Search This Blog

Showing posts with label Spam Report. Show all posts

Russia recognized as the leader in posting fraudulent resources on the Web


According to the results of last year, Russia seized the first place from the United States in terms of
the placement of fraudulent Internet resources, found out in the international company Group-IB, which specializes in repelling and preventing cyberattacks.

If in the previous three years, most of the blocked phishing resources were located in the United States, in 2019, Russia took first place in this indicator. Hosting services in Russia received 34% of blocked phishing resources, in the US 27%. Panama is in third place, it accounted for 8% of blocking.
The company also indicated that in 2019, the total number of blocked phishing resources increased three times, from 4.4 thousand to 14,093.

According to the Group-IB, earlier scammers stopped their campaigns after they were blocked and switched to other brands. Now they continue to work, replacing the blocked pages with new ones. They also complicated and expanded the mechanisms for implementing phishing attacks.

At the same time, the scammers revised their goals: the number of phishing resources for attacks on cloud storage doubled over the year and the number of fraudulent pages targeting users of Internet service providers tripled. This is due to the desire to get personal and payment data of users.

It is worth noting that Group-IB may require blocking resources as a competent organization that cooperates with the Coordination Center of RU domains.

Kaspersky lab reported in November 2019 that cyber fraudsters have developed a new method of corporate phishing to steal personal data from banks. For example, Bank employees receive an invitation to pass certification with the requirement to enter a username and password from their work email. As a result, fraudsters get access to their correspondence, which may contain files with personal data of credit institution clients.

Russians began to click on scam sites 10 times more often


According to the study of Kaspersky Lab, at the beginning of 2020, the number of attacks on Russians through scam resources increased 10 times to 15 million, and the number of such pages doubled to 10 thousand. The rapid increase is associated with the spread of the coronavirus. Fraudsters actively exploit the theme of the pandemic: from fake promises to pay benefits or refunds for a small cash contribution to the sale of personal protective equipment.

If every click to a scam page entailed deception of at least one user, then the potential amount of damage in the first quarter of 2020 could exceed 3 billion rubles ($40,5 million). Experts did not say how much money the Russians lost on scam resources during this period.

Senior content analyst at Kaspersky Lab Tatyana Sidorina believes that the popularity of scam resources has increased, as Russians have begun to spend more time at home, on the Internet. In addition, users are offered various big money compensations, for the withdrawal of which they need to pay a small commission.

She stressed that the scam resources disguised as state lotteries began to be actively used at the beginning of 2020, 219 resources were discovered. Kaspersky Lab noted that last year, separate statistics on lotteries were not even kept.

In order to minimize the damage from fraud, the Stoloto state lottery is already actively cooperating with law enforcement agencies and conducting an information campaign, said Varvara Basanovich, the organization's operating Director. She stressed that it is impossible to win the lottery without buying a ticket, and the tax is paid after receiving the money, and not in advance.

The head of Analytics and Special Projects at InfoWatch, Andrey Arsentiev, expects that after exiting the self-isolation regime, mass frauds with tourist trips to Russian resorts can start, as well as sellers of drugs for restoring strength, immunity and mental health can become active.

Facebook's 'Dislike Button' scam


Few days after Facebook CEO Mark Zuckerberg, on September 2015, in a Q&A session announced that the long awaited Facebook ‘Dislike Button’ will be implemented soon, scammers seized upon this opportunity in spreading phishing attacks and malware.

Soon after this, many users got the link inviting them to download the Facebook’s ‘ Dislike Button’, it says that it is "invite-only feature". One of the most popular dislike button scam is titled as “Get newly introduced Facebook dislike button on your profile". Once clicking on these links leads the victims to a malicious websites.

The ultimate goal of the scammer  is to encourage users to share the link on their Facebook page. Once it is  spread on Facebook, they asks you for your personal information and account credentials, or sometimes it  downloads the malicious software causing further damage to the computer.

Zuckerberg,  the co-founder and CEO said that, "We are working on it, and are very close to shipping a test of it."

Computer security expert Graham Cluley  showed this concern over this on his blog.  "Scams like this trick you into liking pages, and sharing the link with your friends, using the bait of something alluring...in some cases they will even lead you to pricey premium rate mobile phone subscriptions, online surveys that generate the scammers income, or trick you into downloading malicious code onto your PC."

And advised that, "Don't be duped. If you're a Facebook crack-addict then try to resist the urge of falling for the latest scam, and wait for Facebook to properly roll-out new features as and when they choose."

Fake Verification of Twitter account could lead to Phishing and Credit Card theft

The verification of somebody's account on Twitter is a pretty big deal as you as an user cannot do anything about it. It is only if you are recognizable by thousands of people that Twitter verifies your account.

The chance to get a verified account on Twitter can seem very tempting and that is how somebody operating Twitter account 'Verified6379' is scamming people into divulging their payment details.

The user which claims to be an 'Official Verification Page' of Twitter redirects you using a shortened Goo.gl URL and lands you on a page that looks like twitter.

The page then demands secure information like username, password, credit card numbers and others to verify your account.

The URL has seen over 18,000 hits over the last month.

Don’t click every link to read sensational stories on social networking site

Credits: Symantec

Sensational stories! Wow, the only one thing common which we all love. Especially on social medias, we do not think even hesitate before clicking any sites or email to read such stories.

However, researchers say that we need to be vigilant and skeptical when reading sensational stories on social media sites or in emails.

People should visit trusted news sources for information instead of clicking on random links online, go directly to your trusted news source because few days ago, a Brazilian singer and songwriter Cristiano Araújo lost his life in a car accident.

After his death, Symantec started to observe malicious spam email using the news as a lure. Some of the spam emails attempt to entice users into downloading video footage of the accident. If users click on the Google Drive URL found in the email, they will end up downloading malware. The malware is detected as "Download.Bancos", a well-known banking malware that has been plaguing South America for a while now.

Once the initial malware, a downloader, infects the computer, it will download Infostealer.

Security researchers from Symantec Security Response wrote in the blog that their telemetry on the malware distributed by this spam campaign shows it targeting users in Brazil and Venezuela.

“Symantec advises users to be cautious when it comes to emails crafted around popular news stories such as the one discussed in this blog as they may be malicious. This type of social engineering is not limited to email and users should also be careful on social media sites as similar tactics can also be used,” the researcher added.

The researchers strongly suggest that never install applications or do surveys in order to view gated content. It's a trick to put money in the pockets of scammers and anyone’s computer or device is at risk to malware.

“Report suspicious content. Do your part by reporting this type of content as spam,” the blog read.

Acai Berry Diet Facebook spam attack: Don't buy, don't try, don't reply, says expert


Most of the Facebook users would have noticed various websites promoting Acai Berry diet products. Sometimes, even our friends recommend Acai Berry advertisements on Facebook. However, think twice before you click on those links. If you do, you end on some diet supplement scam page.

In the Acai Berry scam, we can only see two successive postings on our Facebook Timeline without our permission. Like:

“Successfully results in this particular health solution.”

Then, here comes a follow-up post as if anyone has forgot

“The link, hehe.. http://goo.gl/xxxxxx.”

Paul Ducklin, a computer security expert, wrote on Naked Security's blog post “You'd be right to be suspicious, at least if you know your friend is competent in English, because some of the phrases stretch the limits of comprehensibility. However, we're guessing that there are two postings in order to add some kind of human-sounding realism.”

He added that it was understandable that automated bogus messages wouldn't forget the link in the first place. And secondly, humans would rush to correct their error with comments saying "hehe."

The expert said that short links like: goo.gl URLs have been used in the campaign and seem to have redirected to URLs.

For example: [hexdigits].my.test/[letters]/image_[hexdigits].jpeg

“If you click through to the buy page and check the very limited disclaimers and FAQs there, you'll find that the product only helps you to lose weight if you combine it with a diet specifically designed to make you lose weight. So, assuming that you spot the scam for what it is before you fill in your credit card number on the buy page, and bail out, you should be OK,” he added.

“Don't buy, don't try, don't reply,” he wrote.

He suggested that if anyone gets to know about he/she has been posting ‘out-of-character posts’ without his/her approval, please check the following:

•             Is your computer patched and up-to-date?
•             Is your anti-virus up-to-date and running properly?
•             Has someone else been logging into your accounts?
•             Did you use the same password on multiple sites?
•             Have you authorized any apps to access your social media accounts?