source packs, especially from unverified sources. Stay safe by sticking to reputable platforms and avoiding suspicious links and downloads. After all, in the world of gaming, it is not just high scores you need to watch out for—it is also stealthy malware like zEus. 

When zEus malware is executed, it first checks if it's being analyzed. If not, it collects sensitive data and deploys script files for flexibility. It creates folders in C:\ProgramData to store stolen data and malicious scripts. To avoid detection, it compares computer names and running processes against blacklists. The malware steals various information, storing each piece in text files within corresponding folders. 

It grabs IP details using online tools and collects hardware info using command-line utilities and PowerShell. It also targets browsers like Chrome and Firefox, copying login data, cookies, history, and bookmarks. Additionally, zEus steals login data from software like Steam and Discord and searches for Discord backup codes. It copies .ldb files from Discord's Local Storage, extracting account details. It also gathers data from game-related folders to understand the victim's interests. 

After collecting data, it compresses it into a zip file and deletes the original folders. The malware sends the zip file and system information like execution date, username, processor, and antivirus software. It also checks for cryptocurrency wallets and searches for files with keywords related to login mechanisms and sensitive data.
Read more »
vigilant defense
Apple Security Cyber Security Cyber Threats digital identity protection iPhone scams MFA bombing Phishing Attacks proactive measures Scams vigilant defense

Combatting iPhone Scams: Steps Towards Enhanced Security

 

The latest revelation in the realm of iPhone scams comes in the form of MFA (Multi-Factor Authentication) bombing. This sophisticated threat targeting Apple users underscores the need for heightened awareness and informed responses. Apple has promptly responded to the phishing attacks exploiting its password recovery system. The attackers, displaying adeptness, have bypassed CAPTCHA and rate limits, bombarding users with relentless MFA requests. Apple is now bolstering its defenses through backend solutions to thwart these cyber threats and ensure a safer user experience.

Contrary to common belief, changing passwords or email addresses may not offer complete protection against such attacks. This scam ingeniously targets phone numbers to evade security measures, highlighting the vulnerability of personal information readily available to scammers.

In the face of this escalating threat, vigilance is paramount. Users should approach unsolicited phone calls, especially those seeking sensitive information or one-time passwords, with caution. Regularly purging personal details from public databases can significantly reduce one's digital footprint, making it harder for scammers to exploit personal information.

The response to this threat extends beyond immediate countermeasures. There's a crucial need for Apple to enhance password recovery security measures, potentially integrating robust rate limiting into device lockdown modes. Such proactive steps, combined with a commitment to not share one-time passcodes, can strengthen defenses against current and future threats alike.

This scam is just one chapter in the ongoing saga of digital security challenges. By understanding its intricacies, users can better defend against similar threats. It's an ongoing learning process that requires vigilance and staying informed in the digital age.

Moving forward, safeguarding digital identities entails proactive defense measures. With informed decisions and a vigilant mindset, users can navigate the digital landscape securely and confidently.
Read more »
Scams
CID Criminal Investigation Department Cyber Fraud Cyberattacks CyberCrime Cybersecurity FedEx Fraud Calls Scams

Decoding the Elusive 'FedEx' Scam: An Inside Look at the Tactics and Challenges

 


One type of spam that is going around lately is FedEx scam calls, which have been targeting people, and are also doing the rounds. Most people have been victims of online fraud at some point in their lives. For us to better understand this scam, Tejal Sinha partnered up with experts to walk through it and explain it to people in detail to make the case easy to understand what, when, and how it occurs. 

The Internet has become a place full of scams, fraud, identity theft, and problems with online shopping. People have experienced all of these problems at times. The way to navigate the internet with the best intention of avoiding these hazards can seem like a challenge. 

Scammers are always trying to find new ways to trick people, so now, they are not only misusing big names to fool people, but they are also posing as law enforcement officials to scare people into giving them money, so it is more and more dangerous to give money to them.   

There has been a cyber fraud campaign that has swindled a retired policeman out of Rs 9.14 crore over the past fortnight in which cyber fraudsters posed as police officers claimed a courier package delivered by FedEx in his name contained illegal drugs and that he had been involved in money laundering. A number of the unknown suspects, infamous for their use of WhatsApp and Skype, have been allegedly holding the terrified victim under duress for some time from November 14 to November 28. 

Several alarming incidents have occurred over the past few years in Bengaluru in which residents have been scammed in an attempt to impersonate FedEx employees and law enforcement officials. Amit (name changed) is the latest victim, a 52-year-old businessman living in HSR Layout, who lost Rs 1.98 crore as a result of the scam. 

Typically, the scammers tell the victims that they will be placed in contact with the Mumbai Police Cyber Cell in response to their call, suggesting that there may be legal trouble imminent and potentially making them anxious and afraid. However, in the majority of cases, the victims had no involvement with sending or receiving the package.

It is also the case that Amit’s call was transferred to the Mumbai Police cybercrime branch. To inform Amit that his name had been mentioned as a subject of a money laundering investigation involving the intercepted package, the man posing as the police officer then made a Skype video call with him, informing him of the arrest.

In the end, Amit believed that he would need to transfer substantial sums of money to a "specified account" to be verified based on the allegations against him that had been made against him. Despite having been unable to leave the Skype conversation for more than two days, Amit's wife was also engaged in a call with someone claiming to be from law enforcement and even his wife was part of that conversation.  

Since the start of the year, Bengaluru police have been dealing with 163 cases of FedEx courier fraud. Till August, the total loss as a result of the fraud was more than Rs 5 crore. Attempts are underway by government authorities to deter students from taking part in this growing menace by promoting awareness and prevention. The National Crime Records Bureau (NCRB) has reported that the number of cybercrime cases reported in 2022 across 19 metropolitan cities accounted for an alarming 73.4% of the total of 13,534 cybercrime cases reported across the country. 

How to Prevent FedEx Package Scams and Other Fraudulent Schemes


Incoming Calls Can Be Concealed, People need to be attentive to calls they receive from unknown parties, especially those claiming to be FedEx representatives, law enforcement agencies, or other organizations they do not know. 

People should always consider their privacy when it comes to sharing sensitive information over the phone, especially if they are not certain of the legitimacy of the person they are speaking with. This includes details about the user's bank account, credit card information, or passport information.

Verify if a package appears suspicious: If any person receives a call regarding a suspicious package, do not hesitate to contact FedEx directly by calling their customer service hotline or by visiting their verified website. It is necessary to provide them with the tracking number as well as other relevant details that will enable them to confirm the status of the shipment and verify the validity of any claim they may be making. 

The best way to keep financial and personal information secure online is by using a strong, unique password for every account, enabling multi-factor authentication whenever available, updating the software, and keeping an eye out for links and attachments that seem suspicious or suspicious in an email or message. 

Please report any suspicious activity to the appropriate authorities. Victims should inform local law enforcement agencies as well as the Cybercrime Division if they suspect that they have encountered scams or fraudulent activity. Moreover, inform the courier company involved, such as FedEx, of the incident, so that the company can investigate the matter and provide any relevant information necessary to aid them in their efforts. 

Make sure friends, family members, and colleagues are aware of scams and fraudulent schemes by sharing information with them. The more people are aware of these scams, the more likely they are to be protected from them and to contribute to making the online environment a safer one.

CID (Criminal Investigation Department) is in the process of deciphering the methodologies and modus operandi of scammers so that they can locate their pockets and find out how they operate. In Bengaluru, where the CID runs its Centre for Cybercrime Investigation Training and Research, the agency imparts focused training to the CID’s sleuths for them to stay one step ahead of criminals in their pursuit of nefarious activities.
Read more »
URLs
Cyber Fraud Data Theft FTC Mallicious URLs Online Scams Personal Data QR code Scammers Scams URLs

FTC Warns: QR Codes May Result in Identity Theft


One might want to reconsider before scanning QR codes.

The codes, which are a digital jumble of white and black squares that are frequently used to record URLs, are apparently commonplace; they may as well be seen, for example, on menus at restaurants and retail establishments. The Federal Trade Commission cautioned on Thursday that they could be dangerous for those who aren't cautious.

According to a report by eMarketer, around 94 million US consumers have used QR scanner this year. The number is only increasing, with around 102.6 million anticipated by 2026. 

As per Alvaro Puig, a consumer education specialist with the FTC, QRs are quite popular since there are endless ways to use them.

“Unfortunately, scammers hide harmful links in QR codes to steal personal information,” Puig said.

Why is Stolen Personal Data a Threat? 

The stolen data can be misused by threat actors in a number of ways: According to a separate report by FTC, the identity thieves can use victim’s personal data to illicitly file tax returns in their names and obtain tax refunds, drain their bank accounts, charge their credit cards, open new utility accounts, get medical treatment on their health insurance, and open new utility accounts.

In some cases, criminals cover the legitimate QR codes with their own, in places like parking meters, or even send codes via text messages or emails, luring victims into scanning their codes. 

One of the infamous tactic used by scammers is by creating a sense of urgency in their victims. For example, they might suggest that a product could not  be delivered and you need to reschedule or that you need to change your account password because of suspicious activity.

“A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” Puig wrote. “And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.”

How can User Protect Themselves?

According to FTC, some of the measures one can follow to protect themselves from scams are:

  • Inspect URLs before clicking: Even if a URL looks familiar, it is advisable to check for any misspelling or switched letters in order to ensure it is legit. 
  • Do not scan a QR code in a suspicious/unexpected message: This is particularly valid when the text or email demands a quick response. If a user believe this to be a genuine message, it is advisable to get in touch with the business using a reliable channel, such as a working phone number or website. 
  • Protect devices and online accounts: Users are advised to use strong passwords and multifactor authentication and keep their phones’ OS in their latest versions.  

Read more »
token fraud
Check Point Threat Intel Blockchain crypto market risks cryptocurrency scams Cyber Fraud fraudulent activities Rug Pulls Scams smart contract manipulation token fraud

Crypto Investors Face Nearly $1M in Losses Due to Rug Pull Schemes

 

Check Point's Threat Intel Blockchain system has exposed a new fraudulent activity, spotlighting the ongoing issue of Rug Pulls – a deceitful maneuver causing financial harm to investors. The system recently detected dubious actions associated with a specific wallet address, unveiling an elaborate scheme that successfully siphoned nearly $1 million.

The scam, orchestrated by the wallet address 0x6b140e79db4d9bbd80e5b688f42d1fcf8ef9779, involved the creation of tokens related to popular topics to attract unsuspecting buyers. The detailed disclosure on Tuesday outlined the deceptive process, starting with the generation of counterfeit tokens like GROK 2.0. Subsequently, funds were injected into the token pool to create a false sense of legitimacy.

The scammer, through orchestrated trading activities, created an illusion of market engagement, particularly in trades between the WETH cryptocurrency and the GROK token. This inflated demand successfully lured in investors, and once a critical mass was achieved, the scammer rapidly withdrew liquidity from the token pool, resulting in substantial losses for investors.

Behind the scenes, the scheme involved two distinct smart contracts, each playing a crucial role in trading and artificially inflating the token's volume. The function 0x521da65d executed a total of 226 trades, while the contract at the address 0x4b2a0290e41623fbfeb5f6a0ea52dc261b65e29b facilitated the function 0xf029e7cf, strategically increasing the token's volume through swaps between WETH and GROK tokens.

Check Point emphasized that this incident underscores the inherent risks in the cryptocurrency market, emphasizing the importance of ongoing vigilance and due diligence. In a statement, the company stressed, “As the crypto landscape continues to evolve, staying vigilant and informed is paramount for investors,” the company wrote.

“The recent Rug Pull incident serves as a stark reminder of the need for heightened awareness and due diligence. By understanding the tactics employed by scammers, we can collectively work towards creating a safer and more secure crypto environment.”
Read more »
two-factor authentication
Artificial Intelligence business loss Cyber Fraud cybersecurity advocate fraudulent call Identity Theft Scam Alert Scams two-factor authentication

$1.2 Million Stolen from Grafton Family Business, Sparks Cyber Security Warnings

 

Paul Fuller has revealed how his business suffered a devastating loss of nearly $1.2 million due to a fraudulent call. The caller, identifying as "Mike" from the National Australia Bank (NAB), seemed trustworthy since Mr. Fuller's company had prior dealings with a NAB representative named Mike in Coffs Harbour. 

This imposter displayed an alarming level of knowledge about the business, including recent payments made. With deceptive claims of investigating fraudulent activities, the imposter coerced the accounts manager into granting access to the company's bank accounts. In a matter of minutes, $1.2 million vanished, causing severe damage to the business.

Although NAB managed to recover $84,000, they informed Mr. Fuller that further retrieval efforts were futile. This substantial financial setback has put immense strain on Mr. Fuller, who is now struggling to maintain the viability of his business. A total of 25 families depend on the company for their livelihoods, a responsibility that weighs heavily on his shoulders.

Mr. Fuller promptly reported the incident to both the police and the banking ombudsman, though he held little hope for additional restitution. In response, the company has implemented stringent security measures, including a policy to exclusively communicate with their designated bank manager.

Mr. Fuller issues a stern warning to fellow businesses, emphasizing that legitimate banks do not initiate such inquiries over the phone. He urges against divulging sensitive information to any unsolicited callers.

In a contrasting narrative, Bastian Treptel shares his unique journey from teenage hacker to cybersecurity advocate. At the age of 14, he infiltrated a major Australian bank, pilfering credit card details. When apprehended at 17, authorities offered him a choice between juvenile detention and aiding in cybercriminal detection. Opting for the latter, he spent the next 14 years running a company devoted to safeguarding businesses from cyber threats.

Mr. Treptel likens cyber attacks to a silent menace, with many erroneously assuming immunity. He stresses that a staggering one in three individuals falls victim to such breaches, yet only 4 percent manage to reclaim their losses.

Highlighting the vulnerability of small businesses, Mr. Treptel explains that they often possess fewer security measures and more accessible funds, making them attractive targets. He underscores the evolution of hacking, now employing sophisticated techniques aided by artificial intelligence. Malicious emails or files are no longer prerequisites; even innocuous actions, like downloading images, can facilitate cyber infiltration.

Furthermore, Mr. Treptel cautions about the potential risks posed by everyday devices like smart TVs and printers, all of which can serve as gateways for cyber intrusion. He advocates for the widespread adoption of two-factor authentication as a crucial defense measure.

ID Support NSW, a state agency aiding victims of identity theft and hacking, underscores the importance of bolstering cybersecurity. Recommendations include enforcing robust passwords, scrutinizing the security of third-party systems, limiting access to sensitive information, and collecting only essential personal data.
Read more »
vishing scams prevention
Cyber Fraud Fraud Scams User Data User Safety User Security Vishing vishing scams prevention

Vishing Scams: Here's How to Spot & Defend Against Them

 

Vishing (voice or VoIP phishing) is a sort of cyber attack that uses voice and telephony technologies to deceive targeted persons into disclosing sensitive data to unauthorized entities. 

The information could be personal, such as a Social Security number or details about a financial account, or it could be tied to a commercial environment. For example, fraudsters may use vishing to entice an employee to provide network access information.

In 2022, "38% of the reports submitted to the FTC by consumers ages 80+ indicated phone calls as the initial contact method," according to Ally Armeson, executive program director of Cybercrime Support Network. (Calls were the most popular mode of contact for this age group.)"

"Vishing, also known as voice phishing," Aremson continues, "is a growing threat in the world of cybercrime, particularly targeting the elderly."  

The scam takes advantage of the fact that the elderly are more likely to trust phone contacts by impersonating false charities, appearing as relatives, or pretending to be trustworthy locations like government agencies. 

As a result, sharing credit card information, social security numbers, login credentials, or other valuable data is likely.

How to defend yourself?

  • Take the effort to confirm the caller's identification by visiting the organization's website.
  • Never give up personal or financial information over the phone. Legitimate organizations will never ask for credit card information, social security numbers, or passwords.
  • Do not be hesitant to call into question the legitimacy of unknown numbers. Legitimate organizations will never ask for credit card information, social security numbers, or passwords.
  • Don't be hesitant to question the legitimacy of unknown phone numbers, and be wary of providing important information over the phone without first verifying the caller's identity.
  • Since caller ID can be easily spoofed, don't rely on it alone to decide whether a call is real. I recommend remaining attentive and exercising caution while disclosing sensitive information.
  • Any unknown phone caller should be routed to voicemail so you can screen the call. Remember to notify the FTC of any unusual calls or suspected fraudulent activities at ReportFraud.ftc.gov.
  • In general, do not give any financial or Social Security information over the phone, by text, or via email.  
By following these tips, you can help protect yourself from vishing scams
Read more »
threats
Advertising attacks Business Cloud CyberCrime Cybersecurity Duckport Ducktail Facebook Hijacking Information Linkedin malware Marketing Scams Security SocialEngineering SocialMedia Tactics threats

Vietnamese Cybercriminals Exploit Malvertising to Target Facebook Business Accounts

Cybercriminals associated with the Vietnamese cybercrime ecosystem are exploiting social media platforms, including Meta-owned Facebook, as a means to distribute malware. 

According to Mohammad Kazem Hassan Nejad, a researcher from WithSecure, malicious actors have been utilizing deceptive ads to target victims with various scams and malvertising schemes. This tactic has become even more lucrative with businesses increasingly using social media for advertising, providing attackers with a new type of attack vector – hijacking business accounts.

Over the past year, cyber attacks against Meta Business and Facebook accounts have gained popularity, primarily driven by activity clusters like Ducktail and NodeStealer, known for targeting businesses and individuals operating on Facebook. 

Social engineering plays a crucial role in gaining unauthorized access to user accounts, with victims being approached through platforms such as Facebook, LinkedIn, WhatsApp, and freelance job portals like Upwork. Search engine poisoning is another method employed to promote fake software, including CapCut, Notepad++, OpenAI ChatGPT, Google Bard, and Meta Threads.

Common tactics among these cybercrime groups include the misuse of URL shorteners, the use of Telegram for command-and-control (C2), and legitimate cloud services like Trello, Discord, Dropbox, iCloud, OneDrive, and Mediafire to host malicious payloads.

Ducktail, for instance, employs lures related to branding and marketing projects to infiltrate individuals and businesses on Meta's Business platform. In recent attacks, job and recruitment-related themes have been used to activate infections. 

Potential targets are directed to fraudulent job postings on platforms like Upwork and Freelancer through Facebook ads or LinkedIn InMail. These postings contain links to compromised job description files hosted on cloud storage providers, leading to the deployment of the Ducktail stealer malware.

The Ducktail malware is designed to steal saved session cookies from browsers, with specific code tailored to take over Facebook business accounts. These compromised accounts are sold on underground marketplaces, fetching prices ranging from $15 to $340.

Recent attack sequences observed between February and March 2023 involve the use of shortcut and PowerShell files to download and launch the final malware. The malware has evolved to harvest personal information from various platforms, including X (formerly Twitter), TikTok Business, and Google Ads. It also uses stolen Facebook session cookies to create fraudulent ads and gain elevated privileges.

One of the primary methods used to take over a victim's compromised account involves adding the attacker's email address, changing the password, and locking the victim out of their Facebook account.

The malware has incorporated new features, such as using RestartManager (RM) to kill processes that lock browser databases, a technique commonly found in ransomware. Additionally, the final payload is obfuscated using a loader to dynamically decrypt and execute it, making analysis and detection more challenging.

To hinder analysis efforts, the threat actors use uniquely generated assembly names and rely on SmartAssembly, bloating, and compression to obfuscate the malware.

Researchers from Zscaler also observed instances where the threat actors initiated contact using compromised LinkedIn accounts belonging to users in the digital marketing field, leveraging the authenticity of these accounts to aid in social engineering tactics. This highlights the worm-like propagation of Ducktail, where stolen LinkedIn credentials and cookies are used to log in to victims' accounts and expand their reach.

Ducktail is just one of many Vietnamese threat actors employing shared tools and tactics for fraudulent schemes. A Ducktail copycat known as Duckport, which emerged in late March 2023, engages in information stealing and Meta Business account hijacking. Notably, Duckport differs from Ducktail in terms of Telegram channels used for command and control, source code implementation, and distribution, making them distinct threats.

Duckport employs a unique technique of sending victims links to branded sites related to the impersonated brand or company, redirecting them to download malicious archives from file hosting services. Unlike Ducktail, Duckport replaces Telegram as a channel for passing commands to victims' machines and incorporates additional information stealing and account hijacking capabilities, along with taking screenshots and abusing online note-taking services as part of its command and control chain.

"The Vietnamese-centric element of these threats and high degree of overlaps in terms of capabilities, infrastructure, and victimology suggests active working relationships between various threat actors, shared tooling and TTPs across these threat groups, or a fractured and service-oriented Vietnamese cybercriminal ecosystem (akin to ransomware-as-a-service model) centered around social media platforms such as Facebook," WithSecure said.
Read more »
Tactics
attacks Blagging Cyber Security Defenses Impersonation phishing Protection Scams Security Tactics

Understanding Blagging in Cybersecurity: Tactics and Implications

 

Blagging might sound intricate, resembling an elaborate hacking maneuver, yet it is remarkably simpler. Despite its less "high-tech" nature compared to other cybercrimes, blagging can inflict significant harm if businesses are unprepared.

Blagging involves crafty fraudsters attempting to deceive or manipulate individuals into divulging confidential information that should remain off-limits.

These blaggers fabricate convincing stories to coax their targets into revealing data that could fuel illicit activities like identity theft, corporate espionage, or extortion.

So, how does blagging work precisely? Here are some typical blagging tactics:

1. Impersonation: The perpetrator pretends to be someone else, such as a colleague, bank representative, or law enforcement officer. This engenders trust and raises the likelihood of the target sharing confidential information. For instance, they might make a call posing as an IT specialist needing a password to rectify a computer issue.

2. Fabricating Urgency: The scammer employs pressure by framing the request as time-critical. Threats to close accounts or initiate legal action are utilized to extract information swiftly, leaving the target with insufficient time to verify the request's legitimacy.

3. Phishing: Blaggers resort to phishing emails or links infused with malware to breach target systems and pilfer data. These emails are meticulously designed to mimic trustworthy sources, enticing victims to click or download.

4. USB Drop Attack: This stratagem entails leaving malware-laden devices like USB drives in public venues where victims are likely to discover and insert them. Parking lots and elevators serve as popular spots to entice unsuspecting individuals.

5. Name-Dropping: Scammers invoke names of genuine managers, executives, or contacts to create an illusion of authorization for accessing otherwise confidential information. This lends credibility to their dubious appeals.

6. Sympathy Ploys: Fraudsters play on the target's empathy by fabricating emotional narratives to manipulate them. They might claim to be single parents requiring funds in an account to feed their family.

7. Quid Pro Quo: Scammers promise incentives like bonuses, time off, or cash in exchange for information. These are hollow assurances employed to achieve their aims.

8. Tailgating: Blaggers physically tail an employee into a building or restricted area to gain access. They rely on people holding doors open or not questioning their presence.

9. Elicitation: Blaggers engage in friendly conversations to surreptitiously extract information about systems, processes, or vulnerabilities. This innocuous approach is perilous due to its seemingly harmless nature.

The crucial point to remember is that these attackers are adept at deceit and will employ any means necessary to attain their objectives.

Defending Against Blagging Attacks

Given the array of cunning tactics utilized by blaggers, how can individuals and businesses shield themselves from these scams? Here are some essential strategies to counter blagging attacks:

1. Verify Claims: Never take claims at face value—always corroborate stories. If someone claims to be tech support or a colleague in need of information, hang up and call back using an official number to confirm legitimacy. Scrutinize email addresses, names, and contact details closely to ensure they match up.

2. Validate Requests: As an employee, investigate any unusual requests, even if they seem urgent or credible. Consider escalating it to a supervisor or submitting a formal request through established channels. Slow down interactions to allow for thorough investigation before divulging confidential data.

3. Limit Account Access: Employers should grant employees only the minimum access required for their tasks. For instance, customer service representatives likely don't need access to financial systems. This containment strategy mitigates potential damage if an account is compromised.

4. Report Suspicious Activity: If a request appears suspicious or a story doesn't add up, voice your concerns. Alert security or management immediately if you suspect a blagging attempt. Monitor systems and user behavior closely for unusual activity.

5. Security Awareness Training: Well-informed employees are more resistant to blagging attempts. Continuous education fortifies the human defense against social engineering. Real-world scenarios and examples should be integrated into training, including simulated phishing emails and unexpected visitors.

6. Layered Security: Employ multiple overlapping security measures instead of relying on a single point of defense. This encompasses physical security controls, perimeter defenses, endpoint security, email security, access controls, and data loss prevention tools.

7. Remain Vigilant: Blagging targets not only businesses but also individuals. Vigilance is necessary to thwart seemingly innocuous calls or emails from scammers posing as various entities. Recognizing blagging techniques and red flags is paramount.

For business proprietors, comprehensive security awareness training and robust technical defenses are instrumental in neutralizing this threat. With the appropriate safeguards in place, blaggers can be effectively deterred.
Read more »
Tips
Authentication Cloud Defense Cyber Security Fraud MFA Multi-Factor Authentication (MFA) Online phishing Phishing Prevention Prevention Privacy Protection Scams Security Tips

Defend Against Phishing with Multi-Factor Authentication

 

Phishing has been a favored attack vector for threat actors for nearly three decades, and its utilization persists until it loses its effectiveness. The success of phishing largely hinges on exploiting the weakest link in an organization's cybersecurity chain—human behavior.

“Phishing is largely the same whether in the cloud or on-prem[ise], in that it’s exploiting human behavior more than it’s exploiting technology,” said Emily Phelps, director at Cyware.

These attacks primarily aim to pilfer credentials, granting threat actors unfettered access within an organization's infrastructure. Yet, successful cloud-based phishing assaults might be more intricate due to the nuanced ownership of the environment.

Phelps explained that in an on-premise scenario, a compromised ecosystem would be under the jurisdiction of an organization's security and IT team. However, in the cloud—like AWS or Azure—a breached environment is managed by respective organizations yet ultimately owned by Amazon or Microsoft.

Cloud Emerges as the Preferred Phishing Arena

As an increasing number of applications gravitate toward cloud computing, threat actors are unsurprisingly drawn to exploit this realm. Palo Alto Networks Unit 42's report unveiled a staggering 1100% surge in newly identified phishing URLs on legitimate SaaS platforms from June 2021 to June 2022.

The report delineated a tactic where visitors to legitimate web pages are enticed to click a link directing them to a credential-stealing site. By leveraging a legitimate webpage as the principal phishing site, attackers can modify the link to direct victims to a new malicious page, thereby sustaining the original campaign's efficacy.

Cloud applications provide an ideal launchpad for phishing assaults due to their ability to bypass conventional security systems. Cloud-based phishing is further facilitated by the ease of luring unsuspecting users into clicking malevolent email links. Beyond SaaS platforms, cloud applications such as video conferencing and workforce messaging are also being increasingly exploited for launching attacks.

The Role of Phishing-Resistant MFA

Among the most robust defenses against credential-stealing phishing attacks is multifactor authentication (MFA). This approach incorporates several security factors, including something known (like a password), something possessed (such as a phone or email for code reception), and/or something inherent (like a fingerprint). By requiring an additional code-sharing device or a biometric tool for authentication, MFA heightens the difficulty for attackers to breach these security layers.

In the event of a user falling prey to a phishing attack and credentials being compromised, MFA introduces an additional layer of verification inaccessible to threat actors. This may involve SMS verification, email confirmation, or an authenticator app, with the latter being recommended by Phelps.

However, as MFA proves effective against credential theft, threat actors have escalated their strategies to compromise MFA credentials. Phishing remains one of their favored methods, as cautioned by the Cybersecurity and Infrastructure Security Agency (CISA):

"In a widely used phishing technique, a threat actor sends an email to a target that convinces the user to visit a threat actor-controlled website that mimics a company’s legitimate login portal. The user submits their username, password, as well as the 6-digit code from their mobile phone’s authenticator app.”

To counter this, CISA endorses phishing-resistant MFA as a strategy to enhance overall cloud security against phishing attacks. Fast ID Online/WebAuthn authentication stands out as a popular option. It operates through separate physical tokens linked to USB or NFC devices or embedded authenticators within laptops and mobile devices.

An alternative approach, albeit less common, is PKI-based phishing-resistant MFA, employing security-chip embedded smart cards linked to both an organization and the individual user. While highly secure, this method necessitates mature security and identity management systems.

While any form of MFA contributes to safeguarding cloud data against phishing, relying solely on commonly used code-sharing methods falls short. Threat actors have devised ways to manipulate users into revealing these codes, often relying on users' inconsistent MFA setup practices. Adopting phishing-resistant MFA and incorporating multiple layers of authentication offers the utmost security against this prevalent cyber threat.
Read more »
Security
Amazon Web Services attackers AWS Cloud Device Cyber Attacks Data Data Safety data security Hackers Safety Scammers Scams Security

SCARLETEEL Hackers Target AWS Fargate in Latest Cryptojacking Campaign

 

An continuing sophisticated attack effort known as SCARLETEEL continues to target cloud settings, with threat actors currently focusing on Amazon Web Services (AWS) Fargate.

According to a new report from Sysdig security researcher Alessandro Brucato, "Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture."

The cybersecurity firm originally revealed SCARLETEEL in February 2023, describing a complex attack chain that resulted in the theft of confidential information from AWS infrastructure and the installation of bitcoin miners to illicitly profit from the resources of the compromised systems.

However, Sysdig told The Hacker News that it "could be someone copying their methodology and attack patterns." Cado Security's follow-up investigation revealed possible connections to the well-known cryptojacking outfit TeamTNT.

The threat actor's recent action is a continuation of his propensity to target AWS accounts by taking advantage of weak public-facing web apps in order to achieve persistence, steal intellectual property, and maybe earn $4,000 per day utilizing bitcoin miners.

According to Brucato, "The actor discovered and exploited a flaw in an AWS policy which allowed them to escalate privileges to AdministratorAccess and gain control over the account, enabling them to then use it however they wanted."

The rival starts by taking advantage of JupyterLab notebook containers that are set up in a Kubernetes cluster. Using this initial foothold, the adversary conducts reconnaissance on the target network and gathers AWS credentials to gain further access to the victim's environment.

The installation of the AWS command-line tool and the Pacu exploitation framework for later exploitation come next. The assault is notable for using a variety of shell scripts, some of which target AWS Fargate compute engine instances, to retrieve AWS credentials.

"The attacker was observed using the AWS client to connect to Russian systems which are compatible with the S3 protocol," Brucato said, adding the SCARLETEEL actors used stealthy techniques to ensure that data exfiltration events are not captured in CloudTrail logs.

Other actions done by the attacker include the employment of a DDoS botnet virus known as Pandora and the Kubernetes Penetration Testing tool Peirates, all of which point to continued efforts on the side of the actor to monetize the host.

"The SCARLETEEL actors continue to operate against targets in the cloud, including AWS and Kubernetes," Brucato said. 

"Their preferred method of entry is exploitation of open compute services and vulnerable applications. There is a continued focus on monetary gain via crypto mining, but [...] intellectual property is still a priority."



Read more »
Security
Crime Cyber Attacks Cyber Gangs Data Fraud Safety Scams Security

Surge in 'Call Center Gangs' Linked to Organized Crime and Human Trafficking

 

Online, robocall, and other call scams are well-coordinated and often operated by criminal organizations based overseas. These scams primarily target older Americans.

Biocatch, a biometric company, conducted a recent study revealing a significant surge of 200% in call scams between 2022 and 2023. These scams are conducted by "call center gangs" located in Southeast Asia, engaging in various illegal activities, including investment fraud and human trafficking.

“These organized cybercriminal entities conduct a variety of scams,” the Biocatch report found, “including tech support, romance, and investment frauds, often targeting victims internationally and exploiting legal jurisdictional complexities to evade consequences.”

“The disconcerting link between these scams and human trafficking is hard to ignore,” Biocatch warns. 

Further, it added, “Amid the COVID-19 lockdowns, unsuspecting victims lured with job offers are detained in these call centers. Criminal rings are shifting from sex trafficking to human trafficking for scam call centers, with a higher profit margin in cybercrime.”

The primary objective of these scams is to deceive individuals into providing them with money or personal information. It is advised to disregard any unsolicited calls, text messages, or emails received.
Read more »
Scams
Data Breach IP Address MFA Fatigue Attacks Microsoft Personal Details Phishing Attacks Scams

Microsoft Issues Alert Over Rise in Advanced Phishing Scams

Microsoft has issued a warning regarding a surge in sophisticated phishing scams targeting individuals and organizations. These scams employ advanced tactics to deceive users and steal sensitive information. With an increasing number of people falling victim to such attacks, it is crucial to stay vigilant and implement necessary precautions.

Phishing scams involve cybercriminals impersonating trusted entities to trick individuals into revealing personal information, such as passwords, credit card details, or social security numbers. The scams typically rely on social engineering techniques and fraudulent emails or messages designed to appear legitimate.

According to Microsoft, the new wave of phishing scams has become more sophisticated and harder to detect. Attackers are utilizing residential internet protocol (IP) addresses instead of traditional data center IPs to evade detection by security systems. By operating through residential IPs, scammers can bypass security filters that typically flag suspicious activity from data center IPs.

These phishing campaigns often target high-value individuals, such as company executives or employees with access to sensitive data. Scammers employ persuasive language, urgency, and personalized information to deceive their targets and convince them to take action, such as clicking on malicious links or providing confidential information.

To protect against these sophisticated phishing attacks, Microsoft advises individuals and organizations to implement multi-factor authentication (MFA). By enabling MFA, users must provide additional verification, such as a unique code sent to their mobile device, in addition to their password. This adds an extra layer of security and makes it significantly harder for attackers to gain unauthorized access.

Furthermore, individuals should remain cautious when interacting with emails or messages, especially those that request sensitive information or seem suspicious. It is essential to scrutinize sender addresses, look for signs of grammatical errors or inconsistencies, and avoid clicking on links or downloading attachments from unknown sources.

Organizations must prioritize cybersecurity awareness training for employees to educate them about the latest phishing techniques and the potential risks they pose. Regular training sessions and simulated phishing exercises can help individuals develop a strong sense of skepticism and recognize the warning signs of a phishing attempt.





Read more »
Subscribe to: Posts (Atom)