Search This Blog

Showing posts with label Scams. Show all posts

Reverse Tunnelling & URL Shortening Services Used in Evasive Phishing

 

Researchers are detecting an increase in the usage of reverse tunnel services, as well as URL shorteners, for large-scale phishing operations, leaving malicious activity more difficult to detect. This strategy differs from the more typical practise of registering domains with hosting providers, who are more inclined to answer complaints and remove phishing sites. 

Threat actors can use reverse tunnels to host phishing websites locally on their own computers and route connections through an external service. They can evade detection by using a URL shortening service to produce new links as frequently as they desire. Many phishing URLs are renewed in less than 24 hours, making tracing and eliminating the domains more complex. 

CloudSEK, a digital risk prevention company, has seen a rise in the number of phishing efforts that combine reverse tunnelling and URL shortening services. According to a report shared with BleepingComputer by the business, researchers discovered more than 500 sites hosted and disseminated in this manner. CloudSEK discovered that the most extensively misused reverse tunnel services are Ngrok, LocalhostRun, and Cloudflare's Argo. They also saw an increase in the use of URL shortening services such as Bit.ly, is.gd, and cutt.ly. 

Reverse tunnel services protect the phishing site by managing all connections to the local server where it is housed. The tunnel service resolves any incoming connections and forwards them to the local computer. Victims who interact with these phishing sites have their personal data saved directly on the attacker's computer. Thus according to CloudSEK, the threat actor conceals the name of the URL, which is often a string of random characters, by utilising URL shorteners. 

As a result, a suspicious domain name is masked under a short URL. Opponents, according to CloudSEK, are disseminating these links using popular communication channels such as WhatsApp, Telegram, emails, SMS, or bogus social media pages. It is important to note that the abuse of these services is not new. 

In February 2021, for example, Cyble produced proof of Ngrok misuse. However, according to CloudSEK's results, the situation is worsening. CloudSEK discovered one phishing campaign that impersonated YONO, a digital banking platform provided by the State Bank of India. The attacker's URL was masked under "cutt[.]ly/UdbpGhs" and directed to the site "ultimate-boy-bacterial-generates[.]trycloudflare[.]com/sbi," which made advantage of Cloudflare's Argo tunnelling service. 

This phishing page asked for bank account information, PAN card numbers, Aadhaar unique identification numbers, and mobile phone numbers. CloudSEK did not disclose the effectiveness of this operation, but it did point out that threat actors seldom use the same domain name for more than 24 hours, however, they do recycle the phishing page designs.

"Even if a URL is reported or blocked, threat actors can easily host another page, using the same template" - CloudSEK 

This sensitive information may be sold on the dark web or utilised by attackers to deplete bank accounts. If the information comes from a business, the threat actor might use it to execute ransomware attacks or business email compromise (BEC) fraud. 

Users should avoid clicking on links obtained from unknown or dubious sources to protect themselves from this sort of danger. Manually typing a bank's domain name into the browser is an excellent way to avoid being exposed to a bogus website.

FBI: Business Email Compromise is a $43 Billion Scam

 

The FBI recently announced that the amount of money lost to business email compromise (BEC) scams is increasing each year, with a 65 per cent rise in identified global exposure losses between July 2019 and December 2021.

From June 2016 to July 2019, IC3 received victim complaints about 241,206 domestic and international occurrences, totalling $43,312,749,946 in exposed cash loss. 

The FBI stated, "Based on the financial data reported to the IC3 for 2021, banks located in Thailand and Hong Kong were the primary international destinations of fraudulent funds. China, which ranked in the top two destinations in previous years, ranked third in 2021 followed by Mexico and Singapore." 

This was revealed in a new public service announcement issued on the Internet Crime Complaint Center (IC3) site as an update to a prior PSA dated September 2019, in which the FBI stated victims reported losses to BEC attacks totalling more than $26 billion between June 2016 and July 2019. 

About BEC scams:

BEC scams were the cybercrime type with the highest recorded overall victim losses last year, according to the IC3 2021 Internet Crime Report [PDF]. Based on 19,954 registered complaints relating to BEC attacks against individuals and businesses in 2021, victims reported losses of about $2.4 billion. BEC scammers use a variety of techniques to infiltrate business email accounts, including social engineering, phishing, and hacking, to transfer payments to attacker-controlled bank accounts. 

Small, medium and big enterprises are frequently targeted in this form of scam (also known as EAC or Email Account Compromise). Nonetheless, if the payout is high enough, they will attack individuals. Given that they often imitate someone who has the target's trust, their success rate is also very high. 

However, "the scam is not always associated with a transfer-of-funds request," as the FBI explained in the PSA alert. "One variation involves compromising legitimate business email accounts and requesting employees' Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even cryptocurrency wallets."

The FBI also offered advice on how to protect yourself from BEC scams:
  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Refrain from supplying log-in credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender's address appears to match who it is coming from.
  • Ensure the settings in employees' computers are enabled to allow full email extensions to be viewed.
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

$50 Million Lost to Fraudsters Impersonating as Broker-Dealers

 

A California man admitted his involvement in a large-scale and long-running Internet-based fraud scam that allowed him and other fraudsters to drain about $50 million from hundreds of investors.

Between 2012 and October 2020 Allen Giltman, 56, and his co-conspirators constructed phoney websites to collect money from people via the internet by advertising various investment opportunities (mainly the purchase of certificates of deposit). 

According to court documents, "The Fraudulent Websites advertised higher than average rates of return on the CDs, which enhanced the attractiveness of the investment opportunities to potential victims. At times, the fraudulent websites were designed to closely resemble websites being operated by actual, well-known, and publicly reputable financial institutions; at other times, the fraudulent websites were designed to resemble legitimate-seeming financial institutions that did not exist." 

They advertised the phoney investment sites in Google and Microsoft Bing search results for phrases like "best CD rates" and "highest cd rates." The scammers pretended to be FINRA broker-dealers in interactions with victims seeking investment possibilities, claiming to be employed by the financial companies they imitated on the scam sites. 

They employed virtual private networks (VPNs), prepaid gift cards to register web domains, prepaid phones, and encrypted applications to interact with their targets, and false invoices to explain the huge wire transfers they obtained from their victims to mask their genuine identities during their fraud schemes. 

"To date, law enforcement has identified at least 150 fraudulent websites created as part of the scheme," the Justice Department stated. 

"At least 70 victims of the fraud scheme nationwide, including in New Jersey, collectively transmitted approximately $50 million that they believed to be investments." 

The charge of wire fraud conspiracy, which Giltman consented, carries a possible sentence of 20 years in jail, while the charge of securities fraud carries a maximum sentence of five years in prison. Both are punishable by fines of $250,000 or double the gross gain or loss from the offence, whichever is greater. Giltman is scheduled to be sentenced on May 10, 2022. 

Stay Vigilant

The FBI's Criminal Investigative Division and the Securities and Exchange Commission cautioned investors in July 2021 that scammers posing as registered financial professionals such as brokers and investment advisers were posing as them. 

The July alert came after FINRA issued a similar fraud alert the same week regarding broker imposter frauds involving phishing sites that impersonate brokers and faked SEC or FINRA registration documents. 

"Fraudsters may falsely claim to be registered with the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) or a state securities regulator in order to lure investors into scams, or even impersonate real investment professionals who actually are registered with these organizations," the FBI and SEC stated. 

Investors should first use the Investor.gov search engine to see if people marketing investment possibilities are licensed or registered, and then ensure they're not scammers by contacting the seller using independently confirmed contact information from the firm's Client Relationship Summary (Form CRS).

Consumers Warned of Rising Delivery Text Scams

 

Consumers are being advised to be wary of delivery scam texts while purchasing online for Christmas and Boxing Day sales. 

New research from cybersecurity firm Proofpoint shows that delivery 'smishing' scams are on the rise during the busiest shopping season of the year, according to UK Finance. So far in Q4, more than half (55.94%) of all reported smishing text messages impersonated parcel and package delivery firms. In Q4 2020, only 16.37 percent of smishing efforts were made. 

In comparison to Q4 2020, Proofpoint saw a considerable decrease in different types of smishing frauds in Q4 2021. Text scams mimicking financial institutions and banks, for example, accounted for 11.73 percent of all smishing attacks in 2021, compared to 44.57 percent in 2020. 

The information comes from Proofpoint's operation of the NCSC's 7726 text message system. Customers can use this method to report suspicious texts. 

Delivery smishing scams typically begin with a fraudster sending a bogus text message to the recipient alerting them that the courier was unable to make a delivery and demanding a charge or other information to rearrange. The consumer will be directed to a fake package delivery company's website, where they will be asked to provide personal and financial information. 

Following the significant development in online shopping during COVID-19, this form of scam has become increasingly common. Over two-thirds (67.4%) of all UK texts were reported as spam to the NCSC's 7726 text messaging system in the 30 days to mid-July 2021, according to Proofpoint. 

Which? revealed a very clever smishing fraud involving an extremely convincing DPD fake website in a recent investigation. 

Katy Worobec, managing director of economic crime at UK Finance, commented: “Scrooge-like criminals are using the festive season to try to trick people out of their cash. Whether you’re shopping online or waiting for deliveries over the festive period, it’s important to be on the lookout for scams. Don’t let fraudsters steal your Christmas – always follow the advice of the Take Five to Stop Fraud campaign and stop and think before parting with your information or money.” 

Steve Bradford, senior vice president EMEA at SailPoint, stated: “The sharp rise in text message scams – or smishing, which has increased tenfold compared to last year, should be a stark warning to the public. With parcel delivery scam texts expected to spike this Christmas, it’s clear cyber-criminals are using every opportunity available to target victims using new methods. This comes as more businesses use SMS to engage with customers, to accommodate the digital-first mindset that now characterizes many consumers. But this also opens the doors to threat actors able to masquerade as popular websites or customer service support."

“Consumers must be extra vigilant and refrain from clicking any links in text messages that they’re unsure about. It’s also crucial they are keeping their data, identities, and banking information safe – for example, by not taking pictures of their credit card and financial information, since photos often get stored in the cloud, which risks potential exposure to malicious actors.”

Bracing for Evolving Phishing Frauds

 

Phishing scams are still the most common type of cybercrime. Unfortunately, as social engineering attacks get more advanced, this tendency is likely to continue in 2022. The numbers are worrisome and the phishing attacks account for more than 80% of all security issues reported. 

In fact, phishing attacks have been successful in 74 percent of firms in the United States. Companies must be watchful and proactive by implementing a defense strategy as phishing will remain the favoured method of attack for cybercriminals in the coming year. Phishing attacks have the potential to compromise infrastructure and organizations will need to plan ahead and anticipate investing more money in preventative measures in 2021 than they did in 2021. 

Phishing takes a new turn 

As cybercriminals get more sophisticated, here are some of the tactics that businesses should be aware of. It will be considerably difficult to distinguish between spoof and legitimate emails. Email recipients may be alarmed by clever subject lines. Email recipients may be alarmed by clever subject lines such as "Changes to your health benefits" or "Unusual login detected." 

Other common methods of attack include denied memberships, fraudulent subscription calls-to-action, and billing and payment warnings. Furthermore, fraudsters are becoming more sophisticated in their use of false links. Users who aren't paying attention may be scammed into clicking on links that lead to harmful websites. Phishing assaults will be elevated to a new level as a result of social engineering attempts. Artificial intelligence-based tactics, such as copying someone's voice to elicit sensitive information, will become more common. 

A good offense is the best defense

The good news for businesses is that they can use artificial intelligence (AI), email security, and cybersecurity training to protect themselves from more sophisticated phishing assaults. Investing in AI-based preventative tools that track and examine email communications is the first line of defence. 

A strong AI solution examines variables like the devices' external senders and employees, who they message, what time of day they communicate, and where they communicate from. This data is then used to create trusted email sender profiles, which are subsequently compared to incoming emails to authenticate the sender and detect and avoid sophisticated phishing efforts. Artificial intelligence-based monitoring software may even scan photos for fake login sites and altered signatures, then immediately quarantine malicious emails so that the end-user never sees them. 

Another preventative step is email security. Technology that displays warning banners and identifies problematic emails is beneficial since it allows users to quarantine or mark messages as safe with a single click. Passwords that have been compromised can be used to launch cyberattacks. Single sign-on (SSO), multifactor authentication (MFA), and password management are all included in an identity and access management (IAM) tool. 

Another option to mitigate the security concerns associated with passwords is to use passwordless authentication. This method confirms a user's identity by utilizing biometrics, such as fingerprints, and one-time passwords, which require users to enter a code that is either emailed, transmitted through SMS, or received via an authenticator app. 

Finally, a company is only as powerful as its employees, emphasising the importance of cybersecurity training. The first line of defence is employees. An organization's odds of experiencing a cybersecurity incident can be reduced by up to 70% by boosting security awareness. Security awareness training should always be included in onboarding, and phishing simulation campaigns should be run regularly, at least once a month. 

While this may appear excessive, research reveals that four to six months after each training session, trained employees begin to forget what they learned. With hybrid workplaces becoming increasingly widespread post-pandemic, over half of the remote workers use email as their major mode of contact, demonstrating the importance of security awareness training. 
 
According to the FBI, firms in the United States lost more than $1.8 billion in costs due to business email compromise (BEC) or spearphishing last year. Phishing scams resulted in adjusted losses of more than $54 million, according to the FBI. Given that phishing remains a popular type of intrusion, it's reasonable to assume that number will continue to rise. 

Organizations may help defend their businesses from being hacked by utilising AI's complete functionality to construct a powerful security platform that detects threats, as well as strengthened email security measures and employee training.

The Dark Web's SS7 Exploit Service Providers are Bogus

 

Back in 2016, cybersecurity experts cautioned concerning flaws in Signalling System No. 7 or SS7, and as a consequence, just a year later, theoretical SS7 attacks turned legitimate ones. 

In the following years, government-sponsored attackers exploited flaws in SS7 to monitor persons overseas. Not just that, but threat actors used them to hack Telegram login credentials and emails. 

Apart from SMS abuse, the SS7 security flaws can be used for a variety of purposes, including: 

  • Monitoring and forwarding phone call
  • 2FA codes might be sent or intercepted. 
  • Locate the gadgets 
  • SMS forgery 

To obtain accurate data and reports, SOS Intelligence security analysts chose to explore all SS7 exploitation options provided on the darknet and assess them to determine whether they had flaws at their end or are simply phony. 

Subsequently, they evaluated 84 distinct onion domains claiming to provide SS7 exploitation services. They trimmed down the findings to make them more specific and visible, and they highlighted four services that appeared to be still functioning. 

Four services seemed to be still operational: SS7 Exploiter, SS7 ONLINE Exploiter, SS7 Hack, and Dark Fox Market. They discovered that many of the domains were pretty anonymous and had few inbound links after reviewing the network topology data of these websites. 

In general, it is not a healthy indicator of a website's reliability and credibility. And all of these factors indicate that they are recently founded phony platforms. 

Whilst, the SS7 Hack website appears to be a hoax, as it appears to be cloned from a clearnet page published in 2021. Even the experts were unsuccessful when they attempted to employ their set of SS7 flaws in the hope of building API mirroring capabilities, but the sound of that service was later blocked. 

Furthermore, it was discovered through investigation that in 2016, a Russian-speaking individual released demo films on YouTube about the services offered by the Dark Fox Market site, which charges $180 for each targeted phone number. 

The most intriguing aspect of this case is that all of the demo videos have been copied from YouTube and had no relation to the Dark Fox Market portal. To find a legitimate deal, one must go deeper, as the majority of websites are rife with fraud and scams.

Scam Spotter Warns the American Public of a Gift Card Scam

 

A cyber-security platform has come up with a humorous approach to alert Americans about gift card scams ahead of the Christmas season. With its new awareness campaign geared at thwarting scammers' complicated con efforts, Scam Spotter, a platform established by Cybercrime Support Network (CSN) with support from Google, is sounding the warning to consumers ahead of the busy shopping season. 

A grandma steals a helicopter and breaks into a jail in a foreign country to set her granddaughter free using gift cards as a bail payment in one Hollywood blockbuster-style dramatization. In another, a man narrowly avoids an armed police raid on his home after paying his tax debt with gift cards over the phone. "Your computer has been hacked," "you've been pre-approved for a loan," and "it's your boss – I need you to buy gift cards ASAP" are among the fraud tactics used in other commercials. 

A spokesperson for the Scam Spotter platform said: “This comprehensive campaign highlights the most common gift card scam scenarios in a series of absurd and hyperbolic videos to show that if the stories scammers use sound unbelievable, it’s because they are.” 

Scams are more common than many people know, and they've progressed far beyond the unlikely "Nigerian Prince" call, with the fraud industry being worth more than $3.3 billion every year. Scammers feed on people's fears and catch them off guard by using more personal methods of communication, such as a direct message on social media. They accomplish by creating "urgent" situations and instilling terror in their victims, making them feel compelled to act immediately without a chance to think. People are typically overwhelmed with embarrassment after being cheated, and they don't report or talk about it, leaving others vulnerable to fall for the same fraud. 

Gift cards have topped the list of reported fraud payment methods every year since 2018, according to the Federal Trade Commission. People reported losing roughly $245 million during that time, with a median individual loss of $840. 

Scams involving gift cards target people of all ages. “While baby boomers tend to lose more money per scam on average, younger generations are far from safe, with millennials reporting losses of around $300m in 2020,” said a Scam Spotter spokesperson. In its 2021 Holiday Shopping Forecast, global branded payments provider Blackhawk Network anticipated that gift card spending will rise by 27% this year.

Delhi Police: Nigerian Arrested for Scamming People by Hacking Mobile Phones

 

The Intelligence Fusion and Strategic Op (IFSO) unit of Delhi Police uncovered a syndicate that was hacking into people's mobile devices and WhatsApp accounts using custom-made malware. 

According to sources, the syndicate's leader recently hacked a senior bureaucrat's WhatsApp account, prompting a full-fledged inquiry. The mastermind of the module, identified as Chimelum Emmanuel Aniwetalu alias Maurice from Nigeria, has been arrested, according to DCP (IFSO) KPS Malhotra. His associate has also been found, and operations are underway to capture him. The syndicate was operating in Delhi and Bangalore. 

DCP Malhotra stated, “The syndicate was sending malware through WhatsApp and thereby accessing call logs, SMSs and contacts and control of the targeted WhatsApp account. After hacking the account, they would pose as the original WhatsApp account holder and communicate with the contact list thereby further hacking into more contacts.” 

“We had received a complaint that a person’s mobile phone was hacked by some unknown persons. Taking over the control of the WhatsApp of the complainant, they started demanding money from the contact list of the complainant by sending various distress messages. The accused had also provided a bank account to the contacts of the complainant for transferring the money."

An FIR was filed at IFSO, and an investigation team comprised of ACP Raman Lamba and inspectors Vijay Gahlawat and Bhanu Pratap was constituted. A technical investigation including IP address analysis (IP-DR) and human intelligence resulted in the recognition of one of the accused, who was caught during a raid. He was captured with a laptop and 15 phones. 

According to the investigation of the confiscated laptop, the gang utilised apps to create and distribute multiple malicious URLs. The accused had delivered malware disguised as an application to the victim's devices. 

DCP Malhotra further stated, “The accused created a dedicated application for each victim which when downloaded and installed on the victim’s phone, sent contacts, call logs and SMSs on the accused’s server.” 

During interrogation and forensic investigation of the devices, it was discovered that the accused employed a variety of methods, the most notable of which was impersonating a girl and befriending males on numerous social media sites. Once trust was established, the gang would give a link allowing him or her to join a group of like-minded peers. 

The DCP further added, once a person clicked on that link, he or she lost control of their social media profiles. Following that, the gang used social media accounts to acquire money. 

Mastermind Maurice was discovered overstaying in the nation despite the fact that his tourist visa had expired in 2018. The investigation also showed that he was scamming individuals under the pretext of selling herbal seeds online. He also befriended elderly men by impersonating ladies from other nations. 

According to police, the man fabricated paperwork claiming to be an UN-approved asylum seeker. A separate case has been opened at the Mohan Garden police station in this matter. The house owner, who rented his property to the foreigner, has also been arrested. 

“Delhi Police appeals to people for being cautious while communicating on social media and avoid clicking on any random web link or URL sent on any social media platform,” the DCP cautioned.

SEC: Watch Out for Hurricane Ida Related Investment Scams

 

The Securities and Exchange Commission (SEC) has issued a warning about fraud associated with Hurricane Ida, which wreaked havoc in numerous states last week with torrential rain and tornadoes, leaving millions without power. 

The SEC's Office of Investor Education and Advocacy releases investor alerts regularly to caution investors about the latest investment frauds and scams. Fraudsters would most likely target people who may receive compensation from insurance companies in the form of huge payouts as a direct result of Hurricane Ida's destruction. 

The SEC explained, “These scams can take many forms, including promoters touting companies purportedly involved in cleanup and repair efforts, trading programs that falsely guarantee high returns, and classic Ponzi schemes where new investors' money is used to pay money promised to earlier investors." 

"Some scams may be promoted through email and social media posts promising high returns for small, thinly-traded companies that supposedly will reap huge profits from recovery and cleanup efforts." 

AccuWeather CEO, Dr Joel Myers calculated that Hurricane Ida caused almost $95 billion in total damage and economic loss. Millions of individuals will now have to deal with insurance companies to cover the cost of water damage and other difficulties caused by the hurricane's aftermath. 

The SEC added that following the devastation by Hurricane Katrina in 2005, they were compelled to take action against hundreds of false and misleading statements concerning alleged business prospects.

Precautionary Measures

In the context of mitigating the risk and preventive measures, SEC urged, "Be sceptical if you are approached by somebody touting an investment opportunity. Ask that person whether he or she is licensed and whether the investment they are promoting is registered with the SEC or with a state." 

"Take a close look at your entire financial situation before making any investment decision, especially if you are a recipient of a lump sum payment. Remember, your payment may have to last you and your family for a long time." 

This advisory follows the one issued by the FBI's New Orleans office, which warned the public about an elevated risk of scammers attempting to profit from the natural calamity. 

"Unfortunately, hurricane or natural disaster damage often provides opportunities for criminals to scam storm victims and those who are assisting victims with recovery," the FBI warned. 

The FBI also offered a list of safeguards that victims of natural disasters should follow to avoid getting scammed, including: 
  • Unsolicited (spam) emails should be ignored. 
  • Be cautious of anyone posing as government officials and requesting money via email. 
  • Clicking on links in unsolicited emails is not a fine decision. 
  • Only open attachments from known senders; be wary of emails purporting to have photos in attached files, as the files may contain viruses. 
  • Do not give out personal or financial information to anybody asking for donations; doing so might jeopardize your identity and leave you vulnerable to identity theft. 
  • Be vigilant of emails purporting to provide employment. 
  • Before transferring money to a potential landlord, do your research on the advertisement.

Is Apple's Monopoly Making Its Security Vulnerable?


It's a well-known fact that Apple’s devices are undoubtedly way safer than any other company’s products, however, in recent research analysis, many reports claimed it to be a myth. 

According to the experts, Apple’s complex process of downloading apps has created a notion of added security but seemingly such is not the case, as revealed in deeper examinations. 

Reportedly, around 2% of the top-grossing iOS apps, are in some way, scams. Customers of several VPN apps, which protect users’ data, have complained against Apple App Store – saying that their devices are contaminated by a virus that tricks them to download and pay for software that they don’t need. 

An illegal QR code reader app that remains for a week on the store tricks users into paying $4.99. Moreover, some apps even mock themselves as being from big global organizations such as Amazon and Samsung. 

Apple always maintained its exclusive command on the App Store and describes this as its policy which is essential for customer’s sensitive personal credentials. Apple has a monopoly in the App market in terms of customer trust. However, some analysts said that this is indeed the biggest problem that there is no competition against this giant in the market, if some companies will come with alternatives then– as a matter of fact – Apple will invest more money in strengthening their security measures. 

“If consumers were to have access to alternative app stores or other methods of distributing software, Apple would be a lot more likely to take this problem more seriously,” said Stan Miles, an economics professor at Thompson Rivers University in British Columbia, Canada. 

As per the statistics, that Apple generates huge profit from the App store; around 30 percent of its revenue is constituted by the App store. 

Apple spokesperson Fred Sainz said in a statement that, “We hold developers to high standards to keep the App Store a safe and trusted place for customers to download software, and we will always take action against apps that pose a harm to users…” 

“…Apple leads the industry with practices that put the safety of our customers first, and we’ll continue learning, evolving our practices, and investing the necessary resources to make sure customers are presented with the very best experience.”

Ongoing Bitcoin Scams Show Power of Social Engineering Triggers

Over the last seven months, the number of Bitcoin scams has increased dramatically. The scams began around October 2020 and are still going on today. “Since October 2020, reports have skyrocketed, with approximately 7,000 people reporting losses of more than $80 million on these scams,” the FTC reported on May 17, 2021. 

It explains two different types of scams: The first is to entice victims to phoney websites that appear to be legitimate and offer investment opportunities and the second is essentially a celebrity scam, in which the alleged celebrity claims to triple every bitcoin investment instantly. Elon Musk's name is often used as a celebrity in the latter scam. He is used to lend legitimacy to the scam because of his business acumen and involvement in cryptocurrencies. 

The BBC reported on May 13, 2021, that a schoolteacher had lost £9,000 (nearly $12,750) after being duped into visiting a fake website. The study didn't say how she was tricked, but the website was a parody of the BBC. According to a fake news article, “Tesla buys $1.5 billion in bitcoin, plans to give $750 million of it away”, only the second half of the headline is incorrect. Tesla did, in fact, purchase $1.5 billion in bitcoin in February 2021, citing the need for “more versatility to further diversify and optimize returns on our cash.” 

Grammatical pedants may have seen a red flag in the fake BBC website's use of the word "giveaway" (generally a noun) instead of "give away" (the correct form for an action). Scams are known for grammatical and typographical mistakes, but the fake website is otherwise very convincing. The teacher invested £9,000 with the expectation of receiving £18,000 in return but got nothing. 

A month before, the BBC reported on a Twitter-based scam that resulted in a much larger loss. The real Elon Musk tweeted “Dojo 4 Doge” on February 22, 2021. Using the handle with the name Elon Musk on Twitter, a scammer offered a once-in-a-lifetime chance to send up to 20 bitcoin and earn double. The victim fell for it and submitted 10 bitcoins, which he promptly lost – about £497,000 (nearly $700,000).

Bitdefender, a security company, recently reported on two email campaigns with similar themes. In two separate campaigns, tens of thousands of fraudulent Tesla-related emails were sent. Both campaigns have the same pitch: send Elon Musk some bitcoin and he'll give you back twice as much. The first campaign makes use of a PDF attachment, apart from the PDF's post, which reads, "Our marketing department here at Tesla HQ came up with an idea: to hold a special giveaway event for all crypto fans out there," there is nothing malicious about it. The PDF contains instructions on how to send bitcoin and earn twice the sum in return. “ELON MUSK 5,000 B T C GIVEAWAY!” is a popular subject line for emails. 

Other emails, on the other hand, are personalized, including the user's username. Nearly 80% of the emails in this campaign seem to have been sent from IP addresses in Germany. According to the researchers, “11% of the fraudulent emails hit users in the United Kingdom, 79.26% in Sweden, and 9.22% in the United States.” 

The second campaign consists of a simple email containing details about the fraudulent giveaway and a Bitcoin Address QR Code that can be scanned by participants. The email reads, "If you want to participate in the giveaway, it's very simple! All you have to do is send any amount of Bitcoin (BTC) to our official donation address for this case (between 0.1 BTC and 50 BTC), and once we receive your transaction, we will immediately send back (2x) to the address from which you sent the BTC.” 

On the other hand, Bitdefender states that “at the moment, one of the perps' crypto wallets reveals 31 transactions totaling 1965.21 dollars.” All of these bitcoin scams show that it's almost impossible to keep users from falling for good social engineering – whether it's a scam or a phishing assault. In this scenario, the campaigns hit all the right notes: believability, celebrity endorsement, urgency, and most importantly, greed.

Hackers Exploit Ad Networks to Launch Phishing Attacks against Android Users


The hackers are exploiting mobile ad networks that take the android users to malicious websites. After this, hackers can either steal personal user information or attack the victim's Android device with spams. The Google play store has more than 400 apps that come with ads as a means to generate money for app developers. But recently, the hackers are exploiting these ad networks with the help of an SDK (Software Development Kit). The SDKs help app developers earn money, and the hackers are inserting code to attack the ad network.


According to the research done by Wandera, which is a mobile security firm, the hackers send domain and URLs to the users via the ads. The distribution systems are called Startapp, that allows the hackers to swamp the android device with spams and malicious websites. Startapp isn't responsible for any of the malicious content distributed. However, it is funded by a few agencies that distribute its malicious content. Startapp hasn't responded to the questions of its involvement in this cyberattack. "Our researchers wanted to explore a service that wasn't associated with a single well-known advertiser, such as Google or Facebook, so they took a closer look at the framework from StartApp, which would presumably provide app developers with ads from a wider variety of advertising networks," says Wandera' research report.

It also says that more than 90% of the distributed through the Startapp framework originate from a single ad provider.  Wandera, however, didn't identify the provider's name, but Cyberscoop has identified it as "AdSalsa." AdSalsa is a digital marketing firm that operates from Spain and is responsible for ads that direct users to these malicious websites.

"We help app publishers and developers turn their apps into successful businesses by using advanced data insights to identify relevant campaigns across direct and programmatic channels for each publisher's unique users. Over 400,000 apps have already integrated our lightweight, easy to incorporate advertising SDK. When combined with our mediation options, you can begin earning revenue from your apps in minutes," says StartApp on its website.  Experts at Wandera found 700 apps on Google play store using StartApp's SDK feature. Google, however, has removed 47% of these SDKs, according to Wandera. The exploitation of this advertising, which has now become malvertising, is creating problems for the app developers to secure their apps.

Google Is All Set To Fight The Coronavirus Themed Phishing Attacks and Scams


These days of lock-down have left cyber-criminals feeling pretty antsy about “working from home”. Not that it has mattered because apparently, that is why the number of cyber-crime cases has only hiked especially the Phishing attacks.

This has gotten Google working on its machine-learning models to bolster the security of Gmail to create a stronger security front against cyber-criminals.

Given the current conditions, the attackers seem to have a morbid sense when it comes to the themes of the Phishing attacks, i.e. COVID-19. Reportedly, 18 Million such attacks were blocked in a single week. Which amount up to 2.5% of the 100 Million phishing attacks it allegedly dodges every day.

Google, per sources, is also occupied with jamming around 240 Million spam messages on a daily basis. These phishing attacks and spams at such a worrisome time have impelled Google and Microsoft to modify their products’ mechanisms for creating a better security structure.

Reportedly, the number of phishing attacks, in general, hasn’t risen but in the already existing number of attacks, the use of COVID-19 or Coronavirus seems to have been used a lot.

Malware and phishing attacks, especially the ones related to COVID-19 are being pre-emptively monitored. Because being resourceful as the cyber-criminals are the existing campaigns are now being employed with little upgradations to fit the current situation.


A few of the annoying phishing emails include, ones pretending to be from the World Health Organization (WHO) to fool victims into making donations for VICTIMS to a falsified account.

Per the intelligence teams of Microsoft, the Coronavirus themed phishing attacks and scams are just the remodeled versions of the previous attacks.

The attackers are extremely adaptive to the things and issues that their victims might easily get attracted to. Hence a wide variety of baits could be noticed from time to time.

During the lock-down period of the pandemic, health-related and humanitarian organizations have been extensively mentioned in the scams and phishing emails.

Per sources, the Advanced Protection Program (APP) lately acquired new malware protections by enabling Google Play Protect On Android devices to some specifically enrolled accounts.

Allegedly, users trying to join the program with default security keys were suspended, while the ones with physical security keys were still allowed to be enrolled.

All the bettered security provisions of Google shall be turned on by default so that the users can continue to live a safe and secure life amidst the pandemic.

Meghan Markle and Prince Harry's Names Used for Fake Celebrity Endorsement of Bitcoins?


While the Coronavirus pandemic has practically driven people to stay locked up in their homes and spend a lot more (in some cases almost all) of their time online, the possibilities for cyber-criminals have only flourished.

Cyber-security experts have realized this and made a note out of it that everyone knows the kind of danger is lurking in their cyber-world.

From elaborate scams to phishing attacks that target the victim’s personal information, there is a lot of people who need to be cautious about it.

The Cryptocurrency industry is going through a lot due to the current crisis the world is in. The 'crypto-partakers" are being particularly on the hit list with something as attention-grabbing as purportedly “celebrity endorsement”. The latest bait names for this attempt happen to be that of charming Meghan Markle and Prince Harry.

Well-known personalities’ names like Bill Gates, Lord Sugar and even Richard Branson have been misused to lure people in as a part of similar scams. It is not necessary for the people mentioned to belong to a particular industry. They could be anyone famous for that matter.

The scams are so elaborate that once fooled the victims can’t even trace the mal-agent and. The latest scam, per sources, employs a fake report from the “BBC” mentioning how Prince Harry and Meghan Markle found themselves a “wealth loophole”.
Per sources, they also assure their targets that in a matter of three to four months they could convert them into millionaires. Further on, allegedly, it is also mentioned that the royals think of the Cryptocurrency auto-trading as the “Bitcoin Evolution”. It reportedly also includes a fake statement to have been made by Prince Harry.

The overconfident scammers also declare that there is no other application that performs the trading with the accuracy like theirs. Reportedly, on their website, there are banners with “countdowns” forcing people to think that there are limited period offers.

According to researchers this is one of the many schemes desperate cyber-criminals resort to. People not as used to the Cryptocurrency industry and the trading area, in particular, are more vulnerable to such highly bogus scams and tricks that the cyber-criminals usually have up their sleeves.

The Ascent of Gift Card Scams Leads in the Rise of Amount of Money Being Lost


With the rise of phishing attacks, business email compromise (BEC) campaigns and gift scams bring along with it the rise in the amount of money being lost.

Investigation by researchers at Agari, an email security enterprise, published in the cybersecurity organization's most recent 'Quarterly Fraud and Identity Deception' trends report – found that gift card cheats picked up footing especially during the end of 2019, accounting 62% of all BEC attacks, up from 56% during the previous quarter.

These attacks frequently include cybercriminals assuming control over business email accounts and utilizing a 'stolen identity' to email others in the association to demand the acquisition of gift cards. A common tactic is to act like somebody in the management requesting an employee to help them out – in light of the fact that by and large, the employee won't scrutinize a solicitation that is apparently coming from their boss.

The 'run-up' to the holiday season simply presented the criminals with the ideal chance to go ahead with their gift- card attacks, as they could easily do with the solicitation being framed as that for Christmas presents. The normal sum mentioned in gift-card attacks has risen somewhat to $1,627, with the base sum tending to come in at $250. In some progressively ambitious cases, cybercriminals have requested gift cards worth $10,000 to be transferred – by focusing on employees over different departments simultaneously.

Criminals are pulled in to BEC attacks since they end up being fruitful and they're easy to carry out. In any case, associations can go far to forestalling phishing and other email-based attacks from being successful by implementing additional security on accounts, very much like the multi-factor authentication, as well as human-level 'checks- and balances'.

As per, Crane Hassold, senior director of threat research at Agari, "Gift cards have become the preferred method of cashing out for a number of reasons. First, it makes everyone at any company the potential target of a BEC attack, not just the finance and HR departments. We've seen campaigns that have targeted 30-40 employees at a single company at one time in gift-card BEC scams,"

The value of the gift cards mentioned may show up small when considered individually, yet the total costs add up, particularly given how the attacks remain so fruitful and simple to cash out.

The most widely recognized solicitations are for gift cards for Google Play and eBay, very closely followed by Target, iTunes, and Walmart. Best Buy, Amazon, Steam and the Apple Store additionally make for some very well-known requests.

Cyber criminals thrive in India’s IT capital

Cyber criminals seem to be thriving in India’s IT capital; in the last four months alone, Bengalureans lost Rs 32 crore to various online scams. A 39-year-old woman was the biggest victim—a fraudulent suitor who befriended her through a matrimonial website made away with Rs 33 lakh.

The cybercrime police station of the Bengaluru city police has recorded a staggering 3,180 cases in four months since mid-January.

Last year, Sumathi (name changed) from Jayanagar had registered with a well-known marriage portal to find a match. Little did she know that the prince charming who approached her as a UK-based Indian doctor expressing interest to settle down with her in Bengaluru was an online imposter. He got her into parting her hard-earned money through numerous online transfers.

“She was lured by an exciting gift packet the man claimed to have sent from the UK. Then came the false excuse of Indian customs officials seizing the gift for duty. She fell for it and transferred lakhs of rupees, trusting the man who trapped her with sweet words and promise of marriage in a brief period,” said an officer.

Rise in matrimonial fraud

Sumathi is one among the many victims of online imposters who’ve siphoned off Rs 32 crore since February through various techniques—credit card skimming, vishing, phishing, e-wallet scam, online car sales con, Facebook fraud, airline ticketing trickery and an array of other Nigerian scams. Matrimonial frauds topped the charts in the four months with hundreds of women being targeted by crooks, mainly through paid portals and Facebook messenger.

“Every day, we register close to 40 FIRs regarding bank frauds, including phishing, vishing and illegal money withdrawal from accounts through ATMs. People still fall prey to lottery fraud, the oldest trick in the trade,” said an officer. He said the cybercrime wing register nearly 1,000 FIRs a month.