Search This Blog

Showing posts with label Email Fraud. Show all posts

Users of Intuit QuickBooks Targeted in Phishing Scams

 

Intuit, a financial software business based in the US, has issued a warning to its clients about a new QuickBooks phishing effort. The current phishing campaign, which is the company's fifth big security threat this year, involves deceiving consumers into believing one‘s account has been suspended. 

"We're writing to advise you that we were unable to confirm certain information on your account after performing an assessment of your company. As a result, we've placed a temporary hold on your account." The phishing message goes as follows: "If you believe we've made a mistake, please let us know as soon as possible so we can correct it. Please fill out the verification form below to assist us with effectively revisiting your account. We will re-evaluate your account within 24-48 hours after verification is finished." 

Malicious material within the bogus Intuit support team message would send the target to a phishing website where criminals may steal personal data or install malware on infected devices if they clicked the "Complete Verification" button. The sender "is not linked with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit's logos permitted by Intuit," according to the accounting software Intuit. Customers are advised not to open these phishing messages.

Small and medium-sized businesses (SMBs) all over the world utilize Intuit's QuickBooks software. According to the company's website, there are 4.5 million users globally. This year, cyber attackers have targeted the company's vast user base, particularly around tax season in the United States, when the corporation was compelled to release two separate security advisories in as many days in February. 

The email in both phishing scams pretended to be an account inactivity warning, suggesting that the user's account had been disabled due to inactivity. Victims were sent links to a bogus Intuit website, which could have been used to steal account information. 

It also advises consumers to delete the communications from email inboxes to avoid personal data being stolen and a possible malware infection. Customers who opened the email clicked a link, or downloaded a possibly harmful attachment should take the following precautions: 
  • Delete the downloaded attachment right away. 
  • Passwords should be changed regularly. 
  • Run a complete scan on the machine that may have been hacked. 
  • Intuit also offers a comprehensive list of security advice that can assist customers in avoiding common cyberattacks such as phishing emails, customer service scams, and identity theft.

On Microsoft Exchange Servers, a New IceApple Exploit Toolkit was Launched

 

Security analysts discovered a new post-exploitation framework that could enable Microsoft Exchange servers to be compromised. This framework, known as IceApple, was created by threat actors who wanted to preserve a low profile while launching long-term attacks to assist reconnaissance and data exfiltration. 

"As of May 2022, IceApple is under active development, with 18 modules seen in operation across several enterprise contexts," CrowdStrike reported. The complex virus was identified in various victim networks and in geographically separate areas, which were detected in late 2021. Victims come from a variety of fields, including technology, academia, and government.

IceApple is unique for being an in-memory framework, implying a threat actor's desire to keep a low forensic footprint and avoid detection, which bears all the signs of a long-term algorithmic mission by creating files that appear to come from Microsoft's IIS web server. While most of the malware has been found on Microsoft Exchange servers, IceApple can function under any Internet Information Services (IIS) web app, making it a dangerous threat.

IceApple activity, as per CrowdStrike researchers, could be linked to nation-state attacks. Although IceApple has not been linked to any single threat actor, many believe it was developed by China. 

The actual number of victims of the attack has not been determined by CrowdStrike, but they do not rule out the possibility that the threat will expand in the following weeks. In this regard, the experts suggested updating any apps used by public and commercial businesses to strengthen the system's protection against this framework. 

The malware can locate and erase files and directories, write data, collect credentials, search Active Directory, and transfer sensitive data due to the framework's various components. These components' build timestamps date back to May 2021.

Spanish Police Arrested SIM Swappers who Stole Money from Victims Bank Accounts

 

The Spanish National Police have arrested eight suspected members of a criminal organisation who used SIM swapping assaults to steal money from the victims' bank accounts. 

SIM switching assaults are used by criminals to get control of victims' phone numbers by duping mobile operator workers into transferring their numbers to SIMs controlled by the fraudsters. The attackers can steal money, cryptocurrency, and personal information, including contacts linked with online accounts, once a SIM has been stolen. Criminals could take over social media accounts and utilise SMS to circumvent 2FA services utilized by online services, including financial services. 

In the incident under investigation by Spanish police, the cybercriminal gained the victims' personal information and bank details via fraudulent emails in which they pretended to be their bank. The fraudsters were able to falsify the victims' official documents and use them to dupe phone store staff into issuing them with replica SIM cards. They were able to overcome SMS-based 2FA needed to access bank accounts and take the money once they had the SIM cards. 

The press release published by the Spanish National Police stated, “Agents of the National Police have dismantled a criminal organization dedicated, presumably, to bank fraud through the duplication of SIM cards. There are eight detainees based in Catalonia and acting throughout Spain who, through malicious messages and posing as a bank, obtained personal information and bank details to access the accounts of the victims whose identity they usurped through the falsification of official documents. With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank’s security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.”

The first SIM swapping attack linked to this group occurred in March 2021, when Spanish authorities received two reports about fraudulent transactions in different parts of the country. Crooks used bank transfers and digital quick payment services based in the region of Barcelona to launder the stolen funds. Seven people were arrested in Barcelona and one in Seville as a byproduct of the operation. The suspects' bank accounts were also banned by the authorities. 

The FBI announced this week that SIM swap attacks have increased, with the objective of stealing millions of dollars from victims by hijacking their mobile phone numbers. According to the FBI, US individuals have lost more than $68 million as a result of SIM switching assaults in 2021, with the number of complaints and damages nearly doubling since 2018. The FBI's Internet Crime Complaint Center (IC3) received 1,611 SIM switching assault reports in 2018, compared to 320 complaints between 2018 and 2002, resulting in a total loss of $12 million. 

Individuals should take the following steps, as per the FBI: 

• Do not post details regarding financial assets, such as bitcoin ownership or investment, on social networking platforms or forums. 
• Do not disclose the mobile number account details to representatives who ask for the account password or pin over the phone. Verify the call by calling the mobile carrier's customer support number. • Posting personal information online, such as your phone number, address, or other identifying information, is not a good idea. 
• To access online accounts, use a variety of unique passwords. 
• Any changes in SMS-based connectivity should be noted. 
• To gain access to online accounts, use strong multi-factor authentication solutions such as biometrics, physical security tokens, or standalone authentication software. 
• For easy login on mobile device applications, do not save passwords, usernames, or other information. 

On the other hand, mobile providers should take the following safety measures, according to the FBI: 

• Employees should be instructed and training sessions on SIM swapping should be held. 
• Examine incoming email addresses containing formal correspondence for minor differences that could make fraudulent addresses appear real and match the names of actual clients. 
• Establish stringent security standards that allow workers to effectively check customer credentials before transferring their phone numbers to a new device.