Search This Blog

Showing posts with label Phishing scam. Show all posts

Instagram Users Fall Victim To yet another Phishing Campaign



Instagram user's become victims of a new phishing campaign that utilizes login attempt warnings combined with what resembles the two-factor authentication (2FA) codes to trick potential victims into surrendering over their sensitive data by means of fake sites.

It is believed that they use the 2FA to make the scam increasingly 'believable' and  alongside this they resort to phishing with the assistance of a wide scope of social engineering techniques, just as messages intended to seem as though they're sent by somebody they know or an authentic association.

Here, particularly the attackers utilize fake Instagram login alerts stating that somebody tried to sign in to the target's account, and thusly requesting that they affirm their identity by means of a sign-in page linked within the message.

In order to abstain from raising any suspicions these messages are intended to look as close as conceivable to what official messages might appear coming from Instagram.

Once on the target is redirected to the phisher's landing page, they see a perfectly cloned Instagram login page verified with a legitimate HTTPS certificate and displaying a green padlock to ease any questions regarding whether it's the genuine one or not.


To avoid from falling for an Instagram phishing trick like this one, the users are prescribed to never enter their sign-in certifications if the page requesting that they sign in does not belong to the instagram.com site.

Anyway in the event that the user has had their Instagram credentials stolen in such an attack or had their account hacked but in some way or another can still access it, at that point they should initially check if their right email address and phone number are still associated with the account.

Following this they it is advised that they change the account's password by adhering to specific guidelines given by Instagram.

Be that as it may, assuming unfortunately, that the user has lost access to their account after it being hacked, they can utilize these guidelines or instructions to report the incident to Instagram's security, which will then accordingly re-establish it subsequent to confirming the user's identity through a picture or the email address or phone number you signed up with and the type of device you used at the time of sign up."

Phishing Scam Disguised As Some of Victims' Most-Trusted Websites Hits Google Chrome's Mobile Browser




A shockingly simple however convincing phishing scam has struck Google Chrome's mobile browser, camouflaged as some of the victim' most-confided in and trusted sites.

Being alluded to as the 'Inception Bar' it has targeted on the Android mobile users for Chrome by utilizing a 'fake address'  bar that not just shows the name of a real site, yet in addition a SSL badge - used to confirm a site's authencity - demonstrating that the said page is protected.

This 'Initiation Bar' is basically a webpage inside a webpage where regardless of whether a user endeavors to scroll back up the top of the page to get to the address bar; they're constrained down, caught in the fake page.

As indicated by developer Jim Fisher, who posted about the endeavor on his own blog, hackers can utilize a blend of coding and screenshots to trap exploited people into surrendering their private information.

Fisher even exhibited that he had the capacity to change the displayed URL of his own site to that of HSBC Bank.




This trick is valuable especially for scammers who endeavor to cover a pernicious website page as a genuine one and steal significant data from uses like passwords and credit card information.

With some additional coding, Fisher says that the trick could be made increasingly advanced, by simply making the fake bar intuitive.

While his demo was done on Google Chrome, the trick would possibly influence different browsers with comparative highlights.

In any case Google has proceeded to introduce a rather large group of new security feature that explicitly targets phishing including forbidding embedded browsers and different highlights that notify users when they're perusing a 'potentially harmful' website.

Attention Binge-Watchers! A New Netflix Scam Is On the Loose






Netflix users, become the target of yet another cyber-attack, this time as a phishing scam email requesting for the users to update their billing information so as to unlock their accounts.

The email scam says that the user account has been briefly suspended because of a few issues in the "automatic verification process" in this way, to unlock their accounts, the users would need to update their billing information i.e. the details of their payment method and credit/debit cards.

Since the user will have to login to their respective Netflix accounts they will be in danger of having their 'identity' stolen and their bank account will be at risk of being cleared.

This kind of scam isn't new though, particularly for huge brands, such as Netflix.

"Unfortunately, scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information," a Netflix spokesperson said.

The email security service responsible for detecting the Netflix phishing email and releasing an announcement advising users to be alert was MailGuard ,which is known to detect and block the "criminal intent" messages.

Despite the fact that Netflix utilizes various proactive measures to distinguish such fake exercises, a spokesperson from the 'streaming giant'  told media and the users who need to figure out how to guard their Netflix personal data from scams to visit netflix.com/security or contact customer service directly when situations similar to these arise.

What's more, in the event that if the user has already entered their details on the phishing page, he prompted them to change passwords for the account being referred to, be it Netflix or some other service.

Furthermore, on the off chance that they've entered the payment information, then immediately contact their bank to block their cards and along these lines prevent any exchanges.

SIM SWAP Fraud: A Mumbai Businessman Gets Robbed Off Of 1.86 Crore Via Missed Calls






A terrifying banking fraud, the researchers are calling “SIM SWAP”, recently preyed upon a Mumbai based businessman.
Reportedly, Rs.1.86 crore were harvested from this man’s bank balance via 6 late night missed calls.




Numerous other such cases of “SIM-SWAPPING” have also come to light in the metro cities of Bengaluru, Delhi, Bombay and Kolkata and the police cyber-cells are working on them.


This baffling fraud is not just subjective to people with lack of cyber knowledge or lack of critical thinking, technologically active people could also easily get drowned in the scam.


This seemingly stupid and unbelievable method of scamming people is fairly obvious to other parts of the cyber-world.


Despite being quite fresh in India, it has already affected a lot of people around the country and has targeted a fair number of “not-so-aware” mobile phone users, leaving their bank accounts pretty light.


When users switch from their old generation SIM cards to the upgraded versions, meaning when they change their 3G cards to 4G they use a technology called, “SIM SWAP” to register the new SIM card.


This technology had also come into play when the older SIM cards got switched by nano cards.




SIM SWAP:- WHAT? AND HOW?
SIM SWAP is a technique of replacing the existing SIM card by a duplicate one.

It can only be done when the attacker knows the unique 20 digit SIM number embarked on the SIM card.

Either the SIM-con would persuade the user into telling them the number or would hack into it on their own.




WHAT HAPPENED TO THE VICTIM!
Reportedly, the scammers had gotten the access to the victim’s 20 digit card number and had set the SIM SWAP process on, in the night time.

The scam broadly takes place in 2 steps, the SIM SWAP being the second step of the scamming technique.


Already privy to the banking ID and passwords, all that’s left for the fraudulent cons to find is the OTP on the registered mobile number and behold, the transactions begin!


Possibly, the victim was previously victimised by a phishing attack and unawares, mentioned his real password and account ID into a fake website fabricated by the cons.


The businessman had received 6 missed calls between the hours of 11pm and 2 am. These calls were initiated from 2 separate numbers, one beginning from +44(UK’s code).


The calls weren’t attended to as his phone was on the silent mode. Almost all the money got withdrawn from around 14 bank accounts the man had across the country, except for the 20 lakhs he somehow managed to recover.



When a user SIM SWAPS or basically EXCHANGES SIM CARD, all they do is register their phone number with their new SIM card.


This way the phone number is harvested and once that’s done the OTPs could be easily received, opening avenues of online shopping and ludicrous transactions in the owner’s name.


SIM SWAP could also affect people who communicate about their passwords or IDs via cell phones.


The technique depends upon who is a part of the communication. In actual and legitimate SIM exchanges, the users are connected to the servers of service providing organizations like Vodafone or Airtel.


These operators have ‘specifically designed official USSD codes’ for the SIM Swap process.


But when the swapping is not done by the user, the 20 digit SIM card number might fall into wrong hands.


If the wrongly swapped SIM card falls into the hands of the scammer, the victim would fall into immense danger.




HOW THE SCAM GOES ABOUT

The user would get call from the scammer, pretending to be from Idea or Jio. The caller would then, engage the user by saying that the call is for improving the call experience.


Once, set and familiar, the caller would guide the user’s way to SIM exchange, all the way wanting to extract the 20 digit SIM code.


The caller would try all means possible and would trick the user with any trickery possible to haul those 20 digits out.


After having persuaded the user about the 20 digits, the caller would ask them to press 1 or confirm the SIM swap.


The fraudster would then actually initiate the SWAP, having extracted the 20 digit SIM code, they were after.



Meaning, if supposedly the user has an Airtel SIM, the fraudster will too use an Airtel SIM to officially go through with the SIM swap.


Airtel would then send a confirmation text to the user’s cell number. Airtel would be sure that the SIM swap has actually happened and the attacker would have the cell number.


The actual user’s mobile will be left with no signals at all, whereas the fraudster will have full signals on the SIM and complete control over the cell number.


The fraudster would then incessantly call to make the user switch off the phone, in order to get a window to complete the fraud. Once that’s done, the user wouldn’t have any idea about it.



 
Aadhar number could also be an important credential that you would never want to share over the phone.

Also, always keep a close check on your bank account, and if any weird activity is speculated, immediately contact the bank and put a stop to the questionable transaction.

European Cinema Chain Loses an Astonishing US$21.5 Million to a Business Email Compromise




An European-based cinema chain Pathé lost an enormous fortune of around 19 million euros (US$21.5 million) to a business email compromise (BEC) scam in March 2018 by an attack, which kept running for about a month and ultimately costed the organization 10 percent of its aggregate profit.

The scammers here deserted setting the 'fake President' against the 'real CFO' for faking French head office missives to the Dutch management.

Beginning with the following mail:
“We are currently carrying out a financial transaction for the acquisition of foreign corporation based in Dubai. The transaction must remain strictly confidential. No one else has to be made aware of it in order to give us an advantage over our competitors.”

Even however the CFO and Chief considered it odd, they pushed on in any case and still sent more than 800,000 in Euros. At the point when more demands pursued, including a few while the CFO was on furlough—the two executives were fired not long after the head office took note of the situation.

In spite of the fact that they weren't associated with the fraud, Pathé said they could and should have seen the warnings. The business email compromise endeavor was devastatingly effective as they failed to take note of the warnings and there was no security net set up.

Typically a business email compromise is a sort of phishing attack, topped with a dash of 'targeted' social engineering however this specific BEC scam was very intriguing since it featured a somewhat extraordinary way to deal with the attack.

As the business email compromise keeps on developing in ubiquity among the scammers, and it's up to us to battle it. It is progressively essential for any and each organization to consider the BEC important. 

BECs being a standout amongst the most slippery dangers around it is advised for the all the clients to keep their funds operating at a profit as a need, regardless of the fact that whether they disseminate motion pictures, IT administrations, or anything else for the matter.

Focus on HMRC as Many Targeted Through an Email Phishing Campaign




A new phishing attack discovered by Malwarebytes is said to be from under a new campaign, utilizing an old trick with an end goal to steal login credentials, payment details and other sensitive data from victims by claiming to offer them a tax refund which must be asserted online.

The mail claims to be from the UK government's tax office, HMRC, informing the potential user victims that they're due a tax refund of £542.94 "directly" onto their credit card. The attackers apparently snare the users by offering tax refunds. In order to pressure the users they additionally give due dates in their mails to claim said refunds.

The phishing email claiming to be from HMRC.

Apparently, the scam begins by requesting for the user to tap on an offered link to the "gateway portal" and thusly, they reach another page that seems like Microsoft Outlook. Here, the user will enter their email and password to the login portal. Starting here, the attackers access the email login credentials.

Thereafter, the client reaches a fake HMRC portal that displays a form. A deceived user would unknowingly handover their passwords and email, in this way falling a prey to the hackers. Further they enter more personal information such as, users' name, contact address, contact number, date of birth, a typical secret question for most records and card details.

So to say, Tax scams have become a rather basic methods for cyber criminals endeavoring to blackmail data or cash from victims as when people get enticed by the possibility of receiving money, they frequently bring down their safeguards - even by low-level attacks like this phishing trick: HMRC states it will never offer a reimbursement or request personal data by means of an email.

Chris Boyd, lead malware intelligence analyst at Malwarebytes says,

“These attacks can afford to be crude, as the main pressure point is the temptation of an easy cash windfall tied to a tight deadline. Not knowing that HMRC don't issue refund notifications in this manner would also contribute to people submitting details,"

In any case it is prescribed to remain shielded from such attacks, and ensuring that the user in every case double checks the sender's address before opening emails, in this way abstaining from following direct links and signing in to a site specifically.



Fake Verification of Twitter account could lead to Phishing and Credit Card theft

The verification of somebody's account on Twitter is a pretty big deal as you as an user cannot do anything about it. It is only if you are recognizable by thousands of people that Twitter verifies your account.

The chance to get a verified account on Twitter can seem very tempting and that is how somebody operating Twitter account 'Verified6379' is scamming people into divulging their payment details.

The user which claims to be an 'Official Verification Page' of Twitter redirects you using a shortened Goo.gl URL and lands you on a page that looks like twitter.

The page then demands secure information like username, password, credit card numbers and others to verify your account.

The URL has seen over 18,000 hits over the last month.

British lady lost £50,000 in a “phishing scam”

Beware of doing any Online transaction as a lady from London has claimed that she lost £50,000, her life savings in a “phishing scam”.

According to a report published on BBC, the 59-yeat-old Vivian Gabb told in the Victoria Derbyshire’s, a British journalist and a broadcaster, was in the middle of buying a house when her email got hacked by the crooks.

She said that she was conned out of her life savings by scammers who sent her a 'phishing' email with instructions to wire the money to the “bank”.

She was unaware that every email she wrote and received was being monitored by criminals.

According to her, the criminals sent her a message disguised as a follow-up email from her solicitor and asked her to deposit nearly £50,000 into their account.

According to the news report, the Get Safe Online,  an internet safety advice website, says more than half (51%) of people in the UK have been a victim of an online crime, and 15% of people have been victims of either attempted or successful hacks of their email account.

Fake Facebook: Don't give your details away


A new phishing scam designed to steal your Facebook data has come to light. You might be receiving a mail or a message on social media asking you to recover your Facebook account, before it is permanently closed.

The scam is focused on getting Facebook credentials, along with phone number and date of birth of a user. The scam came to light beacuse of the bad English in the message.

Aside from that, the page where you enter your details (the phishing page) is hosted on cloud sharing website Dropbox, allowing for all data you input to be conveniently for the hacker or hackers.

The details are then posted online on a .PHP page, preferably to be sold. No official word is yet out from Facebook on the matter, but www.blog.malwarebytes.org has cautioned users to be careful before responding to any such message, suspected to be from hackers.

Employee email accounts of Children's National Health System targeted with Phishing emails


Children's National became a victim of a cyber-attack, after its employees responded to phishing emails by hackers believing they were legitimate.

The issue came to light on December 26 last year and Children's National believes that any potential unauthorized access of its employees email accounts could have taken place between July 26 and December 26 last year.

Children's National has come out to say that Patient History Information of various patients in the affected email accounts has been put at risk, and although it has not received any information regarding the misuse of this information, affected people are being informed to stay on the lookout for discrepancies in their insurance statement.

On learning of the incident, Children's National immediately secured the emails accounts of the affected employees and began an investigation into the matter. They hired an external forensics firm to carry out their investigation into the matter.

They implemented new safety features and reviewed its systems to upgrade the security of their network. They have also setup a dedicated call centre with a helpline number for getting in touch with the affected patients.

Phishing mail says 'DSVX virus' detected in Your Yahoo Mail


If you are getting emails saying that a virus detected in Your Yahoo Email account, ignore the emails.  It is none other than another tricky method used by cybercriminals to fool users.

Hoax-slayer has spotted a fake email claiming to be from Yahoo informs recipients that it has detected a so-called DSVX virus in your yahoo mail account and you have to update your account.

The email warns the recipients that if they failed to update, they will lose access to their email address.

It also claims the update will give latest spam protection, faster email and unlimited storage facility. 

To update their email, it asks the recipients to send their username, email id, password, email security question and answer, country, phone number and Date of Birth by clicking the Reply Button.

Keep in mind that Yahoo or any other organizations are never going to ask you to send your username and passwords or any other sensitive data via an unsecured email.

Phishing pages trick Steam users to Upload SSFN file

Is Steam login page asking you to upload SSFN file? Think twice before uploading, because the legitimate steam site never asks you to upload SSFN file.

Steam Guard is extra layer of security.  It will ask you to enter a verification code sent to your email, whenever you try to log in from a computer you haven't used before.

This feature will prevent attackers from taking control of your steam account, even if they know your login id and password. 

However, there is new Phishing scam uncovered by MalwareBytes that bypasses the Steam Guard protection.  It tricks users into handing over their login credentials and the SSFN file.

What is SSFN File?
SSFN is the file that avoids you from having to verify your identity through Steam Guard every time you login to Steam on your computer.  If an user deletes this file, he will be asked to verify again and new SSFN file will be generated and stored in your pc.

If you upload your SSFN file to a phishing page, attackers can use this file with username &password to take control of your account.

In a reddit thread, several users have reported that they got fooled by this phishing scam.

"Steam will never ask you to provide any Steam Guard files. If you upload or give a user your Steam Guard .SSFN file, they can gain access to your account without accessing your email account. However, they must know your Steam account password and username to use this file" Valve article about Steam Guard reads.

European Apple users targeted with phishing emails

A new phishing campaign targeting European users of Apple store which promises to offer a discount.

Security researchers at Kaspersky have spotted a new spam mail targeting Apple users, tricks users into thinking that they can get discounts of 150 euros by just paying 9 euros.

"Apple is rewarding its long-term customers.  Your loyalty for our products made you eligible for buying an Apple discount card" The spam mail reads.

The spam mail asks users to download an attached HTML file and fill the form, where users are being asked to enter personal information as well as credit card information.

The scammers spoofed the email address such that it makes the email pretending to be from informs@apple.com.  They also promised to send the discount card within 24 hours, after filling the form.

If a recipient follows the instructions and fill the form, the phishing file will send the data to the attacker server.  The attacker will use the given financial data. 

Cyber Security Awareness: How a Grandma got phished by a Hacker

Christmas is getting closer, children are expecting gifts from Santa Claus.  I'm not sure whether Santa is going to send gifts to your children but definitely cyber criminals have much interest to send phishing emails for you.

Now you should be extreme caution about the emails claiming to give special Christmas offers or free Christmas gifts.

University IT at The University of Rochester has uploaded a funny video in Youtube called "Grandma Got Phished by a Hacker" to create awareness of cyber security.




They have conveyed the warning message about phishing mails in funny way.

The University also has launched a new service called "Proofpoint Targeted Attack Protection", which is designed to improve the protection of University mail systems against phishing attacks.

Nigerian man jailed for $1.5 m phishing scam targeting students

A Nigerian man has been sentenced to three years and nine months for taking part in a $1.5 m phishing scam targeting UK students.

Olajide Onikoyi, 29-year-old, from Manchester, was one of the person of a criminal group who targeted students by sending phishing emails inviting them to update student load details.

According to SKY News, he laundered £393,000 from 238 victims in total, including one student who had £19,000 taken from his account.

When Metropolitan police central e-crime unit seized his computers, they found a chat logs that revealed he was conspiring with criminals in Russia, Lithuania and UK.

A number of other people have also been jailed in connection with the scam.

Users are all advised to be extreme caution when clicking links in unsolicited emails, log into the websites directly by entering the url of the site instead of clicking the link.

Halifax Bank phishing email claims "3rd party Intrusion detected"


A phishing email targeting UK-based Halifax Bank users attempt to trick recipients into handing over their sensitive information.

The email informs the recipients that "3rd party intrusions" have been detected and their account has been limited for security reasons, according to Hoax-slayer.

To restore the account, it asks recipients to confirm their identify and verify that their account has not been used for fraud purposes, by filling an online validation form.

Once the victim opened the link provided in the email, it will take them to a fake Halifax Bank website where it will ask them to log in.  Then, it will ask victims to enter their personal information such as name, phone number, birth dates.

In next form, they will be asked to enter sensitive information such as Account Number, sort code, card number, expiration date and security code.

As usual in phishing scams, once the form is filled, the victim will be automatically redirected to the legitimate Halifax Bank website.

Brazil and Chinese Government websites host Paypal phishing page



Today, I have come across a phishing page which is surprisingly being hosted in one of the Chinese government website that targets Paypal users.

The paypal phishing page is hosted in the "hxxp://www.121.gov.cn/app/p/index.html" that shows the fake login page of Paypal.

Once the victim enters his credentials and proceed to login, he will be redirected to another page where he will be asked to provide his financial info including name, address, credit card details.

Then users are asked to provide 3 digit secure code, password, security questions.

Once all the details have been entered, you will be redirected to page where it says: "Your information has been sent successfully. For your security, you will be automatically logged out.Thank you for using PayPal". This page redirects to the original paypal login page.

Sub-domain of the Brazilian State of Minas Gerais government website "hxxx://www.camaramontesanto.mg.gov.br" is found to be host same type of phishing page.

PhishTank record shows the 121.gov.cn hosts the phishing page from May 8 and camaramontesanto.mg.gov.br is from May 23.

1.http://www.phishtank.com/phish_detail.php?phish_id=1827926 

2. http://www.phishtank.com/phish_detail.php?phish_id=1857679

Victim fell prey to 'phishing' scam and lost £1 Million to fraudsters


This is another incident that reveals why you should be careful on the Internet. A British woman fell prey to a phishing scam and lost her £1million life savings.

The victim unwittingly handed over her personal details to fraudsters after receiving a bogus bank notification email.

Tamer Abdelhamid, the fraudster who stole the personal data then sold the info to Nigerian national, Rilwan Oshodi.  A 26 year old woman from Sierra Leone used the data to change the bank details by pretending to be the victim.

Detectives seized Oshodi's computer during a raid on his home with details of more than 11,000 credit cards, according to DailyMail report.

The fraudsters purchased cheeseburgers, high-end computers, gold with the stolen money. They are facing jail for their roles in the scam.