Search This Blog

Showing posts with label Email scam. Show all posts

Massive BEC Phishing Ring Uncovered, 3 Nigerian Nationals Arrested

 

In the city of Lagos, three Nigerian nationals suspected of participation in an organized cybercrime group behind malware distribution, phishing attacks, and a massive business email compromise (BEC) ring responsible for scams globally, have been arrested under “Operation Falcon” carried out jointly by international police organization with Nigeria Police Force and Singapore-based cybersecurity firm Group-IB, according to the reports by Interpol. 
 
In a Business Email Compromise (BEC) attack, the threat actor hacks and spoofs email to impersonate an organization’s CEO, vendors, or senior executives to trick employees and customers by gaining their trust; which later is exploited as the attackers encourage actions relating to funds transfer to criminal’s account or transferring confidential data, in some cases. 
 
The cybercriminals behind the operations performed a number of their phishing campaigns in disguise; masked as product inquiries, Coronavirus aid, or purchasing orders. Stealing authentication data from emails, web browsers, and FTP clients from organizations based in the UK, the US, Japan, Nigeria, and Singapore, has been identified as the primary objective of these phishing attacks, as per Group IB. 
 
As the ongoing investigation continues to uncover other suspects and monetization means employed by the ring, around 50,000 targeted victims have been discovered, so far. Allegedly, the participants of the rings developed phishing links and domains before performing mass BEC campaigns wherein they sophisticatedly targeted corporations of all sizes. Reportedly, 26 different malware variants were being deployed by the criminals including remote access Trojans (RATs) and spyware. 
 
"They then used these campaigns to disseminate 26 malware programmes, spyware, and remote access tools, including AgentTesla, Loki, Azorult, Spartan, and the nanocore and Remcos Remote Access Trojans,’ the INTERPOL said. 
 
"This group was running a well-established criminal business model," Interpol's Cybercrime Director Craig Jones noted. "From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits." 
 
“These programs were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and siphoning funds,” as per an announcement by INTERPOL. “According to Group-IB, the prolific gang is believed to have compromised government and private-sector companies in more than 150 countries since 2017.”

Google Drive Notifications Used to Send Malicious Links to Hundreds of Thousands of Users

 

Cybercriminals have now resorted to utilizing a legitimate Google Drive collaboration feature to trick users into clicking on pernicious links. 

As per recent reports the attacks have been originated from Google Drive's collaboration feature, which enables users to make push notifications or emails that invite people to share a Google doc. Attackers are mishandling this feature to send mobile users Google Drive notifications, inviting them to collaborate on documents, which at that point contained 'malicious links'. 

Since they are sent through Google Drive, the notifications originate from Google's no-reply email address, causing them to appear more legitimate. Different cycles of the attacks are sent using email (rather than by notifications) and incorporate the malignant link directly in the email. The Google Drive notifications accompany various lures. 

Many imply to be "personal notifications" from Google Drive, with one lure named "Personal Notification No 8482" telling the victim they haven't signed into their account for some time. These undermine that the account will be deleted in 24 hours except if they sign in using a (malicious) link. Another, named "Personal Notification No 0684," tells users they have an "important notice" of a financial transaction that they can see for their own in their account, using a link. 

The attack has focused on countless Google users, as per WIRED. The report said that the notifications are being sent in Russian or broken English. 

These links take victims to malevolent scam websites. WIRED detailed that one such site flooded users with notifications to click on links for "prize draws," while different sites mentioned that victims click on such links to "check their bank account." 

Targeted users took to Twitter to the caution of the scams, with one Twitter user saying that 'the only red flag' of the scam was that he wasn't anticipating a shared doc.

 


With the generality of working from home due to the Covid pandemic, attackers are progressively utilizing collaboration and remote-work tools, including Google offerings. 

Nonetheless, a Google spokesperson told WIRED that the company is dealing with new security measures and is currently making strong efforts for detecting Google Drive spam.

Criminals sending malicious emails claiming to be from the rector of Moscow State University

A malicious program that steals passwords was sent out in mid-September by scammers in letters claiming to be from the rector of Moscow State University. The recipients were financial, industrial, and government organizations in Russia.

The mailing, as noted in the company Group-IB, was held in the period from 9 to 16 September.

"In the letter, the attackers, on behalf of rector Viktor Sadovnichy, ask recipients to read the attached document “ A description of the budget for 2020” and promptly send their commercial offer,” reported the company's press service.

The texts of the letters are illiterate and contain stylistic errors. In addition, the order of words and sentences indicates that fraudsters use an automatic translation program. The authors of the letter were too lazy to change or check all the links in the template before sending them out. Probably, similar attacks have already been carried out on behalf of other universities, most likely foreign ones.

The addresses of Moscow State University were indicated as the sender in the letters. In fact, the correspondence was sent from the hacked mail server of the Hotel Alfonso V in the Portuguese city of Aveiro. The hotel has already been notified of the break-in.

All the scammers’ emails contained an archive called "Request for a commercial offer" with an executable .exe file inside. After it was launched, a malicious program was installed on the user's device that could steal usernames and passwords.

"In the future, hackers can use them to gain access to email accounts or crypto wallets, for financial fraud, espionage, or sell stolen data on hacker forums,” said Group — IB.

According to Vasily Kuzmin, Deputy head of the information technology department of Moscow State University, neither the rector nor the University administration ever send letters with such content.

Fake Email Campaign Demanding Ransom in Cryptocurrency


Internet users have been alerted by national federal cybersecurity agency against a fake email campaign that is going on in the country; the authors behind the campaign are threatening to post a personal video of a victim that they claim to have recorded if the demanded ransom in the form of cryptocurrency is not paid to them.

While assuring users that there's nothing major to worry about these emails as the claims made in it are fake, the Computer Emergency Response Team of India (CERT-In) in a related advisory, suggested users assign new passwords to all their online platforms including their social media handles.

CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology security organization. It has been designated as the national agency to respond to computer security incidents. The purpose of CERT-In is to issue guidelines, advisories, and promote effective IT security practices throughout the country.

A number of emails have been sent as a part of the campaign, claiming that the receiver's computer was compromised and a video was recorded via their webcam and that the sender has access to their passwords, as per the CERT-In latest advisory on the matter. The attacker attempts to convince the user into falling in his trap by mentioning his previous password in the email, then by strategic use of computer jargon, the attacker comes up with a story to appear as a highly-skilled scammer to the recipient. The story tells the victim that while he was surfing a porn website, his display screen and webcam was compromised by a malware placed by the hacker onto the website. It states that all of the user's contacts from Facebook, email, and messenger have been hacked alongside.

As these emails are scams and claim false information, users are advised to not get tricked into paying the demanded ransom in haste as even if the password mentioned by attackers in the email seems familiar it's because they accessed it via leaked data posted online and not through hacking their account. All you have to do is change or update your password for all the online platforms where it is being used.

Cyber Intrusions on a Rise in Oregon, Attackers Bringing in Sophisticated Methods


Cyber intrusions have been on a rise with cybercrime becoming more dangerous and sophisticated than ever. The pervasive and evolving cybercrime poses a serious threat to both the public and private sector networks as attackers target international organizations to steal corporate data and individuals are subjected to identity theft.

In December 2018, Aaron Cole, from the Portland suburb of Oregon City, fell prey to a wire scam and nearly lost his home after being duped into making a fraudulent down payment of $123,000. The attacker sent Cole an email directing him to make the payment and tricked him into believing that it is from the title company he had been working with. At the time, Cole did not realize that a sophisticated network of hackers had been keeping track of his interactions with the title company. Although the email appeared similar in structure to the original emails he received from his title company, it had slight differences.

It was only when the title company reached out Cole on due dates, asking him to send the money, the realization of the blunder hit the Oregon man hard. He suddenly realized that he was duped by cybercriminals to give away all the money which he had saved from the sale of his former house along with other family savings.

Cole's title company, WFG came to his immediate rescue and made up for the losses, in turn, Cole is helping the company in spreading the word about more such scams. He was fortunate to be hired for the same amount he lost to the hackers - to be a spokesperson at the National Title Insurance Company.

“They warned we're never going to send you an email with wire instructions, it'll be an encrypted email. We’ll call you with wire instructions. They're putting all the red flags out there that they can possibly think of,” said Cole. “I was looking at it more like the terms of use when you want to download an app and you just skip through the thing and you click accept.”

While explaining the unfortunate incident and the state of mind which followed, the Oregon Husband and father of two said: "It was the worst feeling."

"And then having to go home and tell my wife that I just gave away all the money. She could tell right when I walked in the house and just sat down, and I just couldn't come up with the words to tell her." He added.

Referencing from the statements given by Gabriel Gundersen, an FBI supervisory special agent with the Oregon Cyber Task Force, "The emails have gotten well-crafted and quite detailed. They're highly tailored to that particular victim."

"It's a social engineering piece, where they're coercing a victim to do something based on an artificial agenda or an artificial timeline." He added.

Earlier the attempts made by attackers to dupe people were uncoordinated and clumsily executed due to which individuals had a scope of making distorted sense of anything which strikes them as strange and makes them feel uncomfortable, however now these cyber traps are set sophisticatedly making it difficult for individuals to locate the red flags.

Security officers are in a constant race with the attackers, ensuring they are not lacking behind with the fixes for every new approach slammed in by con men. However, the overall impact is still staggering as crucial systems are bypassed, disrupting the entire functioning of vital medical and banking networks.

Cyber Extortionist Pretends To Be From US Police; Demands $2000 in Bitcoin To Delete Evidence!







A cyber extortionist acts to be a US State Police detective and promises to delete child porn evidence for $2,000 in Bitcoins including a phone number which could be used to contact the scammer.

“Sextortion” emails have become quite common where the sender cites that the recipient’s computer has been hacked with the recording of them while on the adult sites.

On the other hand extortionists pretend to be hitmen and asking for money to call off the hit, bomb threats and tarnishing website’s reputation.


The aforementioned extortionist accuses the victim of child pornography and that the evidence could be deleted if they pay the sender $2,000 in Bitcoins.

Florida, Minnesota, Georgia, Tennessee, California and New York are a few of the states where the victims mentioned that the mails they got were from.

Per sources, the email sent by the extortionists pretending to be from the Tennessee State Police included the following phrases:
·       “Do not ignore the important warning”
·       “I work in the Bureau of Criminal Investigation, detective branch Crime Prevention with child abuse.”
·       “You uploaded video child-porno to websites”
·       “not possible to prove you didnt this”
·       “I retire in next month and want to earns some money for self”
·       “Pay me to Bitcoin wallet”
·       “This is anonymous money I want 2000$”
·       “Send transfer to my wallet”
·       “My temporary phone to contact”
·       “After receiving payments, I delete All materials”
·       “If you don’t pay me, I sending materials to The Tennessee Crime Laboratory.”

All the emails happen to be the same, the same Bitcoin address 17isAHrP2cZSY8vpJrTs8g4MHc1FDXvAMu


 but just the state’s name different.

The attacker(s) is/are using a data breach dump which contains both email and home address so that the state in the email could be matched up with the target’s state of residence.

Extortion scams don’t usually contain the scammers contact number and matching the state of residence with that in the email is surely a nice touch there.

But whenever an email turns up where the sender asks for money it’s obviously to be aborted.

Email extortionists threatening to release your sex tape









Scammers are circulating a new email scam campaign claiming that hey have a sex tape of you, and if you do not send them a $1,500 in bitcoins they will release it.

The extortion email sent states that the extortionists had intercourse with you a long time ago and had secretly recorded everything, apart from that they even stole all your passwords and contact lists while you were in the bathroom.

The email further specify that they will delete everything about you once you send them $1,500 in bitcoins, and will never hear from them again.

But, the receiver of this mail should not worry, as it is just a scam and the senders do not have any tape sex tape of you.  Therefore, you should not send them any money or be worried that it is true.


Surprised? 

I have yet another surprise for you, our intercourse video. 

Yes, you read it right. We had intercourse quite a long time back, and I recorded a video of it. Not just the video, I even saved all your passwords, contact lists and everything. I did all of this when you were in the bathroom, trying to clean yourself. 

Trust me, I can fcuk up your life if I want to. 

I am not an evil individual, it's just that, I need some money and I am certain you can help me with it. 

So here is the non-negotiable deal. You send me $1500, and I will delete everything I have about you. You will not ever ever hear from me. 

Send the money to my bitcoin (BTC) address. Search Google (How to buy bitcoin), if you do not know how to send bitcoin. 

Address: 
[id]

Darling, the address is case-sensitive, so it is better to copy and paste it. 

If I do not get the bitcoins within one day, I promise, I will: 

1. Send our intercourse video to all of your contacts. 
2. I will leave our intercourse DVD to your neighbors (I know where you reside), and a copy for your nice family as well. 
3. I will NOT let you live your life, as simple as that. I will keep coming back. 

For the apparent reason, I can not tell you my personal name, but yes, I can tell you one thing that, it was a long, long time back darling.

According to the BleepingComputer, the bitcoin address associated with the above email had not received any payments as of today.  

Unfortunately, the bitcoin address cannot be provided due to privacy concern of the person who shared the email.