Scammers use Google Translate to create spoof login pages
A clever use of Google Translate fools victims into believing spoofed authentication requests are being handled by Google itself.
Compromising credentials are the number one staple in any cybercriminal’s book of activities, according to the Verizon Data Breach Investigation’s Report. A new phishing scam uses Google Translate to hide spoof logon pages when asking a user for their Google credentials. The user is sent a supposed Google Security Alert about a new device accessing their Google account with a “Consult the Activity” button to find out more.
The user is then taken to a spoofed Google logon page (shown below).
Random text in the URL
The kicker is that instead of seeing the mediacity.co URL, the cybercriminals use Google Translate to display the page, ... Read More
Scammers using hijacked GoDaddy domains to launch large-scale spam campaigns
GoDaddy took steps in January, 2019 to address the authentication flaw exploited by the attackers, according to Brian Krebs. Krebs first reported on the authentication weakness on January 22nd, when he outlined two massive spam campaigns during 2018 that were very successful at getting into people’s inboxes. Their success was due to the fact that the emails were sent through trusted but dormant domains, many of which were registered and owned by Fortune 500 companies.
Anti-spam researcher Ron Guilmette discovered that nearly all of these domains had used GoDaddy’s DNS service at some point. The scammers had realized that they could add domains to their GoDaddy accounts without proving that they owned the domains. GoDaddy quickly addressed the ... Read More
August 15, 2024Mark Anthony Germanos
Social engineering on Wikipedia
Social engineering scammers are selectively editing Wikipedia pages. These lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the SpyEye banking Trojan was changed in mid-December to include a typo-ridden paragraph which claims that only three tech companies can remove the malware, and that “Best buy, Geek squad, Office Depo will not be able to fix it at all.” <sic>
VandenBrink says that the scammer made these edits to convince victims that “only we can help you fix this (fake of course) infection you have on your computer.” The edit history of the Wikipedia user who made the changes shows that the account made similar edits to the “Macro virus” Wikipedia page, ... Read More
August 14, 2024Mark Anthony Germanos
In-house phishing tests identify at-risk users
As compliance mandates and consumer privacy laws get tougher, businesses are taking matters into their own hands, launching internal phishing attacks to identify at-risk users.
Phishing remains a profitable tactic for cybercriminal organizations. The ability to gain access to internal systems, compromise credentials, or convince a user to wire money is well within the cybercriminals reach, accomplishing these attack results and more on a daily basis.
Organizations like UNC Health Care in Chapel Hill, NC receive over 91 million suspicious emails a every quarter, with a little more than 8 million still getting past security scanners. Even with 30,000 employees, that still represents an average of about 4 phishing emails a day per user.
University of North Carolina sends 3,000 phishing tests a ... Read More
August 14, 2024Mark Anthony Germanos
Sextortion is the newest cyber crime
Sextortion scam emails are circulating. They claim that a popular adult site has been hacked, allowing an attacker to record videos of you through your webcam, according to Lawrence Abrams at BleepingComputer.
The attacker claims that these videos will be sent to all of the victim’s contacts unless the victim pays the equivalent of $969 to the attacker’s Bitcoin address. The emails also include a victim’s old password obtained from a past data breach in an attempt to frighten the victim.
Victims
Additionally, some of the emails contain links, supposedly leading to sample videos of the victim as proof of the attacker’s claims. These links have been known to install malware, such as ransomware, in past campaigns.
BleepingComputer observes that the Bitcoin address in ... Read More
August 14, 2024Mark Anthony Germanos
Phish attack meeting requests
A widespread phishing campaign is targeting executives across a number of industries. The messages ask to reschedule a board meeting in an effort to steal logins and passwords.
Spotted by researchers at security firm GreatHorn, the phishing messages spoof the name and email address of the CEO of the company being targeted and uses a subject line including the company name and a note about the meeting to gain the attention of potential victims. Users are more likely to fall for attacks they believe to come from their boss.
The contents of the phishing email is simple: it says a board meeting has been rescheduled and asks users to take part in a poll to choose a new date.
Office 365
If users click the link, they're taken to a ... Read More
August 13, 2024Mark Anthony Germanos
Late last month, Daniel R. Coats, Director of National Intelligence reported on Threats to US national security gave the 40,000 foot view of cyber threats. I'm quoting them here.
Summary of Cyber Threats
China and Russia are more aligned than at any point since the mid-1950s, and the relationship is likely to strengthen in the coming year as some of their interests and threat perceptions converge, particularly regarding perceived US unilateralism and interventionism and Western promotion of democratic values and human rights.
As China and Russia seek to expand their global influence, they are eroding once well-established security norms and increasing the risk of regional conflicts, particularly in the Middle East and East Asia.
At the same time, some US allies and partners are seeking greater ... Read More
August 13, 2024Mark Anthony Germanos
Phishing attack uses DocuSign
Here is a brilliant new social engineering phishing scam that you may have already seen. It will sail through all your spam / malware filters and email protection devices, because it's entirely legit by using the Docusign infrastructure. Prime example of an info grabbing phishing attack that does not use a malicious payload.
Easy money?
Clicking on the yellow "Review Document" button gets you to—again an entirely legit—Docusign page, which requires you to fill out the form as per the normal process. I broke it up in two parts. The top half is more or less normal for a loan application. But wait, the second half really takes the cake.
Looking for financial information
Continuing to fill out the form allows the bad guy to completely steal the ... Read More
August 12, 2024Mark Anthony Germanos
Gift cards new vector in CEO fraud
January 29 saw the arrival of yet another interesting variant of the gift card phishing campaigns that have become more common this year (see below). Today's email demonstrates that bad guys are actively adapting and evolving their pitch into CEO fraud.
There are couple interesting things going in this new gift card phish:
The bad guys work to establish a credible pretext ("incentives" for staff) -- something they've been getting better at recently.
They explicitly request confidentiality -- another tactic we've been seeing more of recently.
They're getting really greedy -- $4000 total in gift cards, the largest request we've yet seen (most requests in these gift card phishing schemes range from $500-$2000).
But there's something else very significant going on here, ... Read More
August 12, 2024Mark Anthony Germanos
Conversation with a Mac and security expert RE: malware
We need to have a conversation about Macs, says TJ Letourneau of VIPRE Security. I’ve been a long-time fan of Mac. In fact, my first personal Mac was a Power Mac G5 and I absolutely loved that device. So much so that when I had to evacuate my home due to a hurricane…I brought it with me! Yeah, it was like that. Some call it the greatest love story ever told.
With my love of the Mac in mind, I feel that the time has come to discuss the state of Macs today and some of the preconceived notions around their security and security needs. Specifically, I want to discuss malware-related security, for Mac devices.
“Macs are Completely Safe, ... Read More
August 11, 2024Mark Anthony Germanos