Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label spoof. Show all posts

Researchers: AiTM Attack are Targeting Google G-Suite Enterprise Users

 

A large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services has also targeted Google Workspace users. 

"This campaign specifically targeted chief executives and other senior members of various organizations which use [Google Workspace]," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu detailed in a report published this month.

The AiTM phishing attacks are said to have begun in mid-July 2022, using a similar method to a social engineering campaign designed to steal users' Microsoft credentials and even circumvent multi-factor authentication. 

The low-volume Gmail AiTM phishing campaign also includes the use of compromised emails from CEOs to conduct additional social engineering, with the attacks also utilizing several compromised domains as an intermediate URL redirector to take victims to the final landing page.

Attack chains entail sending password expiry emails to potential targets that encompass an embedded malicious link to supposedly "extend your access," tapping which takes the recipient to Google Ads and Snapchat redirect pages that load the phishing page URL.

Aside from open redirect abuse, a second variant of the attacks uses infected sites to host a Base64-encoded version of the next-stage redirector in the URL, as well as the victim's email address. This intermediate redirector is a piece of JavaScript code that directs you to a Gmail phishing page.

In one case, the redirector page used in the Microsoft AiTM phishing attack on July 11, 2022, was revised to take the user to a Gmail AiTM phishing page, connecting the two campaigns.

"There was also an overlap of infrastructure, and we even identified several cases in which the threat actor switched from Microsoft AiTM phishing to Gmail phishing using the same infrastructure," the researchers said.

Overall, the findings suggest that multi-factor authentication safeguards alone are insufficient to defend against advanced phishing attacks, necessitating that users scrutinize URLs before entering credentials and avoid opening attachments or clicking on links in emails sent from untrusted or unknown sources.

FBI Warns Victims Against Scammers Threating with Jail Time

 

Recently the US FBI has noted an increase in phone calls that usually spoof the Bureau’s telephone number. The actors pretend to be FBI officers and ask the victims for their personal information. The FBI headquarters’ number sometimes is "spoof" or false, so that the call appears to originate from the FBI on the calling ID of the destination. In this scam, fraudulent callers posing as an agent of the FBI ask for the personal information of the recipient. These calls are however fraudulent; any genuine law enforcement officer would not ask a citizen for their personal information. The FBI describes this form of fraud as impersonation fraud, which revolves around criminals attempting to raise money. 

The FBI says that the criminals at times attempt to ransom victims to gain publicly identifiable information, whether physical or financial. The scammers are getting more subtle, coordinated, technologically advanced, and are mostly focusing on young and elderly people. 

The most recent case holds the actors acting as FBI agents and threatening their targets with fines and jail times, unless and until the target accords any piece of personal information to the actor. The FBI alerted that the organization has been notified of many such incidents where the actor attempts to steal their personal details. Seemingly, most of the fraudsters are targeting people from North Florida.  

One of the victims of the fraud claimed that scammers first contacted him as a representative of sweepstakes to agree on giving out confidential information in return for a big prize. Following a failure to distribute all the information sought, a second scammer who impersonated an FBI officer called the victim and demanded the same information to help target the sweepstakes organization in its investigation. In another case, the victim was contacted by a threat actor posing to be an FBI representative and asked for personal information. 

"The caller claimed to have an immediate need for personal information about the victim—to include financial account numbers—in order to eliminate the victim as a suspect in the alleged crime," stated the FBI. "When the victim declined to provide the information, the caller threatened fines and jail time." 

In regards to such incidents, the FBI advises the targets to reach out to the nearest local office to verify the incident and help in the further investigation to solve the case. They also said that none of the FBI agents would ever ask for money or personal information and therefore one must be vigilant against such scams.