Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Smishing Scam. Show all posts
Smishing Scam
Cyber Crime cybercriminals Cybersecurity SMiShing Smishing Campaign Smishing Scam

Smishing Surge: Tactics, Threats, and 'The Com'


Recently, what we are observed is that enterprises facing a persistent threat from social engineering tactics aimed at acquiring login credentials for crucial systems like Identity and Access Management (IAM), cloud resources, and Single Sign-On (SSO) platforms. Successful breaches through these entry points can lead to widespread access within an organization, paving the way for data theft and ransomware attacks. 

In 2024, there has been a notable surge in phishing attempts conducted over Short Message Service (SMS), commonly known as smishing. Attackers capitalize on the ease and directness of SMS communication to deceive targets into revealing sensitive information. 

Do You Know What Tactics Cybercriminals employ to steal sensitive data through smishing? Let's Understand 

First is Malware Distribution, through smishing, malicious attackers lure victims into clicking on URLs that lead to the download of malware, or malicious software, onto their devices. This malware often disguises itself as a legitimate application, deceiving users into inputting confidential information. Once installed, the malware can intercept and transmit this data to the cybercriminals, compromising the victim's security. 

Second is the Creation of Malicious Websites, another tactic that involves directing victims to fake websites via smishing messages. These malicious websites are meticulously crafted to resemble legitimate platforms, enticing users to enter sensitive personal information. Cybercriminals utilize these custom-made sites to harvest data, capitalizing on the trust users place in recognizable interfaces. 

Additionally, it often happens when a group of malicious actors or an attacker establish deceptive domains mimicking legitimate platforms, such as a company's HR system. This tactic adds an air of authenticity to their phishing attempts, increasing the likelihood of success. 

 Do We Know What Group is Behind This? Yes

The perpetrators behind these attacks are a diverse group of threat actors collectively known as "The Com" or "The Community." This is an umbrella term which involves a majority of attackers, primarily young, operating across Canada, the U.S., and the U.K. Additionally, the group engages in various cybercriminal activities, including SIM swapping, cryptocurrency theft, swatting, real-life violence commissioning, and corporate intrusions. 

Furthermore, "The Com" has been identified as the source behind several high-profile breaches in recent years. Moreover, this online community shares overlaps with other research clusters and intrusion groups like Scattered Spider, Muddled Libra, UNC3944, and Octo Tempest.
Read more »
Software
Cyber Security Financial Loss Hackers Identity Theft Passwords Smishing Scam SMS Phishing Software

Beware: Government's Alert on Smishing Scam Threat

The Indian government has now urgently warned its citizens about the threat posed by smishing scams. Smishing, a combination of the words 'SMS' and 'phishing,' is the practice of hackers sending false text messages to people in an effort to get their sensitive personal information. This official warning serves as a reminder that residents need to be more vigilant and knowledgeable.

The warning highlights that cybercriminals are exploiting SMS communication to carry out their malicious intentions. These messages often impersonate legitimate entities, such as banks, government agencies, or popular online services, luring recipients into clicking on malicious links or sharing confidential information. The consequences of falling victim to smishing can be dire, ranging from financial loss to identity theft.

To shield themselves against this growing menace, citizens are urged to follow certain precautions:

1. Verify the Source: Always double-check the sender's details and the message's authenticity. Contact the organization directly using official contact information to confirm the legitimacy of the message.

2. Don't Click Hastily: Refrain from clicking on links embedded in SMS messages, especially if they ask for personal information or prompt immediate action. These links often lead to fraudulent websites designed to steal data.

3. Guard Personal Information: Never share sensitive information like passwords, PINs, Aadhar numbers, or banking details via SMS, especially in response to unsolicited messages.

4. Implement Security Measures: Install reliable security software on your mobile devices that can detect and block malicious texts. Regularly update the software for enhanced protection.

5. Educate Yourself: Stay informed about the latest smishing techniques and scams. Awareness is a strong defense against falling victim to such tricks.

6. Report Suspicious Activity: If you receive a suspicious SMS, report it to your mobile service provider and the local authorities. Reporting aids in tracking and preventing such scams.

The government's warning serves as a reminder that while technology enriches our lives, it's vital to remain cautious. Cybercriminals are continuously devising new ways to exploit unsuspecting individuals, making it imperative for everyone to stay well-informed and adopt preventive measures.

Read more »
UK Firm
Christmas COVID-19 Cyber Fraud Fraud Mails Fraudulent Scheme Scammers Scams Smishing Scam Text Scams UK Firm

Consumers Warned of Rising Delivery Text Scams

 

Consumers are being advised to be wary of delivery scam texts while purchasing online for Christmas and Boxing Day sales. 

New research from cybersecurity firm Proofpoint shows that delivery 'smishing' scams are on the rise during the busiest shopping season of the year, according to UK Finance. So far in Q4, more than half (55.94%) of all reported smishing text messages impersonated parcel and package delivery firms. In Q4 2020, only 16.37 percent of smishing efforts were made. 

In comparison to Q4 2020, Proofpoint saw a considerable decrease in different types of smishing frauds in Q4 2021. Text scams mimicking financial institutions and banks, for example, accounted for 11.73 percent of all smishing attacks in 2021, compared to 44.57 percent in 2020. 

The information comes from Proofpoint's operation of the NCSC's 7726 text message system. Customers can use this method to report suspicious texts. 

Delivery smishing scams typically begin with a fraudster sending a bogus text message to the recipient alerting them that the courier was unable to make a delivery and demanding a charge or other information to rearrange. The consumer will be directed to a fake package delivery company's website, where they will be asked to provide personal and financial information. 

Following the significant development in online shopping during COVID-19, this form of scam has become increasingly common. Over two-thirds (67.4%) of all UK texts were reported as spam to the NCSC's 7726 text messaging system in the 30 days to mid-July 2021, according to Proofpoint. 

Which? revealed a very clever smishing fraud involving an extremely convincing DPD fake website in a recent investigation. 

Katy Worobec, managing director of economic crime at UK Finance, commented: “Scrooge-like criminals are using the festive season to try to trick people out of their cash. Whether you’re shopping online or waiting for deliveries over the festive period, it’s important to be on the lookout for scams. Don’t let fraudsters steal your Christmas – always follow the advice of the Take Five to Stop Fraud campaign and stop and think before parting with your information or money.” 

Steve Bradford, senior vice president EMEA at SailPoint, stated: “The sharp rise in text message scams – or smishing, which has increased tenfold compared to last year, should be a stark warning to the public. With parcel delivery scam texts expected to spike this Christmas, it’s clear cyber-criminals are using every opportunity available to target victims using new methods. This comes as more businesses use SMS to engage with customers, to accommodate the digital-first mindset that now characterizes many consumers. But this also opens the doors to threat actors able to masquerade as popular websites or customer service support."

“Consumers must be extra vigilant and refrain from clicking any links in text messages that they’re unsure about. It’s also crucial they are keeping their data, identities, and banking information safe – for example, by not taking pictures of their credit card and financial information, since photos often get stored in the cloud, which risks potential exposure to malicious actors.”
Read more »
Subscribe to: Posts (Atom)