Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phishing and Spam. Show all posts
Phishing and Spam
Customer Data Customer Data Exposed Dark Web Data Breach Data exposed data security Hackers identity theft risk Phishing and Spam

Toys “R” Us Canada Data Breach Exposes Customer Information, Raising Phishing and Identity Theft Concerns

 

Toys “R” Us Canada has confirmed a data breach that exposed sensitive customer information, including names, postal addresses, email addresses, and phone numbers. Although the company assured that no passwords or payment details were compromised, cybersecurity experts warn that the exposed data could still be exploited for phishing and identity theft schemes. 

The company discovered the breach after hackers leaked stolen information on the dark web, prompting an immediate investigation. Toys “R” Us engaged a third-party cybersecurity firm to conduct forensic analysis and confirm the scope of the incident. Early findings revealed that a “subset of customer records” had been stolen. The retailer began notifying affected customers through official communications, with letters quickly circulating on social media after being shared by recipients.  

According to the company’s statement, the breach did not involve financial information or account credentials, but the exposure of valid contact details still presents significant risk. Cybercriminals often use such data to create convincing phishing emails or impersonate legitimate companies to deceive victims into revealing sensitive information. 

Toys “R” Us stated that its IT systems were already protected by strong security protocols but have since been reinforced with additional defensive measures. The company has not disclosed how the attackers infiltrated its network or how many individuals were impacted. It also confirmed that, to date, there is no evidence suggesting the stolen data has been misused. 

In the aftermath of the incident, Toys “R” Us reported the breach to relevant authorities and advised customers to remain vigilant against phishing attempts. The company urged users not to share personal information with unverified senders, avoid clicking on suspicious links or attachments, and closely monitor any unusual communications that appear to come from the retailer.  

While no hacking group has claimed responsibility for the breach, cybersecurity analysts emphasize that exposed names, emails, and phone numbers can easily be weaponized in future scams. The incident underscores how even non-financial data can lead to significant cybersecurity risks when mishandled or leaked. 

Despite the company’s reassurances and strengthened defenses, the breach highlights the ongoing threat businesses face from cyberattacks that target customer trust and data privacy.
Read more »
Social Media attacks
Cyber Frauds Cyber Security CyberCriminal Online Security Phishing and Spam Social Media Social Media attacks

Protecting Your Business from Cybercriminals on Social Media

 

Social media has transformed into a breeding ground for cybercriminal activities, posing a significant threat to businesses of all sizes. According to recent reports, more than half of all companies suffer over 30% revenue loss annually due to fraudulent activities, with social media accounting for about 37% of these scams. This is alarming because even established tech giants like Yahoo, Facebook, and Google have fallen victim to these attacks. For smaller businesses, the threat is even greater as they often lack the robust security measures needed to fend off cyber threats effectively. 

Phishing scams are among the most prevalent attacks on social media. Cybercriminals often create fake profiles that mimic company employees or business partners, tricking unsuspecting users into clicking on malicious links. These links can lead to malware installations or trick individuals into revealing sensitive information like passwords or banking details. In some instances, fraudsters might also impersonate high-level executives to manipulate employees into transferring money or sharing confidential data. Another common method is social engineering, where cybercriminals manipulate individuals into taking actions they otherwise wouldn’t. 

For example, they might pretend to be company executives or representatives, convincing lower-level employees to share sensitive information, such as financial records or login credentials. This tactic is especially dangerous since it often appears as legitimate internal communication, making it harder for employees to recognize the threat. Credential stuffing is another significant concern. In this form of attack, cybercriminals use stolen credentials from data breaches to gain unauthorized access to social media accounts. This can lead to spam, data theft, or the spread of malware through the company’s official accounts, jeopardizing both the business’s reputation and its customers’ trust. Negative campaigns pose a different yet equally damaging threat. 

Attackers may post false reviews, complaints, or misinformation to tarnish a company’s image, resulting in lost sales, reduced customer loyalty, and even potential legal costs if the business decides to pursue legal action. Such campaigns can have long-lasting effects, making it difficult for companies to rebuild their reputations. Targeted advertising is another avenue for cybercriminals to exploit. They create deceptive ads that mislead customers or redirect them to malicious sites, damaging the company’s credibility and resulting in financial losses. To safeguard against these threats, businesses must take proactive steps. Using strong, unique passwords for social media accounts is essential to prevent unauthorized access. 

Responding quickly to any incidents can limit damage, and regular employee training on recognizing phishing attempts and social engineering tactics can reduce vulnerability. Managing access to social media accounts by limiting permissions to a select few employees can minimize risk. Additionally, regularly updating systems and applications ensures that security patches protect against known vulnerabilities. 

By implementing these preventive measures, businesses can better defend themselves against the growing threats posed by cybercriminals on social media, maintaining their reputation, customer trust, and financial stability.
Read more »
Security
Antiphish Banks bfsi CISO phishing Phishing and Spam Security

Case Study: Implementing an Anti-Phishing Product and Take-Down Strategy


Introduction:

Phishing attacks have become one of the most prevalent cybersecurity  threats, targeting individuals and organizations to steal sensitive information such as login credentials, financial data, and personal information. To combat this growing threat, a comprehensive approach involving the deployment of an anti-phishing product and an efficient take-down strategy is essential.

This case study outlines a generic framework for implementing such measures, with a focus on regulatory requirements mandating the use of locally sourced solutions and ensuring proper validation before take-down actions.


Challenge:

Organizations across various sectors, including finance, healthcare, and e-commerce, face persistent phishing threats that compromise data security and lead to financial losses. The primary challenge is to develop and implement a solution that can detect, prevent, and mitigate phishing attacks effectively while complying with regulatory requirements to use locally sourced cybersecurity products and ensuring that take-down actions are only executed when the orginization is phished/imitated.


Objectives:

1. Develop an advanced anti-phishing product with real-time detection and response capabilities.

2. Establish a rapid and effective take-down process for phishing websites.

3. Ensure the anti-phishing product is sourced from a local provider to meet regulatory requirements.

4. Implement a policy where take-down actions are only taken when the orginization is phished.


Solution:

A multi-faceted approach combining technology, processes, and education was adopted to address the phishing threat comprehensively.


1. Anti-Phishing Product Development

An advanced anti-phishing product from a local cybersecurity provider was developed with the following key features:

Real-time Monitoring and Detection:

Utilizing AI and machine learning algorithms to monitor email traffic, websites, and network activity for phishing indicators.

- Threat Intelligence Integration:

  Incorporating global threat intelligence feeds to stay updated on new phishing tactics and campaigns.

- Automated Detection of Brand Violations: Implementing capabilities to automatically detect the use of logos, brand names, and other identifiers indicative of phishing activities.

- Automated Response Mechanisms:

Implementing automated systems to block phishing emails and malicious websites at the network level, while flagging suspicious sites for further review.

- User Alerts and Guidance: Providing immediate alerts to users when suspicious activities are detected, along with guidance on how to respond.


2. Phishing Website Take-Down Strategy

We developed a proactive approach to swiftly take down phishing websites, ensuring a balance between automation and human oversight, and validating the phishing activity before take-down:

- Rapid Detection Systems: Leveraging real-time monitoring tools to quickly identify phishing websites, especially those violating brand identities.

- Collaboration with ISPs and Hosting Providers:

Establishing partnerships with internet service providers and hosting companies to expedite the take-down process.

- Human Review Process and Validation of Phishing Activity:

Ensuring that no site is taken down without a human review to verify the phishing activity, preventing erroneous takedowns/rejections.

- Legal Measures:

Employing legal actions such as cease-and-desist letters to combat persistent phishing sites.

- Dedicated Incident Response Team:

Forming a specialized team to handle take-down requests and ensure timely removal of malicious sites, following human verification.


Results:

1. Reduction in Phishing Incidents: Organizations reported a significant decrease in successful phishing attempts due to the enhanced detection and response capabilities of the locally sourced anti-phishing product.

2. Efficient Phishing Site Take-Downs:

The majority of reported phishing websites were taken down within 24 hours, following human review and validation of phishing activity, minimizing the potential impact of phishing attacks.


Conclusion:

The implementation of an advanced, locally sourced anti-phishing product, combined with a robust take-down strategy and comprehensive educational initiatives, significantly enhances the cybersecurity posture of organizations. By adopting a multi-faceted approach that leverages technology, collaborative efforts, and user education, while ensuring compliance with regulatory requirements to use local solutions and validating phishing activity before take-down actions, organizations can effectively mitigate the risks posed by phishing attacks. This case study underscores the importance of an integrated strategy, ensuring automated systems are complemented by human oversight, in protecting against the ever-evolving threat of phishing.


By

Suriya Prakash & Sabari Selvan

CySecurity Corp

Read more »
User Privacy
China Data Breach Forbes Phishing and Spam TikTok US Goverment User Privacy

ByteDance Employees Seized User Data Of Two Journalists

The Chinese company ByteDance, which owns  TikTok, disclosed on Thursday that some of its workers had illegally collected the data of American TikTok users, which included two journalists.

According to an email from ByteDance general counsel Erich Andersen, employees of the company had access to the data as part of a failed investigation into information leaks earlier this year. The employees had access to two reporters' IP addresses and other information via their TikTok accounts, as well as the data of a limited number of individuals connected to the journalist. The company stated that they were searching for connections between two journalists—a former BuzzFeed reporter and a Financial Times reporter—and  ByteDance, however, they were unable to find any breaches.

The inquiry, which was initiated in response to a Forbes story, emphasizes the privacy and security dangers associated with TikTok that have been brought up by American lawmakers, state governors, and administrations for more than two years, and supports some of the information in that study. More than a dozen states have prohibited TikTok from being used on government-issued devices, and the business has been in extensive discussions with the administration about security and privacy policies that would prevent ByteDance and the Chinese government from possibly gaining access to user data in the United States.

Two employees in China and two in the US of ByteDance who were associated with the incident were sacked. Company representatives announced that they were taking extra precautions to safeguard user data. In an effort to identify the source of leaks, ByteDance traced several Forbes journalists, including those who had previously worked for BuzzFeed, according to a Forbes investigation. 

In an effort to completely remove user data from China, TikTok has taken efforts to disassociate itself from ByteDance and is currently in talks with the US government. The fate of those talks is still up in the air.





Read more »
Privacy
Data protection DNS Fraud Website HTML Mallicious URLs Phishing and Spam Privacy

Data Security can be Enhanced Via Web Scraping

Web information aids security professionals in understanding potential weaknesses in their own systems, threats that might come from outside organizations' networks, and prospective threats that might come via the World Wide Web. 

In reality, automated tests that can find the presence of potential malware, phishing links, various types of fraud, information breaches, and counterfeiting schemes are performed using this database of public Web data.

Web scraping: What is it?

Large volumes of data can be automatically gathered from websites via web scraping. The majority of this data is unstructured and is shown in HTML format, t is transformed into structured data in a spreadsheet or database so that it can be used in a variety of applications.

These include utilizing online services, certain APIs, or even writing one's own code from scratch for web scraping. The company doing the scraping is aware of the sites to visit and the information to be collected. There are APIs on a lot of big websites, including Google, Twitter, Facebook, StackOverflow, etc., which let users access their data in a structured manner. 

How Do Web Scrapers Operate?

Web scrapers have the power to extract all the data from specified websites or the precise data that a user requires. If you wanted to find out what kinds of peelers were available, for instance, you might want to scrape an Amazon page, but you might only need information on the models of the various peelers, not the feedback from customers.

Therefore, the URLs are first provided when a web scraper intends to scrape a website. Then, all of the websites' HTML code is loaded. A more sophisticated scraper might also extract all of the CSS and Javascript parts. The scraper then extracts the necessary data from this HTML code and outputs it in the manner that the user has chosen. The data is typically stored as an Excel spreadsheet or a CSV file, but it is also possible to save it in other formats, such as JSON files.

Cybersecurity Via Web Scraping

1. Monitoring for Potential Attacks on Institutions

Some of the top firms' security teams use open Web data collecting networks to acquire data on potential online threat actors and analyze malware. 

Additionally, they continuously and automatically check the public domain for potentially harmful websites or links using Web scraping techniques. For instance, security teams can instantly recognize several phishing websites that aim to steal important customer or business data like usernames, passwords, or credit card information.

2. Scraping the Web for Cybersecurity 

Web data collecting is used by a variety of cybersecurity companies to evaluate the risk that various domains pose for fraud and viruses. In order to properly assess the risk, cybersecurity firms can utilize this to contact potentially harmful websites as a 'victim' or a legitimate user to see how the website might target an unwary visitor. 

3. Analysis and Reduction of Threats

Public Web data collecting networks are used by threat intelligence companies to get information from a variety of sources, including blogs, public social media channels, and hackers, in order to find fresh information on a range of potential dangers. 

Their insights are based on this Web data collecting, which they subsequently disseminate to a wide range of customers that want to strengthen their own system security.

Despite being utilized often in business, lawful web scraping is still a touchy subject. Where personal information is scraped, this is the most evident. Users of LinkedIn, for instance, are aggressively marketing their personal information since the platform essentially functions as a professional CV showcase. Less desirable is having those details gathered in bulk, compiled, and sold to random people.

An organization's visibility and capacity to respond to online threats across the large online terrain in real-time are both improved by integrating with Web data collecting networks.








Read more »
Spam
Cyber Security Email Email Attacks Fraud Mails Phishing and Spam Phishing Attacks Spam

Snowshoeing: How the Tactic can Spam Through Your E-mails

 

Cybercriminals employ a wide array of fraudulent techniques to entice users into falling for their email traps. One such infamous technique that draws attention while we speak of various scamming methods, is ‘Spam Emails’. 
 
Spam emails are one of the various pitfalls for netizens. These emails come with a multitude of capacities and can have numerous impacts on a user, even leading to severe scams. One of the spamming tactics used by spammers is 'Snowshoeing', which we will be discussing today. What is Snowshoeing? Snowshoeing is essentially spamming on a very large scale. In a snowshoeing campaign, the spammer may use multiple IP addresses in order to spread spam emails over various internet domains.  
 
Snowshoeing technique derives its name from how 'snow shoes' spread across a large surface area. If you use a regular shoe on snow, it will most likely result in you sinking or slipping on the ice. With snow shoes, a person's weight spreads out more evenly, they are designed to have that effect.  
 
Similarly, in Snowshoeing spamming, the attacker makes use of multiple IP addresses, rather than one, in order to consequently spread the spam load across various domains. This way, Snowshoeing spam could comparatively be very dangerous to its targets than many other spamming tactics. 
 

What Does Snowshoe Spamming Mean? 


Snowshoe spamming is a strategy in which spam is propagated over several domains and IP addresses to weaken reputation metrics and avoid filters. The increasing number of IP addresses makes recognizing and capturing spam difficult, which means that a certain amount of spam reaches their destination email inboxes. Specialized spam trapping organizations are often hard-pressed to identify and trap snowshoe spamming via conventional spam filters.  
 
The strategy of snowshoe spamming is similar to actual snowshoes that distribute the weight of an individual over a wide area to avoid sinking into the snow. Likewise, snowshoe spamming delivers its weight over a wide area to steer clear of filters, expertly navigating them.  

 
How does Snowshoeing work? 

 
Snowshoeing differs from other solicited bulk mail and criminal spams, as in Snowshoeing, the attacker leverages several fraudulent business names and fake identities than just one, changing voice-mails and postal drops on a regular basis.  
 
While a reputable mailer put a good effort to garner trust from an audience, and to develop a brand reputation by using legitimate business addresses, identified domains, and small, static, and easily identifiable selection of IPs, in order to present the audience with a legitimate identity. On the other hand, Snowshoe spammers make use of anonymous and unidentified "whois" records. 
 
To further spread the spam load, snowshoe spammers frequently utilise domain assortments, which may be connected to many providers and servers.   
 
Snowshoe spammers use anonymous domains, which makes it nearly impossible to track down the owner and report the spam. 
 

How to tackle Snowshoeing spam? 

 
In order to mitigate Snowshoe spamming, administrators may follow certain steps, such as applying policies hierarchically at the organization, group, or mailbox level. One may as well rewrite addresses. For complex, multi-domain environments, one may rewrite both inbound and outgoing addresses. 
 
Read more »
Phishing and Spam
Arrests Cyber Fraud Cyber Phishing Germany hacker arrested Mobile Phishing phishing Phishing and Spam

Germany: Individual Hacker Arrested for Stealing € 4 Million via Phishing Attacks

 

Germany’s federal criminal police, Bundeskriminalamt (BKA) carried out home raids on three suspects for executing a large-scale phishing campaign, defrauding internet users of €4 million. The phishing campaign was carried out by the charged suspects between October 3, 2020, and May 29, 2021, as per the evidence gathered by the German Computer Crime Office. 

One of the three suspects, a 24-year-old, has been arrested and charged by the BKA, the second, a 40-year-old, has also been charged with 124 acts of computer fraud, while the investigation for the third suspect is still ongoing.  

The hackers allegedly defrauded their victims by imitating as legitimate German banks and sending them phishing e-mails that were clones of messages from some real banks.  

“These e-mails were visually and linguistically believable based on real bank e-mails. The victims were informed in these letters that their house bank would change their security system – and their own account would be affected [...] The e-mail recipients were thus tricked into clicking on a link, which in turn led to a deceptively real-looking bank page. There, the phishing victims were asked to enter their login data and a current TAN, which in turn enabled the fraudsters to see all the data in the account of the respective victim – including the amount of credit and availability. The perpetrators then contacted the victims and tricked them into revealing further TAN numbers as alleged bank employees. With the TAN, they were then able to withdraw funds from the accounts of the victims.” reads the statement issued by BKA. 

The phishing emails reportedly informed the internet users of the changes in their respective bank’s security systems, beseeching the victims to click on an embedded link to continue using the bank’s services. The links redirected victims to a landing page, asking them to enter their credentials and Transaction Authentication Number (TAN), allowing the hackers access to their online banking accounts and withdrawal funds.  

According to the BKA, the hackers even used DDoS against the banks to conceal their fraudulent transactions. "In order to carry out their crimes, the accused are said to have resorted to offers from other cybercriminals who worked on the dark net, selling various forms of cyber-attacks as crime-as-a-service." BKA stated in an announcement. 

In regard to the active cases of phishing attacks and online fraud, the police urged internet users to take certain cautionary measures, such as never clicking a link or opening file attachments in emails that appear to be from a legitimate bank. If in doubt, the users are recommended to contact their banks personally or obtain information from the bank’s respective websites.
Read more »
Water facility attack
Clop Ransomware Data Breach Phishing and Spam SCADA Hacking Water facility attack

UK Water Provider Targeted by Clop Group Ransomware

The UK water supplier, South Staffordshire Water fell prey to a CLOP Ransomware attack. Following the attack, the company released a statement mentioning that the exploit had no effect on the systems that distribute water safely. 

South Staffordshire Water plc, also known as South Staffs Water, is a UK water supply firm that supplies water to a small portion of the West Midlands, Staffordshire, and other nearby counties in England.

Over 1,500 square kilometers in the West Midlands, South Staffordshire, South Derbyshire, North Warwickshire, and North Worcestershire, South Staffordshire provides drinking water to about 1.3 million individuals and 35,000 commercial clients.

The company was able to offer Cambridge Water and South Staffs Water customers safe water because of the security measures in place. Additionally, South Staffordshire Water reassures its clients that all service teams are working normally, negating any possibility of prolonged disruptions as a result of the incident.

Alongside carefully collaborating with the relevant governmental and regulatory agencies, the company is looking into the issue. The supplier's identity was published to the Clop ransomware gang's Tor leak site along with a claim of responsibility for the attack.

The wrong firm extorted by hackers

The Clop ransomware gang's Tor leak site through a release on their onion website today stated that Thames Water was their target. They claimed to have gained access to SCADA systems that they could control to affect 15 million users.

The hackers contend that they acted appropriately by not encrypting their data and only stealing 5TB from the hacked systems. Further claims have it that they warned Thames Water of its network security flaws. However, after allegedly failing to reach an agreement on the ransom payment, the actors released the first sample of stolen information, which included passport images, screenshots from SCADA systems used for water treatment, driver's license images, etc.

In a statement released today, Thames Water formally refuted these assertions, further asserting that any accusations of Clop breaching its network were "cyber-hoaxes" and that its services were already at capacity. One significant aspect of the lawsuit is that, among the public material, Clop offers a table of usernames and passwords that includes the email addresses of South Staffordshire and South Staff Water.

This incident occurs as eight locations in the UK are enforcing water rationing rules and hosepipe bans because of extreme drought. Due to the extreme pressure that could be placed on water suppliers to pay the demanded ransom, cybercriminals don't choose their victims at random.

However, for this to happen, Clop must target its threats on the appropriate party. However, given the amount of attention the situation has received, it's likely too late for that at this point.
Read more »
Subscribe to: Comments (Atom)