Search This Blog

Showing posts with label Email Fraud. Show all posts

Iran’s Atomic Energy Organization Confirms E-mail Hack

 

The Atomic Energy Organization of Iran (AEOI) has confirmed that an anonymous “foreign country” has hacked an e-mail server belonging to one of its subsidiaries and allegedly published the information online, as per reports. 

The Iranian threat actor, named ‘Black Reward’ in a statement posted on his Twitter handle says that it has released the hacked information relating to Iranian nuclear activities. The hackers describe their action as an act of support for the Iranian protesters. 

The said protests continue in Iran after the death of Mahsa Amini (22-year-old) in September, who apparently died in police custody for not following the strict Islamic dress protocol of the country. The violent protest and street violence resulted in several deaths of protesters, along with that of security force staff. Furthermore, hundreds of demonstrators have allegedly been detained. 

A statement published by the Black Reward on Saturday showing support for the protests, read “In the name of Mahsa Amini and for women, life, and freedom.”  

The hacking group threatened the Iranian state to leak the hacked documents of Tehran’s nuclear program if they would not release all the prisoners and people detained in the protests, within 24 hours. Additionally, the group demands the release of political prisoners, claiming to have leaked 50 gigabytes of internal emails, contracts and construction plans relating to the country’s Russian-sponsored nuclear power plant in Bushehr, publishing files on its Telegram channel. 

According to the statement shared by the hacking group, the released information includes “management and operational schedules of different parts of Bushehr power plant,” passport and visa details of Iran and Russia based specialists working in the power plant and “atomic development contracts and agreements with domestic and foreign partners.” 

Although the atomic energy organization’s general department of public diplomacy and information denied the relevance of the released data, stating “this move was made with the aim of attracting public attention” 

“It should be noted that the content in users’ emails contains technical messages and common and current daily exchanges […] It is obvious that the purpose of such illegal efforts, which are carried out of desperation, is to attract public attention, create media atmospheres and psychological operations, and lack any other value,” the organization confirmed.

Five Important Tips for Keeping Your Email Safe

 

Whether it’s on our smartphones or desktops – we can’t really function today without scanning our emails on a daily basis. However, we often undermine the hacker's abilities and think we're immune to scams. take the privacy and security of our inboxes and emails for granted. 

Email scam is often the easiest way for malicious hackers to trick individuals into giving personal and private data. According to the FBI, email frauds are the most expensive type of cybercrime, costing American billions of dollars in losses. 

According to Google Safe Browsing, there are now nearly 75 times as many phishing sites as there are malware sites on the internet. Interestingly, 20% of all employees are likely to click on phishing email links, and, of those, a whopping 68 percent go on to enter their credentials on a phishing website. 

So how can we mitigate this and safeguard our emails? Here are 5 simple steps that can assist in protecting your email account and steer clear of threat actors. 

1. Apply a strong and unique password 

This one may seem cliche, but never employ a password that contains your name, date of birth, user name, email address, or any other piece of information that can be easily accessed by hackers. Your password needs to be six characters or longer. Employ different passwords for each of your accounts, never the same one. 

You can store all your passwords in multiple ways, including on a piece of paper, hard drive, password manager, or otherwise. If you're using a password manager app, keep in mind that these can be prone to hacks, as they rely on internet connections and software programs to store your data, both of which can be abused by hackers. 

2. Post minimal personal information on social media 

Recognize the privacy settings you have. Always scan the default privacy settings before posting anything on a social media platform. The default privacy settings on multiple social media platforms are often lenient and may permit the sharing of information with a big online community. A social networking platform’s settings should be adjusted before sharing any content there. 

3. Employ a spam filter 

Spam filters help you keep spam emails from your inbox or flag spam emails so that you are aware of them. Relying on the software and configuration, some spam filters can automatically eliminate junk emails and thwart web bugs that track your activity and system information. 

4. Block Suspicious Addresses 

While some scammers may only try to contact you once or twice, others will make repeated attempts at getting in touch. This is why you should block email addresses that you have confirmed to be dangerous. It's usually pretty quick and easy to block an email address, but the process may differ slightly depending on the provider you're using. It can usually be done by highlighting a specific email and choosing the Block option, or by going into your email account settings. 

5. Use Antivirus Software 

It is highly recommended that you install and maintain good and well-respected antivirus software on your desktop, smartphone, or tablet to mitigate infection. Search all email attachments with an antivirus program before downloading them, even if they come from someone you know.

PayPal Invoices Used for Data Theft

The past few months have seen an increase in the usage of convincing phishing emails made using an attack on PayPal's invoice system. Scammers are constantly seeking new ways to steal your personal information or money. 

Hackers send bogus invoices from PayPal's website using a free PayPal account they have registered. The emails' bodies contained spoof logos of companies like Norton to make their recipients believe they were authentic.

Emails from PayPal will likely be delivered to your inbox rather than your spam bin because they are not regarded as spam. Because it came from a real Paypal account, the email will appear to be trustworthy so users are advised to stay cautious and not fall for it. You won't receive a worthwhile service if you pay this charge, cybercriminals will receive your money and use it for their own gain. 

The PayPal invoices feature statements like "thank you for purchasing Norton Security Premium package, if you have not authorized this transaction, please call us with your credit card details." They resemble a related fraud that employed phony Quickbooks invoices and was disclosed earlier this month.

The scam, often known as a "double spear" assault, prompts users to call the number, at which point hackers attempt to get them to pay the invoice and steal their credit card information.

Phishing efforts are frequent and come in a variety of shapes, according to a written statement from PayPal.

PayPal stated that it has a zero-tolerance policy for attempted fraud on the platform and that its team is working relentlessly to protect its consumers.

"We are aware of this well-known phishing scheme and have added more measures to help mitigate this particular incidence," the company said. "Nevertheless, we advise clients to exercise constant vigilance online and to get in touch with Customer Service immediately if they believe they are a victim of a scam."

It's astonishing how well-adapted modern fraudsters are at using the very same technologies that financial institutions have long utilized to provide their consumers a sense of security while dealing online. 

Today's scamsters seem to be more interested in hacking your entire computer and online life with remote administration software than they are in stealing your PayPal password, which seems to be at the center of the majority of frauds these days.

Users are advised to follow the guidelines given below in order to safeguard themselves against the aforementioned scam. 
  • To prevent phishing emails from being sent to you, don't rely on email spam filters. Examine emails for warning signs, such as impending deadlines and scare tactics, to spot potential phishing frauds.
  • Use a recognized phone number or email address to get in touch with the service provider directly to confirm the validity of an invoice. To get in touch with the service provider, do not utilize the phone number or link provided in the invoice.
  • The simple notion that an email was delivered via a reputable website should not be used as proof of its validity. To make their schemes seem more credible, cybercriminals can exploit reliable websites.

Users of Intuit QuickBooks Targeted in Phishing Scams

 

Intuit, a financial software business based in the US, has issued a warning to its clients about a new QuickBooks phishing effort. The current phishing campaign, which is the company's fifth big security threat this year, involves deceiving consumers into believing one‘s account has been suspended. 

"We're writing to advise you that we were unable to confirm certain information on your account after performing an assessment of your company. As a result, we've placed a temporary hold on your account." The phishing message goes as follows: "If you believe we've made a mistake, please let us know as soon as possible so we can correct it. Please fill out the verification form below to assist us with effectively revisiting your account. We will re-evaluate your account within 24-48 hours after verification is finished." 

Malicious material within the bogus Intuit support team message would send the target to a phishing website where criminals may steal personal data or install malware on infected devices if they clicked the "Complete Verification" button. The sender "is not linked with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit's logos permitted by Intuit," according to the accounting software Intuit. Customers are advised not to open these phishing messages.

Small and medium-sized businesses (SMBs) all over the world utilize Intuit's QuickBooks software. According to the company's website, there are 4.5 million users globally. This year, cyber attackers have targeted the company's vast user base, particularly around tax season in the United States, when the corporation was compelled to release two separate security advisories in as many days in February. 

The email in both phishing scams pretended to be an account inactivity warning, suggesting that the user's account had been disabled due to inactivity. Victims were sent links to a bogus Intuit website, which could have been used to steal account information. 

It also advises consumers to delete the communications from email inboxes to avoid personal data being stolen and a possible malware infection. Customers who opened the email clicked a link, or downloaded a possibly harmful attachment should take the following precautions: 
  • Delete the downloaded attachment right away. 
  • Passwords should be changed regularly. 
  • Run a complete scan on the machine that may have been hacked. 
  • Intuit also offers a comprehensive list of security advice that can assist customers in avoiding common cyberattacks such as phishing emails, customer service scams, and identity theft.

On Microsoft Exchange Servers, a New IceApple Exploit Toolkit was Launched

 

Security analysts discovered a new post-exploitation framework that could enable Microsoft Exchange servers to be compromised. This framework, known as IceApple, was created by threat actors who wanted to preserve a low profile while launching long-term attacks to assist reconnaissance and data exfiltration. 

"As of May 2022, IceApple is under active development, with 18 modules seen in operation across several enterprise contexts," CrowdStrike reported. The complex virus was identified in various victim networks and in geographically separate areas, which were detected in late 2021. Victims come from a variety of fields, including technology, academia, and government.

IceApple is unique for being an in-memory framework, implying a threat actor's desire to keep a low forensic footprint and avoid detection, which bears all the signs of a long-term algorithmic mission by creating files that appear to come from Microsoft's IIS web server. While most of the malware has been found on Microsoft Exchange servers, IceApple can function under any Internet Information Services (IIS) web app, making it a dangerous threat.

IceApple activity, as per CrowdStrike researchers, could be linked to nation-state attacks. Although IceApple has not been linked to any single threat actor, many believe it was developed by China. 

The actual number of victims of the attack has not been determined by CrowdStrike, but they do not rule out the possibility that the threat will expand in the following weeks. In this regard, the experts suggested updating any apps used by public and commercial businesses to strengthen the system's protection against this framework. 

The malware can locate and erase files and directories, write data, collect credentials, search Active Directory, and transfer sensitive data due to the framework's various components. These components' build timestamps date back to May 2021.

Spanish Police Arrested SIM Swappers who Stole Money from Victims Bank Accounts

 

The Spanish National Police have arrested eight suspected members of a criminal organisation who used SIM swapping assaults to steal money from the victims' bank accounts. 

SIM switching assaults are used by criminals to get control of victims' phone numbers by duping mobile operator workers into transferring their numbers to SIMs controlled by the fraudsters. The attackers can steal money, cryptocurrency, and personal information, including contacts linked with online accounts, once a SIM has been stolen. Criminals could take over social media accounts and utilise SMS to circumvent 2FA services utilized by online services, including financial services. 

In the incident under investigation by Spanish police, the cybercriminal gained the victims' personal information and bank details via fraudulent emails in which they pretended to be their bank. The fraudsters were able to falsify the victims' official documents and use them to dupe phone store staff into issuing them with replica SIM cards. They were able to overcome SMS-based 2FA needed to access bank accounts and take the money once they had the SIM cards. 

The press release published by the Spanish National Police stated, “Agents of the National Police have dismantled a criminal organization dedicated, presumably, to bank fraud through the duplication of SIM cards. There are eight detainees based in Catalonia and acting throughout Spain who, through malicious messages and posing as a bank, obtained personal information and bank details to access the accounts of the victims whose identity they usurped through the falsification of official documents. With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank’s security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.”

The first SIM swapping attack linked to this group occurred in March 2021, when Spanish authorities received two reports about fraudulent transactions in different parts of the country. Crooks used bank transfers and digital quick payment services based in the region of Barcelona to launder the stolen funds. Seven people were arrested in Barcelona and one in Seville as a byproduct of the operation. The suspects' bank accounts were also banned by the authorities. 

The FBI announced this week that SIM swap attacks have increased, with the objective of stealing millions of dollars from victims by hijacking their mobile phone numbers. According to the FBI, US individuals have lost more than $68 million as a result of SIM switching assaults in 2021, with the number of complaints and damages nearly doubling since 2018. The FBI's Internet Crime Complaint Center (IC3) received 1,611 SIM switching assault reports in 2018, compared to 320 complaints between 2018 and 2002, resulting in a total loss of $12 million. 

Individuals should take the following steps, as per the FBI: 

• Do not post details regarding financial assets, such as bitcoin ownership or investment, on social networking platforms or forums. 
• Do not disclose the mobile number account details to representatives who ask for the account password or pin over the phone. Verify the call by calling the mobile carrier's customer support number. • Posting personal information online, such as your phone number, address, or other identifying information, is not a good idea. 
• To access online accounts, use a variety of unique passwords. 
• Any changes in SMS-based connectivity should be noted. 
• To gain access to online accounts, use strong multi-factor authentication solutions such as biometrics, physical security tokens, or standalone authentication software. 
• For easy login on mobile device applications, do not save passwords, usernames, or other information. 

On the other hand, mobile providers should take the following safety measures, according to the FBI: 

• Employees should be instructed and training sessions on SIM swapping should be held. 
• Examine incoming email addresses containing formal correspondence for minor differences that could make fraudulent addresses appear real and match the names of actual clients. 
• Establish stringent security standards that allow workers to effectively check customer credentials before transferring their phone numbers to a new device.