Search This Blog

Showing posts with label phishing. Show all posts

“LinkedIn Private Shared Document” Shared Via Phishing Email by Hackers

 

LinkedIn seems to have become a popular destination for phishing attacks and users have been attacked with phishing emails in the recent scam on the site. With the public becoming more familiar with the standard tactics used to attack them, cybercriminals had to adopt new tactics in order to prevent identification. 

JB Bowers, a security investigator, found that hackers use LinkedIn to target users to give up their login credentials. The scheme attempts to get dubious users to open a "LinkedIn Private Shared Document," after which their login credentials are requested to access the falsified LinkedIn page. The message prompts the receiver to follow a reference from a third party to access a document.

Any user who obtains an unwanted message through the internal messaging system of LinkedIn via an unidentified contact must be extremely careful. In particular, this is true if users are requested to enter their login details. Users who mistakenly input their login credentials could often receive phishing messages which their LinkedIn contacts can also see. 

As to why hackers attack LinkedIn users, it may be because regular LinkedIn users have strong revenue than normal and are perceived as higher-value targets. Or since LinkedIn links to another Microsoft service, such as Office 365, it could contribute to more identity leakage if a LinkedIn account is hacked. As the name suggests, Phishing attempts to lure users to send confidential details. This could take the form of emails offering a free smartphone or something more formal, as in the aforementioned case. Further targets of phishing attacks are- colleges and businesses. Hackers are now getting more advanced and will send you a bogus email that appears to have originated from your employers since LinkedIn tells them who you are dealing with. Phishing pages are hosted in sites where there are also legitimate business purposes, such as Firebase and Pantheon.io, making access by companies unlikely. 

“The sites use major ASNs including Fastly, Google, and Microsoft, making basic network traffic analysis for the end-user also not so useful,” Bowers stated.

Employees must be advised to identify this form of intrusion leading to a broader breach of enterprise processes and networks. A further alternative is to block the usage of social media/networks on working devices, but it might not be good for workers. The victims will be made aware of the deception and have to let their LinkedIn friends also know about it. In some instances, some of them will find themselves fooled and have to go through the same method. 

“If you see any more LinkedIn messages like this […] you’ll want to let that person know out of band that their account has been compromised and that they should update their LinkedIn password, as well as report the abuse to LinkedIn,” Bowers advised.

Microsoft Office Phishing Attack Hosted on Google Firebase

 

A phishing campaign set on stealing Microsoft login credentials is utilizing Google Firebase to bypass email security efforts in Microsoft Office 365, researchers said. 

Researchers at Armorblox revealed invoice-themed emails sent off to at least 20,000 mailboxes that indicate to share data about an electronic funds transfer (EFT) payment. The emails convey a genuinely vanilla subject line, “TRANSFER OF PAYMENT NOTICE FOR INVOICE,” and contain a link to download an “invoice” from the cloud.

Clicking on that link starts a progression of redirects that at last takes targets to a page with Microsoft Office branding that is facilitated on Google Firebase. That page is obviously a phishing page, designed to collect Microsoft log in data, secondary email addresses, and phone numbers. “Since all workplace accounts are so closely interlinked, sharing credentials to one of your accounts can prove to be very dangerous as cybercriminals send emails in your name to trick your customers, partners, acquaintances and family members,” as indicated by Armorblox. 

Impersonating Microsoft to phish for account credentials continues being an incredible method since it's a way for attackers to embed themselves into typical business work processes, said Rajat Upadhyaya, head of engineering at Armorblox. “Viewing documents via Office 365 is something we do every day, so victims might think it’s not unusual to enter login credentials in this situation,” Upadhyaya added. “Plus, hosting the final phishing page on Google Firebase lends the domain inherent legitimacy and allows it to bypass email security blocklists and filters.” 

The email assault bypassed native Microsoft email security controls. Microsoft appointed a Spam Confidence Level (SCL) of '1' to this email, which implies that the tech giant didn't decide the email as dubious and conveyed it to end-user mailboxes. Strangely, by facilitating the phishing page HTML on Google Firebase, an inherently trusted domain, the emails had the option to nip past underlying Microsoft security filters, including Exchange Online Protection (EOP) and Microsoft Defender for Office 365.

For better protection against email-borne threats, employees ought to be prepared to engage with emails identified with cash and information with an "eye test" that incorporates investigating the sender name, sender email address, language inside the email, and any legitimate irregularities inside the email, as per Armorblox.

Financial Conduct Authority of UK Hit by 2,40,000 Spam Mails, Some Contain Malware

 

Financial Regulator of UK was spammed by almost a quarter of a million (240,000) malicious emails in the Q4 of the year 2020. The FOI data gives important highlights about the tremendous pressure that big organizations are facing to protect their assets. Griffin Law, a litigation firm, has filed an FOI with an influential London-based agency, the FCA (Financial Conduct Authority). As per Gov.UK, "The Financial Conduct Authority (FCA) regulates the financial services industry in the UK. Its role includes protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers." 

The firm says that FCA was spammed with around 240,000 malicious emails (also unsolicited) during the course of the last three months of 2020, an average of 80,000 emails per month. November observed the highest mails-84,723, whereas October had 81,799 and December 72,288. Most of the mails were listed as "spams" whereas more than 2400 mails had malware containing trojans, bugs, worms, and spyware, says the report. Fortunately, the FCA had blocked all the malicious emails that it received, however, the main threat isn't from these mails but from targeted spear-phishing campaigns. Tim Saddler, CEO, Tessian, emphasizes that phishing emails have become a persistent threat today because it is easy to target humans than to hack machines. 

Tim said, "cyber-criminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it." He further says, "it just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials." 

This is not the first time when the Regulator has sidelined its cybersecurity issue. In February last year, Regulator had to apologize on public forums when it accidentally posted personal information (including name and address) of the few users who had lodged complaints against the agency. The irony is, the data leak happened as a Regular's solution to an FOI request.

National Crime Agency Detained the Operator of SMS Bandits for Phishing Message Services

 

The National Crime Agency of the United Kingdom has announced the arrest of the Service 'SMS Bandits' operator. However NCA did not disclose the suspected fraudster's identity, the cybercrime department of the Metropolitan Police has announced the detention of a Birmingham citizen who is linked to the company offering illicit phishing services. The aforementioned platform was used to send large amounts of phishing SMS. The fraudster had sent out a humungous number of fake messages by spoofing organizations like PayPal, some telecom providers, COVID-19 pandemic relief organizations, etc. 

SMS Bandits, including the man detained, got access to account credentials from numerous popular web pages, offered on dark web platforms that they controlled by sending fake SMSs by millions. Among other pseudonyms, Bamit9, Gmuni, and Uncle Munis are also used by the fraudulent service providers on the dark web. For mass transmission of texts intended to collect account credentials on various common websites and to steal personal and financial information, SMS bandits supplied an SMS phishing service for the mass transmission of text messages. 

Angus, a researcher at the Scylla Intel, a cyber intelligence firm, stated that the SMS Bandits sent phish lures that always made it possible to detect a fake message uncommonly, well done, and clean of syntax or orthographer's errors. “Just by virtue of these guys being native English speakers, the quality of their phishing kits and lures were considerably better than most,” Angus further added. 

According to Scylla Intel, the SMS Bandits made a variety of organizational security errors that made it relatively easy to figure out who they are in actuality. Scylla Intel further collected evidence against the SMS Bandits' and figured out that the SMS Bandits used the email addresses and passwords stolen from its services to validate the credentials. 

According to the sources, the SMS Bandits are also related to a dark web criminal program named, “OTP Agency”, a service that is designed to intercept the one- time- password which is required while logging into various websites. The modus operandi involves the customer entering the target’s phone number and name, and then the OTP Agency initiating an automated phone call to the target that alerts them about unauthorized activity on their account. 

SMS Bandits has also offered its patented "bulletproof hosting," which has been marketed as a "freedom of communications" portal, where clients can "host any content without restrictions." The content inevitably shapes the sites on which users of different web platforms are entitled to phish credentials.

According to a new survey, the amount of SMS phishing grew by over 328% in 2020. As a consequence of this, we do not see any feeling of terror among the fraudsters.

Users on Alert as Text Scamming Attack on The Rise


The fear of scam messages may seem far now, and even distant.  With the rise of well-engineered and sophisticated attacks in recent time,  the threat of scam messaging attacks may seem low, however, they are still a persistent danger. SMS (short message service) scams are similar to email phishing attacks, they work through social engineering attacks. Popular as "Smishing" (SMS and phishing), the attacks try to lure victims into providing information and user access, which benefits the hacker.  

Present SMS hacking techniques 
The SMS scam warns users of a new, packaging delivery, which is considered to be better and effective than before. If the user replies, the hacker steals user data for money theft, identity theft, or stealing sensitive organization data.  In one particular attack, the message leads the victim to a website and then rewards with a small gift (a smartphone, for instance) in return, for filling a survey. The attackers ask for credit card credentials for shipping and then steals the money.  Similarly, another SMS scam variant uses fake bank messages for its attack. The hacker lures the victim to give away their banking credentials, and if the victim does so, the attacker uses Emotet malware to infect their devices.  Whereas in some scams, the victim is threatened with violence if he doesn't pay the ransom. The approaches in all these attacks may be different, but they all share a common goal, which is to gain access to personal information. In all these attacks, the victim is asked to open a link or go to a website, the hackers use these malicious links and websites to steal user data.  Some other scam campaigns use relief funds, food aids, bank, covid-19, or jury duty to fool the victim. It is quite difficult to grasp the content of these attacks, however, in the future, these attacks would be even more sophisticated and dangerous, with brand new content.   

Why these attacks are successful. 
Scammers are constantly striving to attack smartphone users, which is a part of a larger threat campaign series. The hackers here have the upper hand, first, they always come up with new techniques to attack users, secondly, in most of cases, victims are not even aware of these attacks. About social engineering, the initial stage is misdirection, where the user is excited and they become assured about whatever texts they receive.  For example, "you've got a text but there's a problem with your credit card."  A different variant of this theme delves into people's likes or interests to get their attention.  An attacker might use an emotional text to trigger user action.  This is why people often receive scam texts which have- Fire! Politics! Lottery! Crime! Hackers use these event references to trigger user action and make them click on a link, or open a website.  

How to protect yourself from scams.  
It is crucial for users to know how to stay safe from these scams and attacks. Application security, mobile data protection, and mobile phone security are the key components here.  Here's what a user can do: 

1. Avoid responding to suspicious messages, especially texts that ask you to click a link. Contact the source to confirm whether the information is authentic.  You may get a text from the delivery service, asking you to click the link to confirm, visit the website instead.  

2. Do not get tricked by messages or brands that seem to be genuine. Fake branding is one of the most common ways of fooling users.  

3. If possible, always report a scam text to be safe in the future. Most importantly, do not think that scamming is a threat of the past. 

In reality, these attacks are on the rise, evolving daily with new techniques. As an organization, staff must undergo training to identify and report scam texts and to be always prepared for the challenges.

LogoKit Can Manipulate Phishing Pages in Real Time

 

A recently uncovered phishing kit, named LogoKit, eliminates headaches for cybercriminals via automatically pulling victims' organization logos onto the phishing login page. This gives assailants the tools expected to effectively emulate organization login pages, a task that can now and again be intricate. Cybercriminals have depended on LogoKit to dispatch phishing assaults on in excess of 700 unique domains in the course of 30 days (including 300 in the past week). These focused on services range from generic login portals to bogus SharePoint, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchange login portals. 

“With LogoKit’s intended functionality to be centered around singular emails per URL and extracting company logos, this dramatically improves ease of carrying out targeted attacks against organizations; and reusing pretexts without changing templates,” said Adam Castleman, security researcher with RiskIQ on Wednesday. 

Phishing kits, which can be bought by cybercriminals for anything in the range of $20 and $880, require minimal technical knowledge to work past modest programming skills. These kits are used to steal various information from victims – including usernames, passwords, credit card numbers, social security numbers, and more.

In some cases, for instance, attackers have been noticed facilitating their phishing pages on Google Firebase as a feature of the LogoKit assault. While LogoKit has been discovered utilizing these authentic facilitating services, researchers have likewise noticed compromised sites – many running WordPress — to have LogoKit variations. Cybercriminals send victims a specially created URL containing their email address. An illustration of a crafted URL that contains the email would be: "phishingpage[.]site/login.html#victim@company.com." 

On the off chance that the victim clicks on the URL, LogoKit at that point brings the organization logo from a third-party service, for example, marketing data engine Clearbit or Google's database for favicons (the graphic icons associated with particular webpages). 

Besides, since LogoKit is a collection of JavaScript files, its assets can likewise be facilitated on public trusted services like Firebase, GitHub, Oracle Cloud, and others, the greater part of which will be whitelisted inside corporate environments and trigger little alerts when loaded inside an employee's browser. RiskIQ said it is following this new threat intently because of the kit's simplicity, which the security firm accepts improves its odds of an effective phish.

DMV Warns New Yorkers of Text Phishing Schemes

 

The New York State Department of Motor Vehicles cautioned New Yorkers of progressing text message phishing schemes. These counterfeit text messages request that recipients update their driver's license contact data, with the messages connecting to a fake DMV site. Utilizing the progressing adoption of the REAL ID Act of 2005 trying to make the scam sound authentic, the attackers have utilized three explicit text phishing messages, said the New York State Department of Motor Vehicles (DMV). 

The New York DMV released three sorts of text phishing messages that fill in as the initial salvo in this attack.

 • The primary assault message illuminates the recipient in broken English that anybody holding a driver's license must "update their contact to compliance regulation agreements.” 

• The following text phishing message accomplishes something similar, advising the recipient they need to change their mailing and contact data to accelerate compliance with new ID guidelines. This rendition of the plan refers to REAL ID by name.

 • The last text message parrots the past two iterations however utilizes the most broken grammar of the three. 
Each three of the driver's license phishing messages diverts to a phony DMV site intended to steal data. 

New York State DMV cautioned of a similar text phishing assault in October 2020. In that case, threat actors were utilizing scam text messages to divert clients to a phony DMV site. On the off chance that somebody clicked on it, the attackers could target them with identity fraud or malware. In another situation, a text phishing scam utilized a pandemic alleviation payment as a cover story. The assault message informed the recipient, they were qualified for $600 on the off chance that they clicked on the embedded link. These attackers utilized caricaturing strategies to mask their message as true correspondence from New York's Department of Labor. 

These assaults feature the requirement for employers to protect themselves against phishing assaults professing to be government messages. They can do such by putting resources into making a security awareness training program. Seeing phishing assaults in a test setting can teach representatives about some of the most common types of scams being used today, as well as emerging campaigns. Employers can likewise consider utilizing phishing prevention technical controls.

6.15 Lakh Facebook Users' Account Compromised by Facebook Ad Phishing Campaign

 



A large scale ad phishing campaign that has compromised more than 6.15 lakh Facebook users' account was exposed by cybersecurity researchers. This ad phishing campaign is spread in at least 50 countries and reportedly the accounts are being compromised by exploiting the pages of open source repository GitHub. 
 
ThreatNix which is a Nepal-based security firm, while giving insights into the attack, said that the number of affected users is rapidly increasing, at an unusual pace of over 100 entries per minute and the situation is expected to worsen furthermore if necessary steps are not taken in due time.  
 
The researchers noted, "the phishing campaign by a sponsored Facebook post that was offering 3GB mobile data from Nepal Telecom and was redirecting to a phishing site hosted on GitHub page; the attackers created different pages imitating the legit pages from numerous entities. The attackers were using the profile picture and name of Nepal Telecom". 
 
Additionally, the cybersecurity firm claimed in a statement this week, “similar Facebook posts were used to target the Facebook users from Pakistan, Tunisia, Norway, Malaysia, Philippines, and Norway”. As per the findings of the firm, this ad phishing campaign is using localized Facebook posts and sending links inside these Facebook posts which redirected to a static GitHub page website that contained a login panel for Facebook. 
 
The cybersecurity researchers also noted that “after redirecting to a static GitHub page it forwarded the phished credentials to two endpoints one to a Firestore database and another to a domain which was owned by the phishing group”. The researchers also unearthed that nearly 500 GitHub repositories containing phishing pages are part of the identical phishing campaign. 
 
According to cybersecurity firm ThreatNix, they are working in unison with other authorities to “bring down the phishing infrastructure by reserving the information related to the domain”. The attackers were using Bitly link’s which pointed towards a benign page and when the Facebook ad was approved it was getting converted to point to the phishing domain, they used Bitly’s link because now Facebook takes all necessary steps to ensure that such phishing pages are not approved for ads.

Acronis reports India to be third highest in terms of Malware attacks, after US and Japan

Acronis, a Switzerland based IT and cybersecurity company surveyed 3,400 IT managers from 17 countries across four continents: Australia, Bulgaria, Canada, France, Germany, India, Italy, Japan, Netherlands, Singapore, South Africa, Spain, Sweden, Switzerland, UAE, UK, and the US from both private and public sector. Their report investigates the increase/decrease of cyber attacks and cyber readiness of companies during covid-19 as in their own words, "the COVID-19 pandemic has crippled businesses worldwide".

According to their report, India was the third highest country in the number of malware attacks, after the U.S and Japan between the months' March to November. Of 1000 clients, 1168 attacks were detected in India in a month. 

 Acronis found that during the switch from office to remote work, weak points in cybersecurity were revealed, mainly 1) exposed servers (RDP, VPN, Citrix, DNS, etc.), 2) weak authentication techniques, and 3) insufficient monitoring.

 The companies increased their expenditure on IT (72% of organizations reported increases in their IT expenditure) but still faced difficulties with adjustments from office to remote work. 

 When it comes to security concerns vast vulnerabilities were noticed in monitoring phishing problems, lack of expertise in a cloud solution, and video conferencing attacks as the cybersecurity protocols placed are just up to par but not really updated with the latest threats and needs. 

 “The cyber threat landscape has changed dramatically during the past few years, and in the last six months in particular. Traditional stand-alone antivirus and backup solutions are unable to protect against modern cyberthreats,” said Serguei “SB” Beloussov, founder and CEO of Acronis. 

 Most of the attacks faced by organizations were phishing (53.4%), DDoS (44.9%), Video Conferencing (39.5%), and Malware (22.2%). The rate of phishing attacks, the reports say is because of the lack of active action taken against them as only 2% of organizations use URL filtering protocols, and India, Switzerland, Canada, and the UK were among the most affected by video conferencing attacks.

Phishing Campaigns Evolving Rapidly; Using Innovative Tactics to Avoid Detection

 

In the past few months, Microsoft Office 365 phishing campaigns have evolved drastically, using innovative tricks like inverted login pages, sub-domains, and pre-detecting sandboxes to evade detection. Some of these notorious but ingenious tricks observed by security researchers are: 

 Detecting Sandboxes 

Microsoft recently discovered a phishing campaign that could avoid automated analysis by detecting security sandboxes (automated analysis). The campaign uses URLs that could spot sandboxes and switch the redirected URL to a legitimate page or website instead of the phishing landing page.

"We’re tracking an active credential phishing attack targeting enterprises that uses multiple sophisticated methods for defense evasion and social engineering," said Microsoft. 

"The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc."

This method makes sure that only real people or to say potential victims reach the landing page and not security researchers and automated security scans. Thereby reducing their chance of being blocked. 

These emails are also very well crafted and obscure - another way to dupe email gateways. 

 Inserting Custom Sub-domains 

Another way these attackers have found to make phishing URLs more legitimate is by inserting custom subdomains for each user with their name and their organization's name. 

"This unique subdomain is added to a set of base domains, typically compromised sites," Microsoft explained. 

"Notably, the phishing URLs have an extra dot after the TLD, followed by the Base64-encoded email address of the recipient." 

"The unique subdomains also mean huge volumes of phishing URLs in this campaign, an attempt at evading detection."

 Inverting Images of Webpages

  This particular campaign uses inverted images (as the landing page) of the webpage they are trying to imitate. The security defenses receive this page thereby escaping detection. 

 The phishing kit reverses the inverted page to look like the original (using Cascading Style Sheets (CSS) ) for the user. 

 Google Ads

 A pretty neat trick used by phishing campaigns is by misusing Google Ads and Google Cloud Services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud to host phishing pages that look legitimate and surpass secure email gateways.

Android Malware, FakeSpy Spying on Users' Banking Information Acting as Postal Services


A new Android malware, FakeSpy that can potentially steal an individual's banking details, read contact lists, application, and account information along with other personal data, is seen to be spreading across the globe. Earlier, the Android malware was targeting limited regions; the new campaign propagating the malware spreads itself using SMS phishing attacks.

The Android malware was originally discovered in 2017 while it was attacking users in Japan and South Korea, however, now security researchers have identified more potent variants of the malware attacking users in various countries like United States, Germany, France, Taiwan, United Kingdom, and China to name a few.

FakeSpy, labeled as 'the information stealer', is evolving rapidly, undergoing active development that can be seen in the weekly release of new variants of malware with different levels of potential and evasion capabilities.

"The malware authors seem to be putting a lot of effort into improving this malware, bundling it with numerous new upgrades that make it more sophisticated, evasive, and well-equipped. These improvements render FakeSpy one of the most powerful information stealers on the market. We anticipate this malware to continue to evolve with additional new features; the only question now is when we will
see the next wave," Security researchers at Cybereason told.

The tailored attacks are being found to be linked with a financially motivated Korean-or Chinese-speaking cybercriminal group known as 'Roaming Mantis' that had been involved in other similar operations, according to the research carried out by researchers at Cybereason.

FakeSpy is operating with the agenda of making financial gains through stolen credentials and banking information of users, the campaign includes sending postal-themed messages to the targeted user's contacts.

While giving insights into the attack, Assaf Dahan, senior director and head of threat research at Cybereason told ZDNet, "We are under the impression that this attack is what we often refer to as "spray and pray." I don't believe they are aimed at a particular individual, but instead, the threat actors try their luck, casting a rather wide net, and waiting for someone to take a bite."

"We see new developments and features added to the code all the time, so my guess is that business is good for them," he further added.

The lifespan of Phishing Attacks Recorded a Tremendous Growth in H2 2019


Phishing attacks recorded a remarkable surge in H2 2019, the growth has been alarming with the number of phishing websites blockages soaring by 230 percent per year. Earlier, phishers would terminate the fraudulent campaign once their webpages were blocked, however, now they are immediately mobilizing the phishing attack onto other brands. It serves as the main reason as to why the number grew so rampantly.

As the lifespan of phishing attacks increased tremendously, attackers became specific about their target pool and have increasingly targeted online services and cloud storage providers, the primary reason being the huge chunks of sensitive data stored in them that can be downloaded by the attackers to later threaten the victims for a ransom.

Turning towards a diligent attacking method, phishers have improved upon the ways they choose their campaigns and targets – preferring quantity over quality. Client software, e-commerce, online streaming, and delivery services were some online services that contributed to 29.3 percent of the phishers' targets, cloud storages amounted to 25.4 percent while financial organizations made for a total of 17.6 percent, as per the statistics for the last year.

While spotting and preventing the distribution of threats online, a total of 8,506 phishing web resources were blocked by Group-IB's Computer Emergency Response Team (CERT-GIB).

While providing insights on the matter to Help Net Security, Yaroslav Kargalev, CERT-GIB deputy head said, “Several years ago, creators of phishing pages were likely to have some technical background, they created phishing pages, putting much effort into the launch of their campaigns, preventing them from being detected and relentlessly supporting their sustainability....”

“This industry has changed its face — those pioneers no longer create phishing pages, they create tools for operators of web phishing campaigns who do not necessarily have any programming skills, and last year became the culmination of this trend. Since this new generation of phishers is not that experienced in maintaining the web resources viable, the phishing community’s focus has shifted toward the number of scam resources,” he added.

Banking Trojans and cryptocurrency projects have seen a steep decline in their preference amongst cybercriminals. As the functionality of backdoors has continued to expand, spyware and backdoors have stolen the show to reach the number one spot in the popularity rankings with a whopping 35 percent share.

Meghan Markle and Prince Harry's Names Used for Fake Celebrity Endorsement of Bitcoins?


While the Coronavirus pandemic has practically driven people to stay locked up in their homes and spend a lot more (in some cases almost all) of their time online, the possibilities for cyber-criminals have only flourished.

Cyber-security experts have realized this and made a note out of it that everyone knows the kind of danger is lurking in their cyber-world.

From elaborate scams to phishing attacks that target the victim’s personal information, there is a lot of people who need to be cautious about it.

The Cryptocurrency industry is going through a lot due to the current crisis the world is in. The 'crypto-partakers" are being particularly on the hit list with something as attention-grabbing as purportedly “celebrity endorsement”. The latest bait names for this attempt happen to be that of charming Meghan Markle and Prince Harry.

Well-known personalities’ names like Bill Gates, Lord Sugar and even Richard Branson have been misused to lure people in as a part of similar scams. It is not necessary for the people mentioned to belong to a particular industry. They could be anyone famous for that matter.

The scams are so elaborate that once fooled the victims can’t even trace the mal-agent and. The latest scam, per sources, employs a fake report from the “BBC” mentioning how Prince Harry and Meghan Markle found themselves a “wealth loophole”.
Per sources, they also assure their targets that in a matter of three to four months they could convert them into millionaires. Further on, allegedly, it is also mentioned that the royals think of the Cryptocurrency auto-trading as the “Bitcoin Evolution”. It reportedly also includes a fake statement to have been made by Prince Harry.

The overconfident scammers also declare that there is no other application that performs the trading with the accuracy like theirs. Reportedly, on their website, there are banners with “countdowns” forcing people to think that there are limited period offers.

According to researchers this is one of the many schemes desperate cyber-criminals resort to. People not as used to the Cryptocurrency industry and the trading area, in particular, are more vulnerable to such highly bogus scams and tricks that the cyber-criminals usually have up their sleeves.

BEC Scams Cost American Companies Billions!


Business Email Compromise (BEC) scams have surfaced among several US companies and have caused them damage costing along the lines of Billions, mentions a warning of the Federal Bureau of Investigation.

Per sources, BECs are “sophisticated scams” aiming at businesses involving electronic payments encompassing “wire transfers or automated clearing house transfers”. Usually, these scams include a cyber-con penetrating a legitimate business email account via device intrusion procedures.

Once the access has been acquired, the cyber-con is free to deceitfully dive into the email account to obtain funds by sending emails to suppliers, loaded with invoices of modified bank account details.

The hit list mostly consists of organizations that employ cloud-based email services, which makes it easier to go for Business Email Compromise (BEC) scams.

Per FBI, specially engineered “phish kits” with the ability to impersonate the cloud-based email services are used to prompt these scams only to exploit the business accounts and request or mi-sallocate funds.

Sources mention that the Internet Crime Complaint Center (IC3) received numerous complaints over the past years about companies having experienced damages amounting to a couple of Billions in “actual losses” as a result of the BEC scams.

The IC3 focused their attention on the BEC scams right after their number began to multiply rapidly across all the states of America.

The issue allegedly stands in the configuration of the cloud-based services which makes it almost effortless for cyber-criminals to exploit the company’s email accounts.

Obviously most cloud-based services are laden with security measures that intend to block all the BEC attempts. But that depends on the ability of the users to make good use of them. The maximum of these features needs to be enabled and manually configured.

Per sources, what makes these scams dangerous is that any organization, big or small, with kerbed IT resources is vulnerable.

The cyber-cons in addition to having control over the email accounts, usually also retrieve the address books of the exploited accounts to have a list of potential targets. Hence, a single bad apple could affect the entire basket, meaning a single affected organization could have ramifications for the entire business industry.

Phishing Scam: Puerto Rico Government Loses More than $2.6 million



Puerto Rico's government fell for an email phishing scam and unintentionally lost over $2.6 million to cyber-criminals behind the scam, as per a senior Puerto Rico official. It is a government-owned agency whose mission is to drive economic development on the island while working with local as well as foreign investors.

These days, scammers launch thousands of phishing scams like these which resulted in it being a top reported crime to the Federal Bureau of Investigation (FBI), in the past year, as per the IC3 annual report released recently. Some top victims of a similar kind of attack from last year include a Texas school district being scammed for $2.3m, a British community housing non-profit being scammed for $1.2m and Nikkei for a whopping $29m.

On Wednesday a complaint was filed to police, in which Rubén Rivera, finance director of the island's Industrial Development Company confirmed that the money has been sent to a fraudulent account by an unsuspecting employee from Puerto Rico's Industrial Development Company. The officials discovered the incident earlier this week and it was immediately reported to the FBI, according to the statements given by the executive director of the agency, Manuel Laboy to the Associated Press.

However, Laboy did not comment on how the officials came to know about the phishing scam and the aftermath of the incident involving employees being dismissed or how this incident affected the overall operations when the funds went missing. He further told that an internal investigation has been instigated to find out if someone disregarded the set standards and were negligent about the laid out procedures, he also added that the officials at the corporation are attempting to recover the lost funds.

The agency received a fraudulent email claiming that the bank account used by them for remittance payments should not be used anymore for that purpose and it also told the agency that they should transfer the money to a new account that belonged to the criminals operating the scam which agency was oblivious to.

Acknowledging the seriousness of the matter and addressing the criticism from the Puerto Ricans Laboy told, “This is a very serious situation, extremely serious, we want it to be investigated until the last consequences,” “I cannot speculate about how these things might happen,” “It’s a big responsibility.”

The Ascent of Gift Card Scams Leads in the Rise of Amount of Money Being Lost


With the rise of phishing attacks, business email compromise (BEC) campaigns and gift scams bring along with it the rise in the amount of money being lost.

Investigation by researchers at Agari, an email security enterprise, published in the cybersecurity organization's most recent 'Quarterly Fraud and Identity Deception' trends report – found that gift card cheats picked up footing especially during the end of 2019, accounting 62% of all BEC attacks, up from 56% during the previous quarter.

These attacks frequently include cybercriminals assuming control over business email accounts and utilizing a 'stolen identity' to email others in the association to demand the acquisition of gift cards. A common tactic is to act like somebody in the management requesting an employee to help them out – in light of the fact that by and large, the employee won't scrutinize a solicitation that is apparently coming from their boss.

The 'run-up' to the holiday season simply presented the criminals with the ideal chance to go ahead with their gift- card attacks, as they could easily do with the solicitation being framed as that for Christmas presents. The normal sum mentioned in gift-card attacks has risen somewhat to $1,627, with the base sum tending to come in at $250. In some progressively ambitious cases, cybercriminals have requested gift cards worth $10,000 to be transferred – by focusing on employees over different departments simultaneously.

Criminals are pulled in to BEC attacks since they end up being fruitful and they're easy to carry out. In any case, associations can go far to forestalling phishing and other email-based attacks from being successful by implementing additional security on accounts, very much like the multi-factor authentication, as well as human-level 'checks- and balances'.

As per, Crane Hassold, senior director of threat research at Agari, "Gift cards have become the preferred method of cashing out for a number of reasons. First, it makes everyone at any company the potential target of a BEC attack, not just the finance and HR departments. We've seen campaigns that have targeted 30-40 employees at a single company at one time in gift-card BEC scams,"

The value of the gift cards mentioned may show up small when considered individually, yet the total costs add up, particularly given how the attacks remain so fruitful and simple to cash out.

The most widely recognized solicitations are for gift cards for Google Play and eBay, very closely followed by Target, iTunes, and Walmart. Best Buy, Amazon, Steam and the Apple Store additionally make for some very well-known requests.

Cyber Criminals Stealing Customer Data By Tricking Bank Employees


Kaspersky Lab experts described a recently discovered method of corporate phishing. Attackers send an employee or organization email inviting them to pass an assessment of knowledge and skills on the fake HR portal. To do this, the victim is asked to log in to the site using a working username and password. The potential victim has the impression that it is a mandatory procedure, for the successful passage of which he will receive a monetary reward.

According to the senior content analyst of Kaspersky Lab Tatyana Shcherbakova, in this way, fraudsters get access to corporate mail, which may contain personal data of customers.

Employees of large banks are regularly trained, tested and certified, so they can take a fake invitation for a real one. For this reason, the new phishing method threatens to take on a massive scale.

According to analyst Anton Bykov, at the moment several thousand corporate accounts could already be hacked.

Sergey Terekhov, director of the Technoserv information security competence center, noted that in this case, the employees of the credit departments of banks, in whose mailbox client profiles are stored, are in the risk zone.

At the same time, Denis Kamzeev, head of the information security department of Raiffeisenbank, stressed that all emails in the financial institution are checked through anti-spam and anti-virus and blocked in case of suspicion.

VTB, in turn, said that they delimit access to customer information for employees and keep records of employees who have access to confidential information.

Arseniy Shcheltsin, CEO of Digital Platforms, noted that this type of social engineering is tied directly to a person, not to technology. "Therefore, regardless of security systems, a person can always give a login and password from the mail to attackers."

Phishing Attacks: Via Scraping Branded Microsoft Login Pages!


Phishing Attacks: Via Scraping Branded Microsoft Login Pages!



The latest phishing attack attacks using the targets’ company-branded Microsoft 365 tenant login pages just to make it look more believable.

Microsoft’s Azure Blob Storage and the Azure Web Sites cloud storage solutions are also under usage for finding solutions to host their phishing landing pages.

This helps the users think that they’re seeing a legitimate Microsoft page. This aids the cyber-con to target Microsoft users and get their services credentials.

This phishing campaign is mostly about scraping organizations’ branded Microsoft 365 tenant login pages just to fool the targets.

The above observations were made as a part of s research of the Rapid7’s Managed Detection and Response (MDR) service team, say sources.

The cyber-criminals actually go through the list of validated email addresses before they plan on redirecting the victims to the phony login pages.

They put up actual looking logos of the brands that they want to copy and that’s what helps them to scrape the tenant login page.

In case the target organization doesn’t have a custom branded tenant page, the phishing kit is designed to make use of the default office 365 background.

The same campaign’s been launched at various different companies and organizations including in financial, insurance, telecom, energy and medical sectors.


There are several points at hand that hint at the phishing campaign still being active. In fact someone may be updating it for that matter at different times.

The “phisher” behind the campaign could easily be exploiting the “Lithuanian infrastructure”.

Besides the using the phony Microsoft phony page and stealing credentials the campaign also is up for exploiting cloud storage services.

For landing page hostings also, the campaign works perfectly. Phishing kits were discovered in April this year.

IPFs gateways were also abused by phishing attempts by using TLS certificates issued by Cloudflare, last year in October.

Per sources, the following advises and measures should be taken at once by organizations using the Microsoft office 365:
·       Multi-factor authentication via Office 365 or a third party solution for all employees.
·       Enrolling staff in phishing awareness training programs.
·       Training to help the employees spot and report phishing attacks.

Amazon Prime Day A Cyber Attack Target?




Researchers discover that the upcoming Amazon Prime Day sale is said to bring about hackers setting up a variety of Prime Day-related tricks intended to fool users into giving up their sensitive data.

Utilizing an 'Amazon Phishing Kit' the hackers can ship out malignant emails that have all the earmarks of being sent from Amazon, consisting of links that direct the victims to a fake Amazon login page.

As reported by Wired, shopping occasions like Prime Day stand for an easy-to-access opportunity for scamsters hoping to hoodwink victims into forking over their own information.

Crane Hassold, threat intelligence manager at the digital fraud defense firm Agari told Wired, 'Cybercriminals take advantage of popular, highly visible events when consumers are expecting an increased frequency of emails, when their malicious emails can hide more easily in the clutter,'

As indicated by security researchers from McAfee, scammers can make an email that seems like it's originating from a real organization, while utilizing a pack called 16Shop.

The biggest risk for the users is their credit card information, birthdays, addresses, and even social security numbers. The kit was initially intended to target Apple users, however as indicated by researchers, Prime Day appears, by all accounts, to be hackers' current target.

To avoid from being misled, analysts suggest investigating emails sent by Amazon with additional thoroughness and ceasing from following links to enter login data sent through email.

Just making a decision about an email by whether the address it's sent from is never again adequate state security analysts, since even emails can be faked. Instead, it's ideal to go legitimately to an organization's page by entering a URL into your address bar and afterward continue from that point.

Amazon Prime Day takes will take place on July 15 and 16.

Gamers’ Google and Facebook Credentials Unsafe; Android’s “Scary Granny ZOMBYE Mod: The Horror Game” To Blame!






A horror game from Android which has more than 50,000 downloads to its name. The Scary Granny ZOMBYE Mod: The Horror Game showed malicious behavior and is allegedly stealing users’ credentials after they log into their accounts.

The game is specifically designed to hoard downloads from the success of another Android game dubbed “Granny” with 100 million installs as of now.

After the researchers informed Google about the game’s phishing and siphoning abilities, the fully functional game was taken down from the Google Play Store.

A prominent research team realized that the game wouldn’t exhibit any malicious activity up to 2 days to steer clear of security checks.

It would turn in its data-stealing modules lest it were being used on older Android versions with users with new devices which run up to date.

Quite obviously it starts asking for permissions to launch itself on the smartphone or tablet and tries to gain the trust of the users.

Even after the Android users reboot their systems the game still shows full-screen phishing overlays.

Firstly it shows “a notification telling the user to update Google Security Services” and the moment they hit ‘update’ a fake Google Login page appears which looks almost legitimate except for the incorrectly spelled “Sign in”.


Scary Granny, after stealing the users’ credentials it will go on to try to harvest account information like recovery emails, phone numbers, verification codes, DOBs and cookies.

Obfuscated packages are other ways of mimicking official components of the Android apps. For example, com.googles.android.gmspackage attempts to pass itself as the original com.google.android.gms

The Scary Granny would also display some really legitimate looking ads from other prominent applications like Messenger, Pinterest, SnapChat, Zalo or TikTok.

The malicious horror game would make it appear that apps like Facebook and Amazon were actually open when actually they are only ads pretending to be actual applications.

In one of the cases the researchers tried out, the ad directed the user to a page which Google blocked flagging it as being deceptive which clearly implies that it hosts malware or a phishing attack.

After connecting with an ad network by way of com.coread.adsdkandroid2019 package, the ads would get distributed to the compromised Android devices.

At the end, to maximize the profit for its creators, the Scary Granny would try to wrest money form the users by asking them to pay for their playing privileges via a “pre-populated PayPal payment page”.