Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label phishing. Show all posts

Internal Chat Logs of Black Basta Ransomware Gang Leaked Online

 

A previously unidentified source has leaked what is claimed to be an archive of internal Matrix chat logs linked to the Black Basta ransomware group. The individual behind the leak, known as ExploitWhispers, initially uploaded the stolen messages to the MEGA file-sharing platform, which has since taken them down. However, they have now made the archive available through a dedicated Telegram channel.

It remains uncertain whether ExploitWhispers is a cybersecurity researcher who infiltrated the group's internal chat server or a discontented member of the operation. While no specific reason was provided for the leak, cybersecurity intelligence firm PRODAFT suggested that it could be a direct consequence of the ransomware gang’s alleged attacks on Russian banks.

"As part of our continuous monitoring, we've observed that BLACKBASTA (Vengeful Mantis) has been mostly inactive since the start of the year due to internal conflicts. Some of its operators scammed victims by collecting ransom payments without providing functional decryptors," PRODAFT stated.

"On February 11, 2025, a major leak exposed BLACKBASTA's internal Matrix chat logs. The leaker claimed they released the data because the group was targeting Russian banks. This leak closely resembles the previous Conti leaks."

The leaked archive contains internal chat messages exchanged between September 18, 2023, and September 28, 2024. A review conducted by BleepingComputer reveals that the messages encompass a broad range of sensitive information, including phishing templates, email addresses for targeting, cryptocurrency wallets, data dumps, victims' login credentials, and confirmations of previously reported attack strategies.

Additionally, the leaked records contain 367 unique ZoomInfo links, potentially reflecting the number of organizations targeted during the specified timeframe. Ransomware groups frequently use ZoomInfo to gather intelligence on their targets, either internally or for negotiations with victims.

ExploitWhispers also disclosed information about key Black Basta members, identifying Lapa as an administrator, Cortes as a threat actor connected to the Qakbot malware group, and YY as the primary administrator. Another individual, referred to as Trump (also known as GG and AA), is believed to be Oleg Nefedov, who is suspected of leading the operation.

Black Basta operates as a Ransomware-as-a-Service (RaaS) group, first emerging in April 2022. The gang has targeted several high-profile organizations across various industries, including healthcare, government contractors, and major corporations.

Notable victims include German defense contractor Rheinmetall, Hyundai's European division, BT Group (formerly British Telecom), U.S. healthcare provider Ascension, government contractor ABB, the American Dental Association, U.K. tech outsourcing firm Capita, the Toronto Public Library, and Yellow Pages Canada.

A joint report from CISA and the FBI, published in May 2024, revealed that Black Basta affiliates compromised more than 500 organizations between April 2022 and May 2024.

Research from Corvus Insurance and Elliptic estimates that the ransomware gang collected approximately $100 million in ransom payments from over 90 victims by November 2023.

This incident bears similarities to the February 2022 data breach involving the Russian-based Conti cybercrime syndicate. At that time, a Ukrainian security researcher leaked over 170,000 internal chat messages and the source code for the Conti ransomware encryptor, following the group's public support for Russia amid the Ukraine conflict.

Russian State Actors Target Microsoft 365 Accounts Via Device Code Phishing Campaign

 

A hacking outfit potentially linked to Russia is running an active operation that uses device code phishing to target Microsoft 365 accounts of individuals at organisations of interest. The targets are in the government, non-governmental organisations (NGOs), IT services and technology, defence, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. 

Microsoft Threat Intelligence Centre is tracking the threat actors behind the device code phishing effort as 'Storm-237'. Based on targets, victimology, and tradecraft, the researchers are confident that the activity is linked to a nation-state operation that serves Russia's interests.

Device code phishing assaults 

Input-constrained devices, such as smart TVs and some IoTs, use a code authentication flow to allow users to sign into an app by typing an authorization code on a different device, such as a smartphone or computer.

Since last August, Microsoft researchers noticed that Storm-2372 has been exploiting this authentication flow by deceiving users into submitting attacker-generated device numbers on legitimate sign-in sites. The operatives launch the attack after "falsely posing as a prominent person relevant to the target" via messaging systems such as WhatsApp, Signal, and Microsoft Teams.

The malicious actor progressively builds rapport before sending a bogus online meeting invitation via email or messaging. According to the researchers, the victim receives a Teams meeting invitation including a device code generated by the attacker.

"The invitations lure the user into completing a device code authentication request emulating the experience of the messaging service, which provides Storm-2372 initial access to victim accounts and enables Graph API data collection activities, such as email harvesting," Microsoft noted. 

This allows the attackers to access the victim's Microsoft services (email, cloud storage) without requiring a password for as long as the stolen tokens are valid. However, Microsoft claims that the perpetrator is currently employing a specific client ID for Microsoft Authentication Broker during the device code sign-in flow, allowing them to issue fresh tokens. 

This opens up new attack and persistence opportunities, as the threat actor can utilise the client ID to register devices with Entra ID, Microsoft's cloud-based identity and access management product. "With the same refresh token and the new device identity, Storm-2372 is able to obtain a Primary Refresh Token (PRT) and access an organization’s resources. We have observed Storm-2372 using the connected device to collect emails," Microsoft added.

FBI Alerts Users of Surge in Gmail AI Phishing Attacks

 

Phishing scams have been around for many years, but they are now more sophisticated than ever due to the introduction of artificial intelligence (AI). 

As reported in the Hoxhunt Phishing Trends Report, AI-based phishing attacks have increased dramatically since the beginning of 2022, with a whopping 49% increase in total phishing attempts. These attacks are not only more common, but also more sophisticated, making it challenging for common email filters to detect them. 

Attackers are increasingly using AI to create incredibly convincing phoney websites and email messages that deceive users into disclosing sensitive data. What makes Gmail such an ideal target is its interaction with Google services, which keep massive quantities of personal information. 

Once a Gmail account has been compromised, attackers have access to a wealth of information, making it a tempting target. While users of other email platforms are also vulnerable, Gmail remains the primary target because of its enormous popularity. 

Phishing has never been easier 

The ease with which fraudsters can now carry out phishing attacks was highlighted by Adrianus Warmenhoven, a cybersecurity specialist at Nord Security. According to Warmenhoven, "Phishing is easier than assembling flat-pack furniture," and numerous customers fall for phishing attempts in less than 60 seconds. 

Hackers no longer require coding knowledge to generate convincing replicas of genuine websites due to the widespread availability of AI tools. With only a few clicks, these tools can replicate a website, increasing the frequency and potency of phishing attacks. 

The fact that these attacks are AI-powered has made it easier for cybercriminals to get started, according to Forbes. Convincing emails and websites that steal private information from unwary victims can be simply created by someone with little technological expertise. 

Here's how to stay safe 

  • Employ a password manager: By automatically entering your login information on trustworthy websites, a password manager keeps you from entering it on phishing websites. Before auto-filling private data, verify that your password manager requires URL matching. 
  • Monitor your accounts regularly: Keep an eye out for signs of unauthorised activity on your accounts. Take quick action to safeguard your data if you see anything fishy. 
  • Turn on two-factor authentication: Make sure your Google account is always turned on for two-factor authentication (2FA). Even if hackers are able to get your password, this additional security makes it far more challenging for them to access your account. 
  • Verify requests for private details: Whether via phone calls, texts, or emails, Gmail users should never reply to unsolicited demands for personal information. Always check the request by going directly to your Google account page if you are unsure.

Quishing On The Rise: Strategies to Avert QR Code Phishing

 

QR codes are already ubiquitous: from restaurant menus to public transportation schedules, everyone wants you to scan theirs. This normalisation of scanning random QR codes is being exploited, resulting in a new cybersecurity threat known as Quishing. 

What is Quishing? 

Quishing (QR code phishing) is the process of placing a malicious URL into a QR code. Rather than linking to a legitimate website, the code will load a page that attempts to steal information, infect your device with malware, or execute another malicious act.

It's a goofy name, but it poses a serious threat. While we're all aware that you shouldn't browse suspicious websites or download unfamiliar files, the nature of QR codes makes it impossible to tell what's on the other side. With a scan and a tap, you're whisked away to a website that may contain material you don't want to see, or routed to a malware download. 

It's also possible to be duped into scanning a QR code: many businesses build their QR codes using third-party services and URL shorteners, which means that the embedded links may not always redirect to their actual websites. This makes it challenging to determine whether a QR code has been tampered by someone carrying out a quishing assault.

Is quishing a real threat? 

Yes. It is already happening and has proven to be beneficial. QR codes for parking meters, restaurant payments and tip systems, and phoney advertisements are being tampered with all across the world to perpetrate quishing frauds, typically by simply sticking a sticker with a bogus QR over an already existing official code.

These trick codes then lead to false login pages and payment sites, where you can either pay the scammer directly or give them your information (which can be used to steal your money later or push further scams). 

Safety tips 

There are a few efficient strategies to safeguard yourself from quishing: 

  • Make use of your device's built-in QR code scanner. App shops' QR scanners have a bad reputation for security and privacy.
  • Avoid clicking on links that employ URL shorteners and make sure the destination a QR code is attempting to direct you to is genuine before clicking on the link. 
  • Avoid paying with QR codes whenever you can, especially if the payment link takes you to an unidentified address. 
  • Additionally, be aware that phoney websites often use names that sound similar to legitimate ones, so double-check your spelling.

New 'Browser Syncjacking' Attack Exploits Chrome Extensions for Full Device Takeover

 

'Browser Syncjacking,' which allows threat actors to hijack Google profiles, compromise browsers, and eventually gain full control over a victim's device—all through a seemingly harmless Chrome extension.

This stealthy multi-stage attack requires minimal permissions and almost no user interaction beyond installing a malicious Chrome extension. The attack begins with:

1. Fake Google Workspace Setup – Attackers create a fraudulent Google Workspace domain with pre-configured user profiles where security features like multi-factor authentication are disabled.

2. Publishing a Malicious Extension – A Chrome extension, disguised as a useful tool, is uploaded to the Chrome Web Store.

3. Social Engineering Trap – Victims are tricked into installing the extension, which then secretly logs them into an attacker's managed Google Workspace profile via a hidden browser session.

4. Sync Activation – The extension opens a legitimate Google support page and injects content instructing users to enable Chrome Sync. Once activated, attackers gain access to stored credentials, browsing history, and other sensitive data.

5. Full Browser Takeover – Using deceptive tactics, such as a fake Zoom update prompt, the extension delivers an executable file containing an enrollment token. This grants attackers full control over the browser.

"Once enrolled, the attacker gains full control over the victim's browser, allowing them to silently access all web apps, install additional malicious extensions, redirect users to phishing sites, monitor/modify file downloads, and many more," explains SquareX researchers.

By leveraging Chrome's Native Messaging API, attackers establish a direct communication channel between the malicious extension and the victim's operating system. This enables them to:
  • Browse directories
  • Modify files
  • Install malware
  • Execute commands
  • Capture keystrokes
  • Extract sensitive data
  • Activate the webcam and microphone
The Browser Syncjacking attack is difficult to detect. Unlike traditional extension-based threats that require extensive social engineering, this method operates with minimal user interaction.

"Unless the victim is extremely security paranoid and is technically savvy enough to constantly navigate the Chrome settings to look for managed browser labels, there is no real visual indication that a browser has been hijacked," the report warns.

Recent incidents, including hijacks of legitimate Chrome extensions, have demonstrated that browser extensions pose significant cybersecurity risks.

BleepingComputer has reached out to Google for comments on this new attack and will provide updates as soon as a response is received.

New Phishing Scam Targets Amazon Prime Subscribers

 


A new cyber attack is putting Amazon Prime subscribers at risk. Hackers are sending malicious emails warning users that their Prime membership is about to expire. These emails contain attachments with dangerous links that redirect users to fake websites designed to steal personal and financial information. Security experts warn that this is the latest example of cybercriminals using PDFs for phishing scams, exploiting the trust people place in these file types.

How the Scam Works

Researchers from Palo Alto's Unit 42 have identified this new scam, which relies on deceptive emails that appear to be from Amazon. The emails claim that the user’s Prime membership is expiring soon, urging them to take immediate action. Attached to the email is a PDF file containing a link that redirects users through multiple sites before landing on a fake login page. This page is designed to capture the user’s credentials, including passwords and credit card information.

The phishing websites are meticulously crafted to resemble Amazon’s official login page, making it difficult for users to distinguish them from the real site. Since June 2024, attackers have registered over 1,000 fake domains that closely mimic Amazon’s official domain, further complicating detection.

This type of attack is particularly dangerous because it exploits the perception that PDF files are safe. Hackers use this trust to bypass email filters and deliver malicious content. Javvad Malik, a security advocate at KnowBe4, warns that opening unexpected email attachments is risky. Many users fail to verify the sender’s email address before clicking on links, making them easy targets for cybercriminals.

Dray Agha, senior security manager at Huntress, explains that phishing techniques are constantly evolving. Cybercriminals are now using redirection techniques within PDF files to evade traditional security measures, making even cautious users vulnerable to these scams.

How to Protect Yourself

While Amazon is actively working to shut down these fraudulent websites, new ones continue to emerge. To stay safe, experts recommend the following steps:

  1. Avoid Opening Unexpected Attachments: Even if the email appears to be from Amazon, verify its authenticity before clicking on any links or opening attachments.
  2. Verify the Sender’s Email Address: Scammers often use email addresses that resemble official ones but contain minor spelling errors or inconsistencies.
  3. Ignore Urgent Emails: Hackers use urgency to pressure users into acting without thinking. If you receive an email claiming your account is at risk, log in directly through Amazon’s official website to verify the information.
  4. Access Amazon Directly: Instead of clicking on links in emails, type www.amazon.com directly into your browser to check your account status.

Amazon’s Response to the Threat

Amazon has acknowledged the scam and is actively working to take down fraudulent sites. The company encourages users to report suspicious emails or scams through its official support page. An Amazon spokesperson stated: “Scammers pretending to be Amazon put customers at risk. We urge customers to report suspicious emails to help protect accounts and take action against bad actors.”

Cybercriminals are constantly devising new ways to deceive users, but with awareness and caution, individuals can protect themselves from falling victim to these scams. By staying informed and following best practices, users can safeguard their personal and financial information from phishing attacks.

The new phishing scam targeting Amazon Prime subscribers highlights the evolving tactics of cybercriminals. By exploiting trusted file types like PDFs and creating convincing fake websites, attackers are able to bypass traditional security measures. Users must remain vigilant, verify the authenticity of emails, and avoid clicking on suspicious links. As Amazon continues to combat these fraudulent activities, awareness and proactive measures are key to staying safe in an increasingly complex digital landscape.

How to Identify a Phishing Email and Stay Safe Online

 



Cybercriminals are constantly refining their tactics to steal personal and financial information. One of the most common methods they use is phishing, a type of cyberattack where fraudsters impersonate trusted organizations to trick victims into revealing sensitive data. With billions of phishing emails sent every day, it’s essential to recognize the warning signs and avoid falling into these traps.  


What is Phishing?  

Phishing is a deceptive technique where attackers send emails that appear to be from legitimate companies, urging recipients to click on malicious links or download harmful attachments. These fake emails often lead to fraudulent websites designed to steal login credentials, banking details, or personal information.  


While email phishing is the most common, cybercriminals also use other methods, including:  

  • Smishing (phishing via SMS)  
  • Vishing (phishing through voice calls)  
  • QR code phishing (scanning a malicious code that leads to a fake website)  

Understanding the tactics used in phishing attacks can help you spot red flags and stay protected.  


Key Signs of a Phishing Email  

1. Urgency and Fear Tactics  

One of the biggest warning signs of a phishing attempt is a sense of urgency. Attackers try to rush victims into making quick decisions by creating panic.  

For example, an email may claim:  

1. "Your account will be locked in 24 hours!"  

2. "Unusual login detected! Verify now!"  

3. "You’ve won a prize! Claim immediately!"

These messages pressure you into clicking links without thinking. Always take a moment to analyze the email before acting.  

2. Too Good to Be True Offers  

Phishing emails often promise unrealistic rewards, such as:  

  • Free concert tickets or vacations  
  • Huge discounts on expensive products  
  • Cash prizes or lottery winnings  

Cybercriminals prey on curiosity and excitement, hoping victims will click before questioning the legitimacy of the offer. If an email seems too good to be true, it probably is.  


3. Poor Grammar and Spelling Mistakes  

Legitimate companies carefully proofread their emails before sending them. In contrast, phishing emails often contain spelling errors, awkward phrasing, or grammatical mistakes.  

For example:  

  •  "Your account has been compromised, please verify immediately."  
  •  "Dear customer, we noticed unusual login attempts."  

If an email is full of errors or unnatural language, it's a red flag.  


4. Generic or Impersonal Greetings  

Most trusted organizations address customers by their first and last names. A phishing email, however, might use vague greetings like:  

  • “Dear Customer,”  
  •  "Dear User,"  
  •  "Hello Sir/Madam,"  

If an email does not include your real name but claims to be from your bank, social media, or an online service, be cautious.  


5. Suspicious Email Addresses  

A simple yet effective way to detect phishing emails is by checking the sender’s email address. Cybercriminals mimic official domains but often include small variations:  

  •  Real: support@amazon.com  
  •  Fake: support@amaz0n-service.com  

Even a single misspelled letter can indicate a scam. Always verify the email address before clicking any links.  


6. Unusual Links and Attachments  

Phishing emails often contain harmful links or attachments designed to steal data or infect your device with malware. Before clicking, hover over the link to preview the actual URL. If the website address looks strange, do not click it.  

Be especially cautious with:  

  •  Unexpected attachments (PDFs, Word documents, ZIP files, etc.)  
  •  Embedded QR codes leading to unknown sites  
  •  Shortened URLs that hide the full website address  

If you're unsure, go directly to the company’s official website instead of clicking any links in the email.  


What to Do If You Suspect a Phishing Email?  

If you receive a suspicious email, take the following steps:  

1. Do not click on links or download attachments  

2. Verify the sender’s email address  

3. Look for spelling or grammatical mistakes  

4. Report the email as phishing to your email provider  

5. Contact the organization directly using their official website or phone number  

Most banks and companies never ask for personal details via email. If an email requests sensitive information, treat it as a scam.  

Phishing attacks continue to grow in intricacies, but by staying vigilant and recognizing warning signs, you can protect yourself from cybercriminals. Always double-check emails before clicking links, and when in doubt, contact the company directly.  

Cybersecurity starts with awareness—spread the knowledge and help others stay safe online!  






Phishing Attacks Surge by 30% in Australia Amid Growing Cyber Threats

 

kAustralia witnessed a sharp 30% rise in phishing emails last year, as cybercriminals increasingly targeted the Asia-Pacific (APAC) region, according to a recent study by security firm Abnormal Security. The APAC region’s expanding presence in critical industries, such as data centers and telecommunications, has made it a prime target for cyber threats.

Across APAC, credential phishing attacks surged by 30.5% between 2023 and 2024, with New Zealand experiencing a 30% rise. Japan and Singapore faced even greater increases at 37%. Among all advanced email-based threats—including business email compromise (BEC) and malware attacks—phishing saw the most significant spike.

“The surge in attack volume across the APAC region can likely be attributed to several factors, including the strategic significance of its countries as epicentres for trade, finance, and defence,” said Tim Bentley, Vice President of APJ at Abnormal Security.

“This makes organisations in the region attractive targets for complex email campaigns designed to exploit economic dynamics, disrupt essential industries, and steal sensitive data.”

Between 2023 and 2024, advanced email attacks across APAC—including Australia, New Zealand, Japan, and Singapore—rose by 26.9% on a median monthly basis. The increase was particularly notable between Q1 and Q2 of 2024 (16%) and further escalated from Q2 to Q3 (20%).

While phishing remains the primary attack method, BEC scams—including executive impersonation and payment fraud—grew by 6% year-over-year. A single successful BEC attack cost an average of USD $137,000 in 2023, according to Abnormal Security.

Australia has long been a key target for cybercriminals. A 2023 Rubrik survey revealed that Australian organizations faced the highest data breach rates globally.

Antoine Le Tard, Vice President for Asia-Pacific and Japan at Rubrik, previously noted that Australia’s status as an early adopter of cloud and enterprise security solutions may have led to rapid deployment at the expense of robust cybersecurity measures.

The Australian Signals Directorate reported that only 15% of government agencies met the minimum cybersecurity standards in 2024, a steep drop from 25% in 2023. The reluctance to adopt passkey authentication methods further reflects the cybersecurity maturity challenges in the public sector.

The widespread accessibility of AI chatbots has altered the cybersecurity landscape, making phishing attacks more sophisticated. Even jailbroken AI models enable cybercriminals to create phishing content effortlessly, reducing technical barriers for attackers.

AI-driven cyber threats are on the rise, with AI-powered chatbots listed among the top security risks for 2025. According to Vipre, BEC attacks in Q2 2024 increased by 20% year-over-year, with two-fifths of these scams generated using AI tools.

In June, HP intercepted a malware-laden email campaign featuring a script that was “highly likely” created using generative AI. Cybercriminals are also leveraging AI chatbots to establish trust with victims before launching scams—mirroring how businesses use AI for customer engagement.

Hackers Use PhishWP to Steal Payment Info on WordPress Sites

 



Cybersecurity researchers have uncovered a malicious WordPress plugin called PhishWP that transforms legitimate websites into tools for phishing scams. This plugin allows attackers to set up fake payment pages mimicking trusted services like Stripe, tricking users into divulging sensitive details, including credit card numbers, expiration dates, billing information, and even one-time passwords (OTPs) used for secure transactions. 


How PhishWP Works

PhishWP works by setting up fake WordPress sites or hacking into legitimate ones. It then generates phishing checkout pages that closely mimic real payment interfaces. Victims receive this interface with false site addresses, where they enter sensitive financial information, including security codes and OTPs.

The stolen data is sent to attackers in real time because the plugin integrates with Telegram. Therefore, attackers can use or sell the information almost immediately. The browser details captured by PhishWP include IP addresses and screen resolutions, which attackers can use for future fraudulent activities.


Key Features 

What has made the phishing plugin more advanced is that it ensures operations are seamless and almost undetectable. 

Realistic Payment Interfaces: The plugin mimics the appearance of trusted services like Stripe.  

3D Secure Code Theft: It fetches the OTP sent to everyone in the verification processes to successfully process fraudulent transactions.

Real-time Data Transfer: Telegram is used to send stolen information to attackers in real time.  

Customizable and Worldwide: Multi-language support and obfuscation features enable phishing attacks across the globe.  

Fake Confirmations: Victims receive fake emails that confirm purchases, which delays the suspicion.  


Step-by-Step Analysis  

1. Setup: Attackers either hack a legitimate WordPress site or create a fake one.

2. Deceptive Checkout: PhishWP personalizes payment pages to resemble actual processors. 

3. Data Theft: Victims unknowingly provide sensitive information, including OTPs. 

4. Exploitation: The stolen data is immediately sent to attackers, who use it for unauthorized transactions or sell it on dark web markets.


How to Protect Yourself

To avoid falling victim to threats like PhishWP:  

1. Verify website authenticity before entering payment details.  

2.  Look for secure connections (HTTPS) and valid security certificates.  

3. Use advanced tools like SlashNext’s Browser Phishing Protection, which blocks malicious URLs and identifies phishing attempts in real time.

Protecting your personal and financial data begins with understanding how cyberattacks work, don’t let hackers take the upper hand.



Understanding Social Engineering: Methods and Tactics Used by Cybercriminals

 

Social engineering is a term often mentioned alongside phishing. While phishing typically involves digital methods like fraudulent emails or messages aimed at stealing personal data, social engineering is a broader concept. It refers to techniques used by malicious actors to manipulate individuals into revealing sensitive information or granting access that can be exploited for harmful purposes.

This manipulation can take various forms, including pretexting, baiting, tailgating, or quid pro quo. The primary goal is to persuade the target to comply with the attacker’s demands — whether it involves sharing confidential details or providing unauthorized physical access to a secured area.

  • Pretexting
Pretexting involves creating a fabricated story, or "pretext," to deceive the victim into divulging personal or organizational information, downloading malware, or transferring money. This tactic often targets emotions or trust, making it a common method for attackers.

  • Baiting
In baiting attacks, the attacker tempts the victim with enticing offers or items. These may include physical objects, such as malware-infected USB drives left in public spaces, or digital schemes, like deceptive advertisements leading to malicious websites or applications.

  • Tailgating
Known as piggybacking, tailgating is a physical breach of security where an attacker gains access to a restricted area by following an authorized individual. For instance, an attacker might persuade an employee to hold the door open or slip in unnoticed, enabling access to confidential documents or computer systems for further exploitation.

  • Quid Pro Quo
This method involves the attacker offering a seemingly valuable service in exchange for sensitive information or access. A common example is a scammer posing as IT support to resolve a technical issue, then requesting login credentials or remote access. Similarly, attackers may impersonate bank representatives, asking for account details to "verify" suspicious activity.

By understanding these techniques, individuals and organizations can better prepare to recognize and counter social engineering attempts. As cybersecurity threats evolve, awareness remains a crucial defense.

How to Protect Yourself from Email Scams: FBI’s Top Tips for Staying Safe

 



While phishing scams are on the rise over the holiday period, the FBI has reminded Gmail, Outlook, Apple Mail, and other services users to be more alert. More phishing schemes are becoming common as criminals use the festive season rush as an opportunity to target more people. Here is how the FBI has warned its citizens against phishing attacks:.

It has generally entailed scamming emails that request the stealing of personal information or even money. Scammers try to deceive a victim with deals they will promise; discounted products, gift cards, or exclusive offers, amongst others. These appear quite legitimate, mimicking familiar brands with realistic logos and designs. With AI tools, it is now more possible for cybercriminals to generate messages that are shiny and polished yet professional-looking, targeting the most vigilant users in their deception.

Three Things to Check in Every Email

To counter these scams, the FBI points out three important checks:  

1. Check the Sender's Email Address: Look closely at the sender's email address. Scammers often use addresses that mimic real ones but with minor changes, like replacing a letter or adding extra characters.

2. Inspect Links Before Clicking: Hover over any link in the email to see where it leads. If the URL looks suspicious or doesn’t match the claimed source, avoid clicking it.  

3. Look for Errors: Scammers sometimes make spelling or grammatical mistakes in emails and URLs. These errors can signal that an email is fake.  

Additional Safety Tips  

The FBI also advises:

  • Avoid disclosing passwords and any form of financial information to any email. No business firm will ask for this type of information through email. 
  • Don't open attachments or click on links coming from unknown senders.  
  • Set up two-factor authentication (2FA) on your accounts for extra protection.
  • Share as little personal information on social media as possible, to make it harder for fraudsters to guess your passwords.

AI In the Wake Of Scams

The more advanced AI technology makes the scammers create the most realistic phishing schemes. This way, they can use artificial intelligence to design fake emails, replicate the look of an official email, or extract confidential information from documents or images. All this puts a bigger burden on users when trying to spot scams.

What Can You Do?

Tech companies, such as Google, have been increasing their efforts to secure users. For example, the majority of phishing attempts in Gmail are blocked, and the service provides direction to help users identify scams. Google instructs users to slow down before acting on an email by verifying its claims independently and reporting anything suspicious.

This has proven true for phishing attacks, and growing sophistication is only outpaced by awareness. Take some time and understand emails before rushing to execute a 

response to urgent messages. As a result, your sensitive information is safe and can therefore have a secure online experience. 




Executives Targeted by Advanced Mobile Phishing Attacks

 

Mobile phishing attacks have continued to advance, targeting corporate executives. A report from mobile security firm Zimperium describes these attacks as highly sophisticated means of exploiting mobile devices. Thus, there is an emerging need for awareness and security measures.

How the Attacks Function

One campaign uncovered by Zimperium’s research team (zLabs) impersonated Docusign, a widely trusted e-signature platform. The attackers sent fake emails designed to look like urgent communications from Docusign. These emails urged recipients to click on a link to review an important document, playing on trust and the sense of urgency.

Initial Stage: Clicking the link redirected victims to a legitimate-looking webpage, masking its malicious intent.

Second-level Credibility: Then it led to a phishing site with a compromised university website address, which gave it a third level of credibility.

Mobile Specific Ploys: The phishing site on mobile was a Google sign-in page, created to steal login credentials. Desktop users were taken to actual Google pages to avoid detection.

Using CAPTCHA: To gain user trust, attackers added CAPTCHA verification in the phishing pages, so it resembled a real one.

Why Mobile Devices Are the Target

Mobile devices are generally less secure than traditional computers, making them a preferred target. The attackers planned well and even registered domains and SSL certificates just days before sending phishing emails. This was very hard to detect, because of the time invested in preparation.

Steps to Stay Protected

Experts advise that businesses take several steps to protect themselves from these attacks:

  • Train Employees: Educate employees, especially executives, on how to detect phishing attempts and not to click on suspicious links.
  • Mobile Security: Strengthen security on mobile devices and update policies to address emerging threats.
  • Use Advanced Tools: Implement advanced detection systems that can identify these new, highly hidden attacks.

Mika Aalto, the CEO of the security company Hoxhunt, believes that organizations should think about early prevention and equip employees with the skills to identify phishing attacks. He also advocates for better technical tools to help detect and block schemes more effectively.

Therefore, with the understanding and preparation about these threats, organizations can ensure their executives and sensitive data are protected from this mobile phishing campaign danger.

Cybercrime Network Busted: Turning Airbnbs Into Fraud Centers

 


An international cybercrime network responsible for stealing millions of euros has been dismantled in a joint operation conducted in Belgium and the Netherlands. The Europol-coordinated effort led to eight arrests and 17 coordinated raids across the two countries on December 3.

Investigation and Arrests

The investigation, which began in 2022, targeted a gang involved in phishing, online fraud, and money laundering. Four suspects—three men and one woman, aged between 23 and 66—were arrested in the Netherlands. They face charges of participating in a criminal organization.

Authorities seized various pieces of evidence during the raids, including mobile phones, data storage devices, significant amounts of cash, and luxury items purchased with stolen funds. These findings underscored the extensive fraudulent activities conducted by the group.

Airbnbs: Temporary Bases for Cybercrime

The gang used rented Airbnb properties and luxury apartments as temporary call centers to avoid detection. Operating from these locations, they launched phishing attacks targeting victims across Europe. Communication methods included emails, text messages, and WhatsApp messages, in which they impersonated bank representatives or fraud prevention agents.

Victims were informed that their bank accounts had been compromised and were directed to fake banking websites designed to appear legitimate. Once victims entered sensitive information such as login credentials or PINs, the attackers swiftly accessed their accounts and withdrew funds. In some cases, unsuccessful fraud attempts led to verbal harassment, adding emotional distress to the victims’ financial losses.

Spending Details

Rather than keeping a low profile, the gang openly flaunted their stolen wealth online. They spent lavishly on luxury vacations, designer clothes, high-end cars, and exclusive parties. Their social media profiles featured images showcasing expensive purchases and interactions with celebrities, further exposing their illegal activities.

How to Avoid Phishing Scams

Phishing scams remain one of the most common tactics used by cybercriminals. To protect yourself:

  1. Treat unsolicited calls, messages, and emails with suspicion, especially if they request sensitive information.
  2. Avoid clicking on suspicious links. Instead, verify claims by contacting your bank directly through official channels.
  3. Be cautious of small demands for money on second-hand sales websites; these may be attempts to steal card information.

Impact

Europol highlights that phishing tactics are constantly evolving, making them harder to trace. This case underscores the importance of vigilance and staying informed about online threats. As cybercrime becomes more sophisticated, individuals must take proactive steps to secure their personal and financial data.

The success of this operation demonstrates the critical role of international collaboration in combating cybercrime. It serves as a powerful reminder of the ongoing need for cooperation between law enforcement agencies to effectively counter global threats.

The Dark Web’s Role in Phishing and 2FA Security Breaches

 


Black Friday and Cyber Monday may have passed, but the dangers of online scams and cyberattacks persist year-round. Cybercriminals continue to exploit digital shoppers, leveraging sophisticated tools such as phishing kits, fake websites, and cookie grabbers that bypass two-factor authentication (2FA). These tools, widely available on dark web marketplaces, turn online shopping into a risky endeavour, particularly during the peak holiday season.

Cybercriminal Tools: A Growing Threat

Dark web marketplaces operate like legitimate businesses, offering everything from free phishing kits to subscription-based malware services. According to NordStellar threat intelligence:

  • Phishing kits: Often free or low-cost, enable hackers to replicate authentic websites.
  • Fake website templates: Start at $50, tricking users into sharing personal information.
  • Malware subscriptions: Priced at $150 per month, provide hackers with advanced tools.
  • Cookie grabber pages: Sell for $400 or more, enabling access to user accounts by bypassing login credentials and 2FA.

These illicit tools are increasingly accessible, with some even offered at discounted rates during the holiday season. The result is an alarming rise in phishing scams targeting fake shopping sites, with 84% of victims interacting with these scams and nearly half losing money.

The Role of Stolen Cookies in Cybercrime

Session cookies, particularly authentication cookies, are a prized asset for hackers. NordStellar reports over 54 billion stolen cookies available on the dark web, including:

  • 154 million authentication cookies, 23.5 million of which remain active.
  • 37 million login cookies, with 6.6 million still usable.
  • 30 million session cookies capable of bypassing 2FA.

These cookies allow attackers to impersonate legitimate users, gaining unauthorized access to accounts without requiring passwords or verification codes. This capability makes cookie-grabber pages one of the most valuable tools in the hacker’s arsenal.

Protecting Yourself from Cyber Threats

Google has introduced measures like passkeys to combat these threats, offering a more secure alternative to traditional 2FA methods. A Google spokesperson emphasized that passkeys reduce phishing risks and strengthen security against social engineering attacks. Consumers can take additional steps to safeguard their online accounts:

  • Scrutinize links and websites to avoid phishing scams.
  • Switch to advanced authentication methods such as passkeys where available.
  • Stay informed about emerging cyber threats and adopt proactive security practices.

By remaining vigilant and embracing stronger authentication technologies, shoppers can minimize the risks posed by cybercriminals and their evolving arsenal of dark web tools.

Fake Antivirus App Hides SpyNote Malware on Android

 


SpyNote, a dangerous malware targeting Android users, has been discovered posing as a legitimate antivirus app. Disguised as "Avast Mobile Security," it deceives users into downloading it under the guise of device protection, according to a report by cybersecurity firm Cyfirma.  


Once installed, SpyNote requests permissions typical for antivirus applications, such as Accessibility Services. With these permissions, it secretly grants itself further access without notifying the user. Additionally, it excludes itself from battery optimization, allowing it to run uninterrupted in the background.  


How SpyNote Tricks Users  


SpyNote employs deceptive tactics to maintain its presence on infected devices. It mimics user gestures to stay active and displays fake system update notifications. When users interact with these alerts, they are redirected back to the malicious app, effectively trapping them in a loop. This method ensures the malware remains undetected and difficult to uninstall.  


Focus on Cryptocurrency Theft  


SpyNote is specifically designed to steal sensitive information, with a strong focus on cryptocurrency accounts. It extracts private keys and balance details for digital currencies such as Bitcoin, Ethereum, and Tether. The malware also monitors network activity to maintain a constant connection with its command-and-control servers, ensuring seamless data transmission.  


Stolen credentials are stored on the device’s SD card. Once sufficient data is collected, SpyNote erases the evidence by overwriting the card, leaving no trace of its malicious activities.  


Advanced Evasion Tactics  


SpyNote is highly skilled at avoiding detection. It uses techniques like code obfuscation and custom packaging to hide its true nature, making it difficult for security experts to analyze. The malware also identifies virtual environments, such as emulators, to evade research and detection.  


If users attempt to uninstall it, SpyNote blocks their efforts by simulating actions that prevent deactivation. For instance, it forces the device to return to the home screen whenever users try to access the app’s settings.  


Distributed Through Fake Antivirus Sites  


SpyNote spreads through phishing websites designed to look like Avast’s official download page. The malicious file, named "Avastavv.apk," is specifically targeted at Android devices. However, the phishing sites also redirect iOS users to the legitimate App Store download page for AnyDesk. Similarly, they offer AnyDesk downloads for Windows and Mac users, broadening their attack range.  


How to Stay Safe  


To avoid falling victim to SpyNote, only download apps from trusted sources like the Google Play Store. Be cautious of apps asking for unnecessary permissions, and verify download links before proceeding. Regularly updating your antivirus software and monitoring your device for unusual activity can also help protect against threats.  


SpyNote highlights the increasing complexity of malware targeting mobile users, emphasizing the importance of vigilance and proactive cybersecurity measures.

Phishing Scams use Microsoft Visio Files to Steal Information

 


The latest phishing attacks involve users being victimised in private information scams through the use of Microsoft Visio files. According to a security firm called Perception Point, the trick mainly involves using the .vsdx file extension, used for business diagrams and flowcharts. It has been found that cyber attackers can embed malicious links in Visio files to circumvent most of the traditional checks a secured system carries out on users.


Why Visio files are a hacker's best friend

In particular, Microsoft Visio files are less often encountered by users due to being not as well known as other attachment types, for instance, PDFs or Word documents. This means that the files of the type Visio would be less likely to be considered suspicious by a security system, making them a good target for hackers who send phishing links secretly. All of this aside, Visio files themselves are transmitted via email attachments, which most users trust because they are all Microsoft tools.


How the Visio Phishing Attack Work


This is how the particular phishing scheme unfolds, according to Perception Point:

1. Accessed Accounts: Scammers first gain access to a legitimate account so they can use it to send their phishing email. This gives them a head over basic security checks since it is coming from a trusted source.

2. Email Content : It has an attachment which is a Visio file (.vsdx) or an Outlook email (.eml), and from what it looks like, it's authentic: probably a proposal or order for some kind of purchase.

3. Opening the File: As soon as the recipient clicks on the attachment to open it, they are taken to a SharePoint page, serving the Visio file. Thieves brand some of the hacked organisation's logos to give the document the look of authenticity.

4. Link in Visio document: Attackers will go and add a link within the Visio document titled "View Document." Users are encouraged to click with the Ctrl key in order to click on the link. It is thought that this behaviour should bypass many forms of automated security scanning. Once they have clicked on it, the victims are taken to a mock Microsoft log-in page that forces them to input their passwords, which are then stolen.


Phishing by Trusted Platforms

As Perception Point reports, phishing attacks using trusted Microsoft tools-SharePoint and Visio-have been rising alarmingly. Using credible tools creates layers of trust, which diminishes the chances of detection for phishers. Thus, Microsoft has warned users to look out for the potential abuse of its tool in phishing scams.

According to Perception Point, this phishing method utilises trusted tools from Microsoft, such as Visio and SharePoint-meaning cybercrooks adapt to evade detection. As per the same sources, these methods are designed to gain user trust and evade traditional systems in email security.

 Recommended Security Best Practices

The best practices to mitigate such advanced phishing are as follows for both organizations and individual users:
There is verification of the sender's identity before opening attachments from unknown or unfamiliar contacts.

Enable multi-factor authentication: In addition to the extra security multi-factor authentication has in place, it will be much harder for hackers to access your accounts without any kind of authentication

Stay updated on phishing techniques: Educate the employees to become aware of recognizing and avoiding attempts from hackers.

Advanced Email Security Tools: Implement tools that are now specifically designed to monitor unusual file types, including Visio files, with the aim of detecting emerging phishing strategies.

In this day and age of phishing scams, staying abreast and refreshing security protocol can definitely go a long way.



600 Million Daily Cyberattacks: Microsoft Warns of Escalating Risks in 2024


Microsoft emphasized in its 2024 annual Digital Defense report that the cyber threat landscape remains both "dangerous and complex," posing significant risks to organizations, users, and devices worldwide.

The Expanding Threat Landscape

Every day, Microsoft's customers endure more than 600 million cyberattacks, targeting individuals, corporations, and critical infrastructure. The rise in cyber threats is driven by the convergence of cybercriminal and nation-state activities, further accelerated by advancements in technologies such as artificial intelligence.

Monitoring over 78 trillion signals daily, Microsoft tracks activity from nearly 1,500 threat actor groups, including 600 nation-state groups. The report reveals an expanding threat landscape dominated by multifaceted attack types like phishing, ransomware, DDoS attacks, and identity-based intrusions.

Password-Based Attacks and MFA Evasion

Despite the widespread adoption of multifactor authentication (MFA), password-based attacks remain a dominant threat, making up more than 99% of all identity-related cyber incidents. Attackers use methods like password spraying, breach replays, and brute force attacks to exploit weak or reused passwords1. Microsoft blocks an average of 7,000 password attacks per second, but the rise of adversary-in-the-middle (AiTM) phishing attacks, which bypass MFA, is a growing concern.

Blurred Lines Between Nation-State Actors and Cybercriminals

One of the most alarming trends is the blurred lines between nation-state actors and cybercriminals. Nation-state groups are increasingly enlisting cybercriminals to fund operations, carry out espionage, and attack critical infrastructure1. This collusion has led to a surge in cyberattacks, with global cybercrime costs projected to reach $10.5 trillion annually by 2025.

The Role of Microsoft in Cyber Defense

Microsoft's unique vantage point, serving billions of customers globally, allows it to aggregate security data from a broad spectrum of companies, organizations, and consumers. The company has reassigned 34,000 full-time equivalent engineers to security initiatives, focusing on enhancing defenses and developing phishing-resistant MFA. Additionally, Microsoft collaborates with 15,000 partners with specialized security expertise to strengthen the security ecosystem.

Operation Synergia II: A Global Effort to Dismantle Cybercrime Networks

Operation Synergia II: A Global Effort to Dismantle Cybercrime Networks

In an unprecedented move, Operation Synergia II has significantly strengthened global cybersecurity efforts. Led by INTERPOL, this extensive operation focused on dismantling malicious networks and thwarting cyber threats across 95 countries. Spanning from April to August 2024, the initiative marks a monumental step in international cybercrime prevention.

Global Collaboration

Operation Synergia II aimed to tackle a range of cybercrimes, including phishing, malware distribution, and ransomware attacks. Cybercriminals exploit vulnerabilities to steal sensitive information, disrupt services, and extort money. The operation's success lies in its collaborative approach, involving INTERPOL, private cybersecurity firms like Kasperksy, and national law enforcement agencies. This partnership was crucial in sharing intelligence, resources, and expertise, enabling swift and effective actions against cyber threats.

The Scope of the Operation

In Hong Kong, authorities dismantled over 1,000 servers linked to cybercrimes, while investigators in Mongolia confiscated equipment and identified 93 suspects. Macau and Madagascar also played vital roles by deactivating hundreds of servers and seizing electronic devices.

Neal Jetton, Director of Interpol's Cybercrime Directorate, remarked, “The global nature of cybercrime requires a global response… Together, we’ve dismantled malicious infrastructure and protected countless potential victims.”

Key Achievements

The operation led to the seizure of over 22,000 malicious IP addresses and servers. This massive takedown disrupted numerous criminal networks, preventing further attacks and mitigating potential damages. The seized assets included servers used for hosting phishing websites, distributing malware, and coordinating ransomware operations.

Impact Areas

Phishing Schemes: Phishing remains one of the most prevalent and dangerous forms of cybercrime. Cybercriminals use deceptive emails and websites to trick individuals into revealing personal information, such as passwords and credit card details. By targeting and taking down phishing servers, Operation Synergia II significantly reduced the risk of individuals falling victim to these scams.

Malware Distribution: Malware, or malicious software, can cause extensive damage to individuals and organizations. It can steal sensitive information, disrupt operations, and even take control of infected systems. The operation's success in dismantling malware distribution networks has helped curb the spread of harmful software and protect countless users.

Ransomware Attacks: Ransomware is a type of malware that encrypts a victim's files, demanding payment for their release. It has become a major threat to businesses, governments, and individuals worldwide. By targeting the infrastructure used to deploy ransomware, Operation Synergia II has disrupted these extortion schemes and safeguarded potential victims.

Cybersecurity Beyond Phishing: Six Underrated Threats


Cybercriminals are continually developing new methods to exploit vulnerabilities, and even the most tech-savvy individuals and organizations can find themselves at risk. While some cyberattacks like phishing and malware are well-known, several lesser-known but equally dangerous threats require attention. This blog post explores six types of cyberattacks you might not have considered but should be on your radar.

1. Botnet Attacks

A botnet attack involves a network of compromised computers, or "bots," which are controlled by a single entity, often referred to as a "botmaster." These botnets can be used to launch large-scale cyberattacks such as Distributed Denial-of-Service (DDoS) attacks, which overwhelm a target’s resources, rendering it inaccessible. 

In 2016, hackers used the Mirai botnet to take control of millions of devices and launched a huge DDoS attack on Dyn, a major domain name server provider.

Some hackers also take over IoT devices to "brick" them, which means they damage the device’s firmware so it becomes useless. They do this for fun or to teach people about cybersecurity.

2. LLMjacking

As language models become integral in various applications, they present new cyberattack vectors. LLMjacking, or Large Language Model hijacking, involves manipulating language models to generate harmful or misleading information. 

Attackers can exploit vulnerabilities in these models to spread misinformation, influence public opinion, or even automate phishing attacks. The rise of AI-powered tools necessitates the implementation of stringent security measures to safeguard against such manipulations.

Companies that utilize cloud-hosted Large Language Models (LLMs) are at risk of LLM jacking because they possess the necessary server resources to operate generative AI programs. Hackers might exploit these resources for personal purposes, such as creating their own images, or for more malicious activities like generating harmful code, contaminating the models, or stealing sensitive information.

While an individual hijacking a cloud-based LLM for personal use might not cause significant damage, the costs associated with resource usage can be substantial. A severe attack could result in charges ranging from $50,000 to $100,000 per day for the owner.

3. Ransomware

Unlike traditional malware that aims to steal information, ransomware directly extorts victims. Attackers encrypt valuable data and demand payment, often in cryptocurrency, for the decryption key. Organizations of all sizes are potential targets, and the financial and reputational damage can be severe. Preventative measures, including regular data backups and cybersecurity training, are crucial in mitigating the risks of ransomware attacks.

4. Insider Threats

An insider threat comes from within the organization, typically from employees, contractors, or business partners who have inside information concerning the organization’s security practices. These threats can be malicious or unintentional but are dangerous due to the privileged access insiders have. 

They may misuse their access to steal sensitive information, disrupt operations, or introduce vulnerabilities. Organizations need to implement strict access controls, regular monitoring, and education to reduce the risk of insider threats.

5. Man-in-the-Middle (MitM) Attacks

Man-in-the-middle attacks occur when an attacker intercepts communication between two parties without their knowledge. The attacker can then eavesdrop, manipulate, or steal sensitive information being exchanged. 

MitM attacks are particularly concerning for financial transactions and other confidential communications. Encrypted communication channels, strong authentication methods, and educating users about potential risks are effective strategies to prevent such attacks.

6. Phishing Schemes

Phishing remains one of the most prevalent cyber threats, evolving in sophistication and technique. Attackers use deceptive emails, messages, or websites to trick individuals into divulging personal information such as usernames, passwords, and credit card details. 

Spear phishing, a targeted form of phishing, involves personalized attacks on specific individuals or organizations, making them harder to detect. Continuous cybersecurity awareness training and employing advanced email filtering solutions can help protect against phishing schemes.