Jump to content

Search the Community

Showing results for tags 'scammers'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 7 results

  1. We need to social-distance from the scammers One economic activity that’s thriving during the coronavirus pandemic is hacking. Hackers always follow the money — and they aren’t about to let a worldwide crisis stop them. jongho shin / casarsaguru / Getty Images For hackers who target Windows, the coronavirus pandemic is like Christmas come early. But what’s good news for them is bad news for you, piled onto all the other bad news wrought by the pandemic. Undeterred by the crisis — indeed, spurred to new heights by it — hackers have been coming up with a host of devious ways to use your natural fears in order to infect your Windows PC with malware and ransomware. How bad is it? The security company Malwarebytes calls the pandemic “a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria — all while compromising victims with scams or malware campaigns.” The hackers bent on doing this range from individuals looking to make as much fast money as possible to governments targeting their adversaries. Malwarebytes notes that government-sponsored hackers from China, North Korea, Russia and Pakistan are exploiting coronavirus fears in order to spy on their enemies. The group APT36, believed to be sponsored by Pakistan, uses spearphishing to trick people worried about the health of their loved ones into downloading a malicious Microsoft Office document that then infects a Windows machine with a remote administration tool (RAT) that lets hackers take control of the computer. The email purports to be an important health advisory about the novel coronavirus, and the downloaded document claims to be an advisory as well. The documents are almost laughably illiterate, containing sentences such as, “The outbreak of CORONA VIRUS is cause of concern especially where forign personal have recently arrived or will be arriving at various Intt in near future.” But while the hackers’ grasp of English may be weak, their hacking bona fides are strong. The document drops a RAT on the victim’s machine, which can then steal private information, capture live screenshots and send it all back to hackers. It’s not just government-sponsored hackers who are using coronavirus fears to hack into Windows machines. Forbes notes that millions of people in the U.S. and beyond have been getting similar coronavirus emails. The United Kingdom’s National Cyber Security Centre, part of the U.K.’s spy agency, warns that “criminals are exploiting coronavirus online—as cyber criminals seek to exploit COVID-19.” The World Health Organization cautions that cybercriminals have been sending emails purporting to be from it — emails that can infect people’s machines if their links are clicked upon or their attachments downloaded. Similar emails claim to be from the U.S. Centers for Disease Control and Prevention. Entire industries are under attack from hackers using these types of Windows-based coronavirus scams and hacks. The security company Proofpoint found that coronavirus-themed ransomware and Trojan cyber-campaigns have targeted U.S. healthcare, manufacturing and pharmaceuticals industries. Proofpoint warns, “To date, the cumulative volume of coronavirus-related email lures now represents the greatest collection of attack types united by a single theme that our team has seen in years, if not ever. We’ve observed credential phishing, malicious attachments, malicious links, business email compromise (BEC), fake landing pages, downloaders, spam, and malware, among others, all leveraging coronavirus lures.” As millions of people have started working from home for the first time because of the need to minimize time spent out in the world, hackers are directly exploiting that as well. Many businesses allow their at-home workers to remotely access enterprise data and resources using Microsoft’s Windows Remote Desktop Protocol (RDP), which has proved to be notoriously insecure. The security company Radware warns, “While RDP can be a very effective tool to let users quickly connect to a remote desktop and perform their daily tasks from home, threat actors have been known to leverage RDP as an attack vector for ransomware campaigns. It gained traction in 2018 and by Q1 of 2019, it was by far the most preferred infection vector for ransomware.” As a result, the company warns, RDP is one of the most dangerous Windows attack vectors being used by coronavirus hackers. If all this weren’t bad enough news for Windows users, coronavirus hackers have come up with a particularly insidious attack using phony coronavirus maps that claim to show the extent of the virus’s spread across the world. The Next Web reports that “hackers have found a way to use these dashboards to inject malware into computers.” They design websites that look like maps and dashboards tracking the coronavirus, and prompt people to download an app that will track it. That download, though, contains Windows malware used to steal private data. Microsoft is well aware of all these hacks and is doing what it can to protect against them. It recently announced that, starting in May, it would halt all normal monthly Windows updates so it can focus instead on security updates. Microsoft explained its decision this way: “We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates.” In addition to that, Microsoft has extended support for Windows 10 Enterprise 1709 and Windows 10 Education 1709 by six months, to Oct. 13, from its original end date of April 14. That means it will continue to issue security patches for it. But by itself, Microsoft can’t protect you and your company from coronavirus scams. Just as you need to follow health protocols such as social distancing and rigorous hand washing to protect you and others from the coronavirus, you need to follow cybersecurity protocols for protecting your machine, and the machines of others, from coronavirus malware. That means updating all of your software with the latest security patches, particularly for Windows and Office. It means not clicking on email links or downloading files unless you are absolutely sure not only that you know who sent it, but also that the sender is reliable and has a machine that hasn’t been infected. It means making sure your company has the latest security patches installed and trains all employees in cybersecurity. Do those things, and you’ll be able to fight coronavirus hackers, much as you are fighting the coronavirus itself. Source: We need to social-distance from the scammers (Computerworld - Preston Gralla)
  2. Actively exploited bug in fully updated Firefox is sending users into a tizzy Fraudulent tech-support sites cause Firefox to freeze while displaying scary message. Enlarge Jérôme Segura 104 with 63 posters participating, including story author Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked. The message, which appears without any user interaction upon visiting a site, reads: Please stop and do not close the PC... The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety. The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled. Below is a GIF showing the attack flow: Jérôme Segura The attack works on both Windows and Mac versions of the open source browser. The only way to close the window is to force-close the entire browser using either the Windows task manager or the Force Close function in macOS. Even then, Firefox will reopen previously open tabs, resulting in an endless loop. (Update: as a commenter pointed out, restore tabs is turned off by default.) To resolve the problem, users must force-close Firefox and then, immediately upon restarting it, quickly close the tab of the scammer site before it has time to load. Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites, including d2o1sv4d11x6bc[.]cloudfront[.]net/firefox/index.html. He said the offending code on the site was written specifically to target the browser flaw. Enlarge Jérôme Segura On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. Firefox representatives couldn't immediately provide information on the status of the bug. Firefox is hardly alone in having bugs that cause the browsers to hang indefinitely while displaying a confusing or scary page. Chrome has had its share of similar flaws, which have also been exploited in the wild. Google developers have since fixed both of them. The exploit spotted by Segura is a common subclass of browser lock attacks. This subclass relies on authentication popups. Earlier this year, Mozilla shipped a comprehensive fix for these types of attacks some 12 years after being reported. Chrome and other browsers have also been vulnerable to this variety of attacks. Segura said he's aware of a separate Firefox browser lock bug that remains unfixed two years after it was reported. Although it was actively exploited in the past, Segura said, he hasn't seen any recent attacks targeting the flaw. For many people, it's not clear what to do when a browser becomes unresponsive while displaying a scary or threatening message. The most important thing to do is to remain calm and not make any sudden response. Force quitting the browser can be helpful, but as Segura has found, that fix is far from ideal since the offending site can reload once the browser is restarted. Whatever else people may do, they should never call the phone number displayed. Source: Actively exploited bug in fully updated Firefox is sending users into a tizzy (Ars Technica)
  3. Criminal hackers make a lot of money targeting businesses and institutions of all kinds with phishing attacks that lead to compromised business email. While crooks may have an array of systems in place to launder the funds they steal, researchers have noticed that so-called business email compromise scammers are leaning more and more on the humble gift card. At the RSA security conference in San Francisco next Tuesday, researchers from the email defense firm Agari will present detailed findings on a Nigerian scam group the company has dubbed Scarlet Widow. Agari researchers have monitored the group since 2017, and have tracked its prolific activity back to 2015. Scarlet Widow mostly focuses on targets based in the United States and the United Kingdom, dabbling in a number of types of fraud like tax scams, property rental cons, and especially romance scams. But over the past couple of years, the group has been perfecting its business email compromise efforts, known as BEC for short. The group has particularly targeted medium and large US nonprofits that are often equipped with less advanced defenses. Recent targets include the Boy Scouts of America, YMCA chapters, a midwestern Archdiocese of the Catholic Church, the West Coast chapter of the United Way, medical groups, antihunger organizations, and even a ballet foundation in Texas. "With most BEC attacks, a vast majority of employees that receive them would know they're scams," says Crane Hassold, senior director of threat research at Agari who previously worked as a digital behavior analyst for the FBI. "But it only takes a very small number of successes to make it very profitable." Charity work Between November 2017 and this month, Agari observed Scarlet Widow targeting 3,483 nonprofits and 5,581 individuals related to nonprofits. Similarly, the group targeted 660 education-related institutions and 1,815 associated individuals. Over the same period of time, the group also targeted 1,505 tax-related organizations and 9,592 individuals as part of tax prep cons. BEC relies on access to an organization's email. In practice, this can mean that scammers send carefully tailored emails from seemingly legitimate accounts of a business to coworkers, perhaps touting a fictitious initiative within a firm. Attackers can also use malware hidden in an email attachment or a malicious phishing link to gain access to an organization's networks, do reconnaissance on what the group is working on and might need, and then approach them from the outside with fictitious business propositions. Agari says that Scarlet Widow is organized much like a legitimate sales and marketing operation, with coordinated teams working on different aspects of the scams, and internal support to generate leads, distribute scam emails, create aliases, and generate fake documents as needed. But the group's most recent innovation involves tailoring certain scams so they now culminate with requesting gift cards instead of wire transfers. This trend is on the rise among scammers, both for individual targets and organizations. The Federal Trade Commission reported in October that 26 percent of people who report being scammed in 2018 said they bought or reloaded a gift card to deliver the money, up from 7 percent in 2015. The FTC says gift card-related losses reported to the agency totaled $20 million in 2015, $27 million in 2016, $40 million in 2017, and $53 million in the first nine months of 2018 alone. "Con artists favor these cards because they can get quick cash, the transaction is largely irreversible, and they can remain anonymous," Emma Fletcher, a fraud specialist at the FTC, wrote in the October report. If scammers can convince victims to buy gift cards—and send them photos of the physical cards or screenshots of the digital codes—they don't need to rely on middlemen to receive wire transfers and initiate the process of laundering money. Instead, they can use online marketplaces to buy cryptocurrency with the gift cards. Agari observed that Scarlet Widow particularly uses the US peer-to-peer marketplace Paxful to buy bitcoin with gift cards. Then they move the bitcoin from a Paxful wallet to a wallet on the cryptocurrency platform Remitano, where they can resell it with a bank transfer. Grift cards Scarlet Widow generally requests Apple iTunes or Google Play gift cards. The FTC notes that other scammers prefer these cards as well, though some will ask for cards to stores like CVS, Walmart, Target, or Walgreens. Though it may seem difficult in a business environment to trick people into paying for services in gift cards, scammers have developed narratives that make the suggestion fit. Around the holidays, for example, Hassold says that Scarlet Widow, posing as a third-party contractor, will claim they need gift cards for end-of-year employee gifts. One Scarlet Widow scammer played to a sense of urgency: "Ok I am in the middle of something and I need Apple iTunes gift cards to send out to a supplier, can you make this happen? If so, let me know if you can get it now so I can advise the quantity and domination to procure." Nothing beats gift cards for speed. In an August 2018 scam Agari analyzed, Scarlet Widow targeted an Australian university, and tricked an administrator into buying and sending $1,800 worth of iTunes gift cards. (The victim thought the request came from the head of the university finance department.) Scarlet Widow then sold the cards on Paxful and converted the bitcoin to cash, all within 139 minutes. Gift cards take a lot of the difficult and dangerous work out of money laundering, but they also have their downsides. For one thing, iTunes gift cards can fluctuate from 80 cents down to 40 cents on the dollar when you convert them on cryptocurrency on platforms like Paxful. It's also difficult to craft narratives that will trick people into buying more than a few thousand dollars' worth of gift cards at a time. If a scammer is looking to swindle a business out of tens of thousands of dollars in one operation, they'll likely still need a wire transfer. Though it may not have quite the hacker mystique of a more technical-sounding attack like cryptojacking, business email compromise is one of the main practical threats to organizations today. Note that the same measures that can help avoid wire-transfer scams—like requiring multiple employees to review and sign off on payments—apply to gift card scams as well. source
  4. The number of robocalls to US consumers increased massively last year. Consumers in the US received a whopping 26.3 billion robocalls in 2018, which was 46 percent more than that the total number of robocalls in 2017, according to Hiya, maker of a caller ID app. The company estimates that people received on average 10 unwanted calls per month and that 25 percent of all robocalls are scams. The top three categories of unwanted calls in the US include general spam, fraud and telemarketing. The Federal Communications Commission (FCC) has outlined plans to combat the problem of robocalls in the US. FCC chairman Ajit Pai in November fired off a letter to carriers demanding that the industry implements a call-authentication system by this year. The system aims to combat caller ID spoofing. He's pushing carriers to immediately adopt the Signature-based Handing of Asserted Information Using Tokens (Shaken) and the Secure Telephone Identity Revisited standards. Carriers would then 'sign' calls originating from their network, which would be validated by other carriers before reaching a phone. According to YouMail, another robocall-blocking service, the situation in 2018 was even worse, with the company last week reporting an estimated 47.8 billion robocalls in the US last year. Robocalls in 2018 were up 56.8 percent from the estimated 30.5 billion robocalls in 2017. Its data found that 37 percent of all robocalls were scams related to health insurance, student loans, easy money scams, tax scams, travel scams, business scams and warranty scams. The remaining 60 percent of robocalls were legitimate, including telemarketing calls, reminders and alerts. The FCC and the Federal Trade Commission both cite unwanted and illegal robocalls as their top source of complaints. The FTC received 7.1 million consumer complaints about robocalls in 2017, up from 5.3 million in 2016. The FCC says it gets about 200,000 complaints each year. The number of robocalls have increased over the years despite over 200 million US consumers have registered on the Do Not Call Registry. Hiya's research sets out the US area codes most targeted by spammers. Source
  5. Scammers are targeting American Express users’ financial details through spoof emails along with attached phishing form. The email scam states that there is a security issue with the credit card and asks for personal information to be submitted through an attached form. A phishing email scam faking to be from American Express is targeting users’ sensitive information by stating that there is a security issue with their credit card. The email scam asks users their personal information through an attached form and prompts the users to create new login credentials. Modus Operandi These phishing email scams are observed to have subjects such as ‘Notice Concerning your CardMember Account’, ‘Reminder - We've issued a security concern (Action Required)’, and ‘REMINDER: A concern that requires your action’. The email message states that at the time of report analysis, we encountered errors, therefore we mandate you to confirm your on-file records with us through the attached safe fillable web form. The attached fillable form asks for details such as users’ online account credentials, card number, security code, expiration date, mother's maiden name, mother's birth date, birth year, first elementary school name, and security pin. It then prompts the victims to create new login credentials. An example of the phishing email observed by Myonlinesecurity can be seen below. “Primary Cardmember Message We are writing to let you know that there is a recent security report for your American Express Account(s). At the time of report analysis, errors were encountered. In view of this, We mandate that you confirm your on-file records with us. You are to A safe attaced fillable Web form is sent with this message. *See attached form, download and open to continue. Thank you for your continued card membership, American Express Customer Service” Once the victims submit the form with their personal details, the collected information is then sent to the scammers. The users are then redirected to the legitimate americanexpress.com page that states "Thank you for your feedback." It is to be noted that these emails are sent out from mail domains that are based on the "American Express" keyword such as [email protected][.]com, [email protected][.]com, and [email protected][.]com. How to stay safe from such scams? It is important for all internet users to be aware of such phishing scams and follow certain standard security practices to protect their online accounts. It is to be remembered that companies especially financial organizations do not request personal information through email or on call. In case if you receive any such email that contains links to sites and asks for your personal information, then it might be a scam, therefore it is recommended that you contact the organization to confirm the email. source
  6. It is assessed that by right on time one year from now, almost 50 percent of the considerable number of calls you get on your cellphone will be robocalls. A month ago alone, in excess of five billion robocalls were made. Legislators a week ago proposed bipartisan enactment to fine trick robocallers up to $10,000 per call; and the FCC is requesting broadcast communications organizations spread out their plans to meet new models, with the goal that trick calls can be recognized and ceased. CBS News asked real organizations what they're doing to stop illicit robocallers and one, T-Mobile, offered to demonstrate us. T-Mobile's projects to stop robocalls start in a lab stuffed with PC servers. "This is the place we test everything that we put into our system," said organization VP Grant Castle. From that boisterous room came T-Mobile's Scam ID program. It alarms clients to issue calls they won't have any desire to get. "Despite the fact that the guest will utilize a telephone number near mine, regardless i will know it's a trick," Castle told journalist Anna Werner. "I realized the telephone number, I could see it was a trick, so I can send it away." Manor trusts T-Mobile is in front of its rivals, and the robocallers. "Each time we make an enhancement, the con artists roll out an improvement. Thus, it's a weapons contest to see who can trap who," he said. Also, the weapons contest is raising: "The con artists are attempting new innovations, better approaches to trick individuals. In this way, we're increasing our innovation to stay aware of them." Clients can utilize the Scam ID highlight to screen new calls, or square them totally. What's more, this week, T-Mobile is propelling another application, Name ID, that will enable clients to pick the kind of call they need to square – everything from disturbance calls, to political or philanthropy calls, even jail calls. "With this new application, clients have better authority over what they might want to see, and what they would prefer not to see," said Castle. In any case, the FCC is likewise pushing organizations to meet new norms known by the acronym SHAKEN/STIR. (SHAKEN = Signature-based Handling of Asserted data utilizing toKENs. Blend = Secure Telephone Identity Revisited.) They would enable transporters to check calls with an advanced unique mark, to demonstrate that the individual deciding and the individual getting the call are who they say they are, not a trickster attempting to "parody" or emulate a telephone number. Château stated, "The standard is basically, two administrators have endorsements or tokens that they trade with one another in each call, and pretty much it just says I am my identity." T-Mobile says it's prepared, and other real bearers say they're dealing with it. Yet, others obviously are not: in letters the FCC asked them for what good reason not, and gave every one of the 14 organizations until today to detail their plans to the office. As FCC executive Ajit Pai told "CBS This Morning" in March, "For those things that are inside our power, we're seeking after them forcefully." In any case, all together for that intend to work, all bearers need to get on board. What's more, industry master Aaron Foss stated, regardless of whether that occurs, "con artists will go where they can discover unfortunate casualties." Foss established Nomorobo, a robocall-blocking application for telephones. He says those new SHAKEN/STIR models are great, to a limited degree. "In any case, what it doesn't do is, it doesn't state if that call is legitimate," said Foss. "It doesn't say anything in regards to the substance. It just says that that number is permitted to be called. In this way, it will stop what is called 'neighbor mocking,' however it's in no way, shape or form going to take care of the entire robocall issue." Which is the reason Foss says Nomorobo takes a "publication" way to deal with robocalls – blocking them altogether. "A ton of alternate contenders are naming it or saying things like 'spam likely,' 'trick likely,' 'telemarketer.' We realize that customers simply don't need the telephone to ring, and that is what we're doing," said Foss. Nomorobo and T-Mobile's Name ID application both have a little month to month expense. CBS News contacted every one of the 14 telephone bearers that got a letter from the FCC. The lion's share reacted and said they will tell the FCC today what they are getting ready to do to receive the new call confirmation framework in 2019. Regardless of whether the transporters will all have the capacity to convey the framework in 2019 stays to be seen. Source: CBSNews
  7. Online swindlers looking for a quick buck are using a domain that can be easily confused with a voter information website to redirect users to pages pushing various types of scams. With the US midterm elections on November 6 and English comedian John Oliver promoting the website on his show last week, visits to VOTE411.org increased significantly. Top-level domain confusion The boost in popularity during this period draw the attention of online scammers who used the .com version of the original domain to point visitors from macOS and iOS platforms to pages showing fake malware infection alerts. The scammers attempt to take advantage of the users that do not pay attention tot he TLD (top-level domain) detail and instead of adding .ORG at the end of the domain name they go with the more popular .COM. This is the classic technical support scam where the victim is supposed to call a number to receive paid assistance in removing the threat. Pretending to be part of a popular company's support staff the scammers' purpose is to trick the victim into paying for fake services. Amanda Rousseau of Endgame discovered the VOTE411 scam and recorded the redirects coming from the .com variant. The alert that pops up on the screen says that the iPhone is infected with the Pegasus spyware (known as the creation of the Israel-based company NSO Group) and provides a phone number for assistance. The fraudsters have set up multiple redirects, some of them for pages specifically designed for iOS users. Lukas Stefanko of ESET also analyzed the scam and says that it does not attempt to deliver a binary. "Most of the time, it leads people to SMS subscription or to lure credit card details," he replied to Rousseau. He added that when he loaded the website on an Android device he received a localized version of the scam that enticed the user with the opportunity to win a $6.5 million jackpot. It is easy to confuse the name of a domain and land on a dangerous page. The typical recommendation when a website shows alerts about your system being infected with malware is to close it immediately. Source
  • Create New...