Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label phishing. Show all posts
Smishing Scam
Automotive Industry Cyber cyber attack IRS phishing Ransomware Smishing Scam

IRS Warns Car Dealers of New Phishing and Smishing Threats


 

The Internal Revenue Service (IRS) has issued an urgent warning to car dealers and sellers across the United States, highlighting a surge in sophisticated phishing and smishing scams targeting the automotive industry. These cyber threats pose a significant risk to the daily operations of businesses, potentially leading to severe disruptions.

The warning follows a recent ransomware attack on CDK Global, a software provider for car dealerships. This cyberattack affected approximately 15,000 dealerships nationwide, crippling their scheduling, sales, and order systems. Some dealers were forced to revert to manual processes to continue their operations. In response to the attack, CDK Global reportedly paid a $25 million ransom to regain control of their systems.

According to the IRS, scammers are increasingly impersonating the agency to extract sensitive financial and personal information. These fraudulent communications often come in the form of emails or text messages, urging recipients to click on suspicious links, download malicious files, or provide confidential details. The IRS emphasised that such tactics are a "favourite" among cybercriminals.


Recommendations for Protection

To safeguard against these scams, the IRS provided several recommendations for both businesses and individuals:

1. Stay Alert to Fake Communications: Be cautious of unsolicited messages that appear to come from legitimate organisations, friends, or family. These messages may impersonate banks or other financial entities to deceive recipients into clicking harmful links.

2. Avoid Clicking Unsolicited Links: Never click on links in unsolicited emails or text messages, as they may lead to identity theft or malware installation.

3. Verify the Sender: If you receive a suspicious message, verify its authenticity by contacting the sender through a different communication method. Do not use contact information provided in the unsolicited message.

4. Do Not Open Attachments: Avoid opening attachments in unsolicited emails, as they can contain malicious code that can infect your computer or mobile device.

5. Delete Suspicious Emails: To prevent potential harm, delete any unsolicited emails immediately.


Vigilance is Key

The IRS stressed the importance of vigilance in the face of these evolving cyber threats. By following the recommended precautions, car dealers and sellers can reduce their risk of falling victim to phishing and smishing scams. As cybercriminals continue to refine their tactics, staying informed and cautious remains crucial for protecting sensitive information and maintaining business continuity.


Read more »
Technology
Cyber Outage Global IT Outage phishing Scams Technology

Crowdstrike: How to Stay Safe After a Global IT Outage

Crowdstrike: How to Stay Safe After a Global IT Outage

Cyber-security experts and agencies around the world are warning people about a wave of opportunistic hacking attempts linked to the IT outage.

Beware of Scams: Fake Emails and Websites Target Users After IT Outage

Although there is no evidence that the CrowdStrike outage was caused by malicious activity, some bad actors are attempting to take advantage.

Cyber agencies in the UK and Australia are warning people to be vigilant to fake emails, calls and websites that pretend to be official.

And CrowdStrike head George Kurtz encouraged users to make sure they were speaking to official representatives from the company before downloading fixes. “I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.,” Kurtz said in a blogpost.

Fear and Paranoia

Anytime there is a major news event, particularly one involving technology, hackers respond by adjusting their existing methods to account for the anxiety and uncertainty.

We witnessed the same thing with the Covid-19 pandemic when hackers modified their phishing email campaigns to include viral information and even pretended to have an antidote to hack people and organizations.

The Surge in Scams Post-Outage

Because the IT breakdown has become a global news issue, hackers are capitalising.

According to SecureWorks researchers, there has already been a significant increase in CrowdStrike-themed domain registrations, which involve hackers registering new websites that appear to be official and potentially trick IT managers or members of the public into downloading malicious software or handing over private information.

Managers on the Lookout

The advice is mostly for IT managers, who are being impacted while they work to restore their organizations' online operations.

Individuals may also be targeted, thus experts advise caution and to only act on information obtained through legitimate CrowdStrike channels.

Protecting Yourself from Scams

  • Verify the Source: Always verify the authenticity of any communication you receive. Contact the company directly using official contact information from their website, not the contact details provided in the suspicious message.
  • Look for Red Flags: Be wary of unsolicited messages that create a sense of urgency or pressure you to take immediate action. Check for spelling and grammatical errors, which are common in phishing attempts.
  • Use Security Software: Install and regularly update security software on your devices. This can help detect and block malicious websites and emails.
  • Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.
  • Educate Yourself: Stay informed about the latest scam tactics and share this information with friends and family. Awareness is a powerful tool in preventing cybercrime.
Read more »
ToolKit
Cyber Security FishXProxy phishing Threat Management ToolKit

Phishing Kit FishXProxy Equips Online Criminals for Success

 

Phishing campaigns have always been a threat, but a new toolkit called FishXProxy is making it alarmingly easy for even inexperienced cybercriminals to carry out sophisticated scams. 

SlashNext Email Security researchers have disclosed exclusive details about FishXProxy, a new phishing kit that was found on the Dark Web, in their most recent report. With its advanced features like antibot setups, Cloudflare Turnstile integration, an integrated redirector, and page expiration settings, FishXProxy is an end-to-end solution that lowers the bar for cybercriminals. 

The kit is advertised as "The Ultimate Powerful Phishing Toolkit," since it can simply neutralise technical hurdles associated with phishing campaigns, allowing cybercriminals to launch attacks that bypass security defences and go undetected. FishXProxy is especially damaging because it makes phishing possible for individuals with limited technology expertise. It is a comprehensive solution for creating and managing phishing sites in order to avoid detection and increase the success rate of credential theft attempts. 

“FishXProxy equips cybercriminals with a formidable arsenal for multi-layered email phishing attacks…Even if one attack fails, cross-project tracking allows attackers to persistently target victims across multiple campaigns,” SlashNext’s researchers stated in their report. 

Using this kit, phishing emails with unique links and dynamic attachments can avoid security checks. Advanced anti-bot technology discards automated scanning and potential victims. Worse, FishXProxy includes traffic management features that mask the true destination of links and distribute traffic across multiple pages. Short-lived frauds can also be made to expire after a certain amount of time, putting pressure on victims to act fast. A cookie system enables attackers to identify and target users across many campaigns, personalising schemes and creating profiles of subsequent victims. 

Mr Mika Aalto, Co-Founder and CEO of Hoxhunt, a Helsinki-based Human Risk Management Platform, commented on the recent trend, stating that phishing kits make it easy for even less competent and resource-limited criminals to carry out advanced phishing attacks. 

“Phishing kits are lowering the barrier of entry to advanced cybercrime even for low-resourced and not clever criminals. As more phishing attacks consequently bypass filters, we need to make sure our people are equipped with the skills and tools to keep themselves and their colleagues safe,“ Aalto noted. 

To mitigate this threat, organisations require modern security solutions that can detect threats through numerous channels. Employees should also be trained on the most recent phishing techniques, and strong authentication protocols should be established.
Read more »
ransomware incident
Cyber Attacks Cybersecurity Crisis Financial Security phishing ransomware incident

Behind the Scenes: How Patelco Responded to the Ransomware Threat


Patelco Credit Union, a prominent financial institution based in Dublin, has been thrust into the spotlight due to a crippling ransomware attack. 

With over half a million members affected, the situation underscores the critical importance of robust cybersecurity measures for financial institutions. In this blog post, we delve into the details of the attack, its implications, and the lessons we can learn from Patelco’s experience.

Patelco Credit Union Ransomware Attack

Four days after a ransomware attack disabled its systems, Patelco Credit Union could not inform its members when banking activities would resume.

The Dublin-based credit union has yet to provide additional information on the security incident that has prevented members from making electronic payments, deposits, or transfers since last weekend.

Customers continued to wait in lines to use bank ATMs on Tuesday, forcing them to visit Patelco locations around the state to withdraw cash, even though they can still not view their statement balances or any other information about their online banking.

The Attack Unfolds

The Lockdown: Patelco’s online banking services ground to a halt as the attack unfolded. Members were unable to make electronic payments, access their account balances, or conduct transactions. The situation escalated rapidly, leaving customers frustrated and anxious.

Phishing Email as the Gateway: Cybersecurity experts suspect that the attackers gained entry through a phishing email. These deceptive emails trick recipients into revealing sensitive information or clicking on malicious links. In Patelco’s case, an unwitting employee may have inadvertently provided the attackers with a foothold.

Encryption and Ransom Demand: Once inside Patelco’s systems, the hackers encrypted critical data, effectively locking the credit union out of its own infrastructure. The term “ransomware” aptly describes their next move: they demanded payment in cryptocurrency in exchange for decrypting the files.

The Response

Member Disruptions: Patelco’s half a million members faced significant disruptions. Unable to check balances, transfer funds, or pay bills online, they turned to ATMs and physical branches. The inconvenience was palpable, highlighting the importance of uninterrupted digital services.

Assets and Vulnerabilities: Patelco manages a substantial $9 billion in assets across its 37 branches. The attack raises questions about the security posture of financial institutions. Are credit unions like Patelco adequately protected? Or are they, as some experts suggest, “soft targets” compared to larger banks?

Transparency and Communication: Patelco responded swiftly by creating a dedicated website to keep members informed. Regular updates on the security breach, restoration efforts, and collaboration with cybersecurity experts demonstrate transparency and a commitment to resolving the crisis.

What can be done

  • Invest in Cybersecurity: Financial institutions, regardless of size, must prioritize robust cybersecurity measures. Regular employee training on recognizing phishing attempts, network segmentation, and incident response plans are essential.
  • Backup and Recovery: Regular data backups and tested recovery procedures can mitigate the impact of ransomware attacks. Patelco’s ability to restore services promptly will depend on its preparedness in this area.
  • Third-Party Collaboration: Patelco’s engagement with external cybersecurity experts is commendable. Collaborating with specialists who understand the evolving threat landscape is crucial.

Read more »
YouTube security
cybercriminal threats info-stealing malware online safety tips phishing Technology two-factor authentication Youtube YouTube channel YouTube security

YouTube: A Prime Target for Cybercriminals

As one of today's most popular social media platforms, YouTube frequently attracts cybercriminals who exploit it to run scams and distribute malware. These schemes often involve videos masquerading as tutorials for popular software or ads for cryptocurrency giveaways. In other cases, fraudsters embed malicious links in video descriptions or comments, making them appear as legitimate resources related to the video's content.

The theft of popular YouTube channels elevates these fraudulent campaigns, allowing cybercriminals to reach a vast audience of regular YouTube users. These stolen channels are repurposed to spread various scams and info-stealing malware, often through links to pirated and malware-infected software, movies, and game cheats. For YouTubers, losing access to their accounts can be distressing, leading to significant income loss and lasting reputational damage.

Most YouTube channel takeovers begin with phishing. Attackers create fake websites and send emails that appear to be from YouTube or Google, tricking targets into revealing their login credentials. Often, these emails promise sponsorship or collaboration deals, including attachments or links to supposed terms and conditions.

If accounts lack two-factor authentication (2FA) or if attackers circumvent this extra security measure, the threat becomes even more severe. Since late 2021, YouTube content creators have been required to use 2FA on the Google account associated with their channel. However, in some cases, such as the breach of Linus Tech Tips, attackers bypassed passwords and 2FA codes by stealing session cookies from victims' browsers, allowing them to sidestep additional security checks.

Attackers also use lists of usernames and passwords from past data breaches to hack into existing accounts, exploiting the fact that many people reuse passwords across different sites. Additionally, brute-force attacks, where automated tools try numerous password combinations, can be effective, especially if users have weak or common passwords and neglect 2FA.

Recent Trends and Malware

The AhnLab Security Intelligence Center (ASEC) recently reported an increase in hijacked YouTube channels, including one with 800,000 subscribers, used to distribute malware like RedLine Stealer, Vidar, and Lumma Stealer. According to the ESET Threat Report H2 2023, Lumma Stealer particularly surged in the latter half of last year, targeting crypto wallets, login credentials, and 2FA browser extensions. As noted in the ESET Threat Report H1 2024, these tools remain significant threats, often posing as game cheats or software cracks on YouTube.

In some cases, cybercriminals hijack Google accounts and quickly create and post thousands of videos distributing info-stealing malware. Victims may end up with compromised devices that further jeopardize their accounts on other platforms like Instagram, Facebook, X, Twitch, and Steam.

Staying Safe on YouTube

To protect yourself on YouTube, follow these tips:

  • Use Strong and Unique Login Credentials: Create robust passwords or passphrases and avoid reusing them across multiple sites. Consider using passkeys for added security.
  • Employ Strong 2FA: Use 2FA not just on your Google account, but also on all your accounts. Opt for authentication apps or hardware security keys over SMS-based methods.
  • Be Cautious with Emails and Links: Be wary of emails or messages claiming to be from YouTube or Google, especially if they request personal information or account credentials. Verify the sender's email address and avoid clicking on suspicious links or downloading unknown attachments.
  • Keep Software Updated: Ensure your operating system, browser, and other software are up-to-date to protect against known vulnerabilities.
  • Monitor Account Activity: Regularly check your account for any suspicious actions or login attempts. If you suspect your channel has been compromised, follow Google's guidance.
  • Stay Informed: Keep abreast of the latest cyber threats and scams targeting you online, including on YouTube, to better avoid falling victim.
  • Report and Block Suspicious Content: Report any suspicious or harmful content, comments, links, or users to YouTube and block such users to prevent further contact.
  • Secure Your Devices: Use multi-layered security software across your devices to guard against various threats.
Read more »
Windows
Explorer malware phishing URI Windows

Phishing Attack Abuses Windows Search Protocol to Deploy Malware

 



A recently developed phishing campaign has emerged, leveraging the Windows Search protocol to deliver malicious scripts to unsuspecting users. This sophisticated attack uses HTML attachments to exploit the search-ms URI, pushing harmful batch files hosted on remote servers.

The Windows Search protocol is a Uniform Resource Identifier (URI) that allows applications to open Windows Explorer and perform searches with specific parameters. Typically, these searches are conducted on the local device’s index. However, attackers have discovered that it’s possible to manipulate Windows Search to query file shares on remote hosts, presenting these remote files as if they were local.

The recent phishing attacks, as detailed in a report by Trustwave SpiderLabs, start with a seemingly innocuous email. The email contains an HTML attachment disguised as an invoice document within a ZIP archive. This ZIP file format helps evade many security and antivirus scanners that might not inspect the contents thoroughly.

Upon opening the HTML file, it uses a `<meta http-equiv="refresh">` tag to automatically redirect the browser to a malicious URL. A clickable anchor tag provides a fallback mechanism if the automatic redirect fails due to browser settings or other reasons. This URL exploits the Windows Search protocol to perform a search on a remote host.

The search parameters in this phishing attack are ingeniously crafted to mislead users. The query searches for items labeled "INVOICE," while the crumb parameter sets the search scope, directing it to a malicious server through Cloudflare. The display name is altered to "Downloads," giving the appearance of a legitimate interface. Additionally, Cloudflare's tunnelling service masks the server, making the remote resources appear as though they are local files.

The search results display a single shortcut (LNK) file named as an invoice. When the victim clicks on this file, it triggers a batch script (BAT) hosted on the same remote server.

The exact operations of the batch script remain unknown, as Trustwave researchers could not analyse it due to the server being offline at the time of their investigation. However, the potential for harmful activities, such as data theft or system compromise, is significant.

To defend against this threat, Trustwave suggests removing registry entries associated with the search-ms/search URI protocol. This can be done by executing specific commands in the registry editor. However, this action should be taken cautiously as it may disrupt legitimate applications and Windows features that rely on this protocol.

This new phishing method highlights the twisted tactics of cybercriminals and the importance of staying vigilant. Users and organisations must be aware of such threats and implement robust security measures to protect against these sophisticated attacks. Regular updates to security protocols and awareness training can help mitigate the risks posed by these kinds of phishing campaigns.


Read more »
South America
Banking Trojan Cyber Security Cyberthreats Digital Fraud Money Scams phishing South America

Global Resurgence of Grandoreiro Banking Trojan Hitting High

 
The cybercriminal group behind the Grandoreiro banking trojan has re-emerged in a global campaign since March 2024, following a significant law enforcement takedown earlier this year. This large-scale phishing operation targets over 1,500 banks across more than 60 countries, spanning Central and South America, Africa, Europe, and the Indo-Pacific, according to IBM X-ForceIBM X-Force. Originally focused on Latin America, Spain, and Portugal, Grandoreiro’s new campaign signifies a strategic shift after Brazilian authorities disrupted its infrastructure. 

Despite a major takedown in January 2024, which saw the Brazilian Federal Police, Interpol, the Spanish National Police, ESET, and Caixa Bank dismantle the operation and arrest five individuals, the malware has returned with significant upgrades. The phishing emails associated with Grandoreiro masquerade as urgent government payment requests, prompting recipients to click on links that download and execute malicious files. 

Once installed, the trojan interacts with banking apps to facilitate fraudulent transactions, logs keystrokes and captures screenshots to steal banking credentials and sensitive data. It also allows remote system manipulation and file operations by threat actors. A key enhancement in the latest version is a module that captures Microsoft Outlook data and uses compromised email accounts to spread spam. 

Grandoreiro employs the Outlook Security Manager tool to bypass security alerts, enabling seamless interaction with the Outlook client. IBM X-Force reports substantial improvements to the malware’s evasion techniques, including a string decryption method using AES CBC encryption with a unique decoder. The domain generation algorithm (DGA) has been upgraded with multiple seeds to enhance command and control (C2) communications. 

The trojan can also disable security alerts in Outlook and send phishing emails using compromised credentials. The updated Grandoreiro evades execution in several countries, including Poland, the Czech Republic, the Netherlands, and Russia. It also blocks operation on Windows 7 systems in the US without an active antivirus program, demonstrating its resilience and increased persistence. 

To combat the threat of Grandoreiro 

Organizations are advised to prioritize user education on phishing tactics. Employees should be trained to recognize suspicious emails, verify sender legitimacy, and avoid clicking on unknown links or opening untrusted attachments. Robust spam filtering systems at the gateway level can intercept many phishing emails, while behavior-based detection techniques in endpoint security systems can identify and stop harmful activities. As phishing attacks rise, protecting organizations becomes crucial. 

Enhancing user awareness is key, and resources like Phishing Tackle offer tools and training to help users recognize and avoid phishing threats. Despite technological defenses, user education remains vital in minimizing the impact of successful attacks. Consulting with experts can provide valuable insights and tools to strengthen defenses against these persistent threats.
Read more »
User Data Leak
Data Breach Financial Credentials phishing ShinyHunters Ticketmaster User Data Leak

Ticketmaster Data Breach Affects Over 500 Million Customers


 


We are all music fans at heart, and recently the most eye-catching tour is the three-hour Taylor Swift concert. The platform that sells tickets for these in-demand tours, Ticketmaster, has taken a hit. In a substantial blow to one of the world’s largest ticketing services, Ticketmaster has reportedly suffered a massive data breach impacting over half a billion customers. According to Mashable, the hacker group known as ShinyHunters claims responsibility for stealing customer data from nearly 560 million users. Although Ticketmaster has yet to confirm the breach, ShinyHunters has a history of high-profile hacks and is now selling the stolen data on a popular hacking forum for $500,000.


Details of the Stolen Data

ShinyHunters alleges they have obtained a substantial 1.3 terabytes of data, including sensitive information such as full names, addresses, and phone numbers. Additionally, the breach encompasses detailed order histories, which reveal ticket purchase details and event information. Alarmingly, partial payment information, including names, the last four digits, and expiration dates of credit cards, is also among the compromised data.


While waiting for Ticketmaster's official response, it is crucial for affected customers to take proactive steps to protect themselves. The stolen data could be used for targeted phishing attacks, making it essential to remain vigilant when checking emails, messages, or mail. Cybercriminals may impersonate reputable companies to trick individuals into revealing passwords or financial information.


To mitigate risks, users should avoid clicking on links or downloading attachments from unknown senders and always verify the legitimacy of the sender’s email address. Implementing robust cybersecurity measures, such as using the best antivirus software for PCs, Macs, and Android devices, can provide additional protection against potential malware infections.


Steps to Take Following a Data Breach

In the wake of a data breach, companies typically offer guidance and access to identity theft protection services. However, Ticketmaster has not yet confirmed the breach or announced any support for affected customers. Until more information is available, individuals should monitor their accounts for suspicious activity and consider changing passwords for any online accounts associated with the compromised email addresses.


Given ShinyHunters' notorious track record, including the 2021 leak of 70 million AT&T subscribers’ information, the claims warrant serious attention.


This incident surfaces the importance of cybersecurity and the potential vulnerabilities even large companies face. As the situation develops, staying informed and cautious will be key for those potentially affected by this breach. We will continue to provide updates as more information becomes available from Ticketmaster and other reliable sources.



Read more »
Sharp Dragon
Africa Chinese Threat Actors Cyber Security cyber threat phishing Sharp Dragon

Sharp Dragon Shifts Cyber Attacks to New Frontiers: Africa and the Caribbean


Check Point Research has been monitoring Sharp Dragon, a Chinese cyber threat group, since 2021. This group, previously known as Sharp Panda, has primarily targeted organisations in Southeast Asia with phishing campaigns. Recently, however, they have expanded their activities to include government organisations in Africa and the Caribbean, marking a significant change in their strategy.

Starting in late 2023, Sharp Dragon shifted its focus to government entities in Africa and the Caribbean. They used previously compromised email accounts from Southeast Asia to send phishing emails. These emails contained documents that appeared legitimate but were actually designed to deliver Cobalt Strike Beacon malware, replacing their earlier use of VictoryDLL and the Soul framework.

The first attack targeting Africa occurred in November 2023, involving a phishing email about industrial relations between Southeast Asia and Africa. By January 2024, further attacks within Africa suggested that some initial attempts had been successful. Similarly, in December 2023, Sharp Dragon targeted a Caribbean government with a document related to a Commonwealth meeting. This was followed by a broader phishing campaign in January 2024, using a fake survey about opioid threats in the Eastern Caribbean.

Sharp Dragon has been refining its tactics. Their new approach includes more thorough checks on target systems before deploying malware. They now use Cobalt Strike Beacon, which allows them to control infected systems without exposing their custom tools immediately. This change helps them avoid detection and gather more information on their targets.

They have also shifted from using DLL-based loaders to executable files disguised as documents. These files write and execute malicious software and create scheduled tasks for persistence on the infected system.

Another major change is Sharp Dragon's use of compromised servers for their command and control operations. Instead of using dedicated servers, they exploit legitimate servers, making their activities harder to detect. For example, in May 2023, they used a vulnerability in the GoAnywhere platform to take over legitimate servers.

Sharp Dragon's new focus on Africa and the Caribbean shows a broader effort by Chinese cyber groups to increase their influence in these regions. After years of targeting Southeast Asia, Sharp Dragon is using its established tactics to gain foothold in new territories. Their refined methods and careful target selection highlight the need for enhanced cybersecurity measures in these regions, which have yet to be as heavily scrutinized by the global cybersecurity community.


Read more »
Security
Antiphish Banks bfsi CISO phishing Phishing and Spam Security

Case Study: Implementing an Anti-Phishing Product and Take-Down Strategy


Introduction:

Phishing attacks have become one of the most prevalent cybersecurity  threats, targeting individuals and organizations to steal sensitive information such as login credentials, financial data, and personal information. To combat this growing threat, a comprehensive approach involving the deployment of an anti-phishing product and an efficient take-down strategy is essential.

This case study outlines a generic framework for implementing such measures, with a focus on regulatory requirements mandating the use of locally sourced solutions and ensuring proper validation before take-down actions.


Challenge:

Organizations across various sectors, including finance, healthcare, and e-commerce, face persistent phishing threats that compromise data security and lead to financial losses. The primary challenge is to develop and implement a solution that can detect, prevent, and mitigate phishing attacks effectively while complying with regulatory requirements to use locally sourced cybersecurity products and ensuring that take-down actions are only executed when the orginization is phished/imitated.


Objectives:

1. Develop an advanced anti-phishing product with real-time detection and response capabilities.

2. Establish a rapid and effective take-down process for phishing websites.

3. Ensure the anti-phishing product is sourced from a local provider to meet regulatory requirements.

4. Implement a policy where take-down actions are only taken when the orginization is phished.


Solution:

A multi-faceted approach combining technology, processes, and education was adopted to address the phishing threat comprehensively.


1. Anti-Phishing Product Development

An advanced anti-phishing product from a local cybersecurity provider was developed with the following key features:

Real-time Monitoring and Detection:

Utilizing AI and machine learning algorithms to monitor email traffic, websites, and network activity for phishing indicators.

- Threat Intelligence Integration:

  Incorporating global threat intelligence feeds to stay updated on new phishing tactics and campaigns.

- Automated Detection of Brand Violations: Implementing capabilities to automatically detect the use of logos, brand names, and other identifiers indicative of phishing activities.

- Automated Response Mechanisms:

Implementing automated systems to block phishing emails and malicious websites at the network level, while flagging suspicious sites for further review.

- User Alerts and Guidance: Providing immediate alerts to users when suspicious activities are detected, along with guidance on how to respond.


2. Phishing Website Take-Down Strategy

We developed a proactive approach to swiftly take down phishing websites, ensuring a balance between automation and human oversight, and validating the phishing activity before take-down:

- Rapid Detection Systems: Leveraging real-time monitoring tools to quickly identify phishing websites, especially those violating brand identities.

- Collaboration with ISPs and Hosting Providers:

Establishing partnerships with internet service providers and hosting companies to expedite the take-down process.

- Human Review Process and Validation of Phishing Activity:

Ensuring that no site is taken down without a human review to verify the phishing activity, preventing erroneous takedowns/rejections.

- Legal Measures:

Employing legal actions such as cease-and-desist letters to combat persistent phishing sites.

- Dedicated Incident Response Team:

Forming a specialized team to handle take-down requests and ensure timely removal of malicious sites, following human verification.


Results:

1. Reduction in Phishing Incidents: Organizations reported a significant decrease in successful phishing attempts due to the enhanced detection and response capabilities of the locally sourced anti-phishing product.

2. Efficient Phishing Site Take-Downs:

The majority of reported phishing websites were taken down within 24 hours, following human review and validation of phishing activity, minimizing the potential impact of phishing attacks.


Conclusion:

The implementation of an advanced, locally sourced anti-phishing product, combined with a robust take-down strategy and comprehensive educational initiatives, significantly enhances the cybersecurity posture of organizations. By adopting a multi-faceted approach that leverages technology, collaborative efforts, and user education, while ensuring compliance with regulatory requirements to use local solutions and validating phishing activity before take-down actions, organizations can effectively mitigate the risks posed by phishing attacks. This case study underscores the importance of an integrated strategy, ensuring automated systems are complemented by human oversight, in protecting against the ever-evolving threat of phishing.


By

Suriya Prakash & Sabari Selvan

CySecurity Corp

Read more »
Privacy
Ad Blocking AdGuard DNS Browser DNS phishing Privacy

Block Ads and Boost Security with AdGuard DNS

 



Advertisements are omnipresent, disrupting our web browsing and compromising our online security. Many ads slow down our internet speed, infringe on our privacy, and even pose malware risks. However, there is a solution that can alleviate these issues: AdGuard DNS.

AdGuard DNS offers a comprehensive way to block malicious websites, intrusive ads, and trackers while also enabling parental controls. This service stands out by allowing up to 20 devices to connect across more than 50 servers in 15 locations. Now, a five-year subscription is available for $24.97, down from the regular price of $719.64, but only until May 22.

Default DNS (Domain Name System) services translate website names into IP addresses, guiding your browser to the correct site. AdGuard DNS takes this further by filtering out unsafe sites before you even visit them. This added layer of protection can demonstrably enhance your digital security.


Benefits of Blocking Ads

Blocking ads with a DNS service like AdGuard can make web pages load faster. This is because ads often consume substantial bandwidth and processing power, particularly those that are interactive or video-based. By reducing the data your browser needs to load, AdGuard DNS can dramatically improve your browsing experience.

Unlike browser-based ad-blockers, AdGuard DNS provides network-wide protection. This means it blocks ads and trackers not only in your web browser but also across your entire operating system, installed programs, and mobile apps. This system-level blocking is far more effective than relying solely on browser extensions, which can't intercept ads and trackers operating outside the browser.

AdGuard DNS also enhances your privacy and security. Ads are not just annoying; they can be dangerous, containing trackers, malware, and phishing links. For example, in April 2021, hackers used malicious ads to distribute infected software via fake sites, leading to data theft for many users. By blocking such ads, AdGuard DNS protects you from these threats before they reach your device.

For those seeking even more robust protection, AdGuard DNS offers advanced features like AI-powered malware filtering. This level of protection ensures that even the most sophisticated cyber threats are kept at bay, providing peace of mind in an increasingly vulnerable digital environment. 

In conclusion, AdGuard DNS provides a powerful, comprehensive solution for blocking ads, strengthening privacy, and securing your digital experience. With its current discounted offer, it's an excellent opportunity to protect your online world effectively and affordably.


Read more »
phishing
Data Breach database Dell Hacking Personal Information phishing

Dell Data Breach Exposes Personal Information Of 49 Million

 




Dell, the renowned computer manufacturer, has issued a cautionary notice to its customers regarding a disconcerting data breach. The breach, which affects an estimated 49 million customers, involves unauthorised access to an online portal containing sensitive customer information. Dell has disclosed that the breached data includes customers' names, physical addresses, and detailed information regarding Dell hardware purchases such as service tags, item descriptions, order dates, and related warranty details. Notably, the compromised information excludes financial details, email addresses, and telephone numbers. Dell accentuated its collaboration with law enforcement and a third-party forensics firm to thoroughly investigate the breach. While Dell declined to specify the number of affected individuals, it assures ongoing efforts to address the incident.

Data for Sale on the Dark Web

Disturbingly, reports have surfaced indicating that a threat actor, operating under the pseudonym Menelik, endeavoured to sell a database containing Dell customer information on a prominent hacking forum. The compromised data encompasses purchases spanning from 2017 to 2024, affecting a staggering 49 million customers. While Dell's initial notification primarily encompasses personal purchases, the breadth of the breach extends its tendrils to affect consumers, enterprises, partners, and educational institutions alike.

In the wake of such an imminent breach, customers are vehemently advised to exercise utmost caution against potential phishing attacks. Armed with comprehensive customer information, malicious actors may orchestrate targeted scams through various mediums, ranging from deceptive emails to physical mail. The criticality of vigilance cannot be overstated, as hackers may employ sophisticated tactics, such as tech support or invoice scams, to extract sensitive information from unsuspecting victims. Furthermore, there exists a palpable risk of malware dissemination through malicious flash drives, underscoring the imperative for users to exercise discretion when interacting with external storage devices.

In response to the breach, Dell has initiated a rigorous investigation, leveraging the expertise of law enforcement agencies and third-party forensic specialists. While the company reassures customers that no financial or payment data, email addresses, or telephone numbers were compromised, it acknowledges the severity of the breach and the pressing need for proactive measures to secure customer data security.

As investigations progress, affected customers are implored to remain informed and enact robust security measures to mitigate the inherent risks associated with potential phishing and malware attacks, thereby safeguarding their sensitive personal information from malicious exploitation.





Read more »
VPN
Cookies Cyber Threats phishing Privacy Software VPN

Here’s Why You Shouldn’t Trust VPNs Blindly


 

In an era where we should be gravely concerned about online privacy and security, Virtual Private Networks (VPNs) have come through as indispensable tools for safeguarding digital identities. However, amidst the buzz of VPN advertisements promising invincibility against cyber threats, it's crucial to peel back the layers of misinformation and understand the realities of VPN capabilities.

A VPN, short for Virtual Private Network, encrypts internet traffic, creating a secure tunnel for data transmission. By masking users' IP addresses and their locations, VPNs offer concentrated anonymity and access to geo-restricted content. While these features provide a layer of protection, it's essential to acknowledge the limitations inherent in VPN technology.

Social Media Risks

Despite VPN encryption, personal information voluntarily shared on social media platforms remains vulnerable. From name and email address to posts and shares, users expose sensitive data, susceptible to exploitation by malicious actors. Enabling users to review privacy settings and exercise caution in sharing personal information is paramount in mitigating social media risks.

Phishing Scams

Phishing, a prevalent form of online scam, exploits human vulnerability rather than technical weaknesses. While VPNs can deter interception of internet traffic, they cannot thwart users from falling victim to phishing schemes. Combating phishing necessitates user education on identifying suspicious messages and exercising caution while sharing sensitive information online.

Harmful Software 

While some VPNs offer malware-blocking features, they are not comprehensive antivirus solutions. Collaborating VPNs with robust antivirus software enhances defence mechanisms against malware and viruses. Being careful while selecting reputable VPN providers and deploying supplementary security measures is imperative in maintaining your digital resilience.

Tracking Cookies Intrusions 

VPNs mitigate anonymity risks at the network level but fall short in combating tracking cookies embedded in web browsers. Regularly clearing cookies on devices mitigates privacy intrusions, albeit at the expense of convenience. Balancing privacy concerns with usability demonstrates the challenging endeavour in exploring the digital world safely. 

Online Accounts Digital Footprints 

Despite VPN usage, online activities remain traceable, particularly within centralised platforms like Google. Logging out from accounts during sensitive transactions and diversifying usage of privacy-focused services minimise digital footprints. Embracing alternative platforms prioritising user privacy essentially presents a paradigm shift towards decentralised digital ecosystems.

VPNs serve as go-to tools for navigating online privacy and security. However, they are not reliable for all digital threats. We need to get a hold of VPN limitations and empower users to adopt a multifaceted approach to digital defence, integrating VPNs with supplementary security measures and prudent online practices.

By synthesising expert insights and user-centric perspectives, it's evident that coursing through the VPNs requires a nuanced understanding of both its offerings and constraints. 


Read more »
Two Factor Authentication
CrowdStrike Cyber Attacks cybercriminals Employee Data Employees IBM Identity Theft MFA phishing Two Factor Authentication

Safeguarding Your Employee Data From Identity Theft

 

In today's digital age, where data breaches and cyberattacks are increasingly common, safeguarding against identity-based attacks has become paramount for organizations worldwide. Identity-based attacks, which involve the unauthorized access to sensitive information through compromised user credentials, pose significant risks to businesses of all sizes and industries. 

As CrowdStrike reported, 80% of attacks involve identity and compromised credentials, highlighting the widespread nature of this threat. Additionally, an IBM report found that identity-related attacks are now the top vector impacting global cybercrime, with a staggering 71% yearly increase. 

Cybercriminals employ various tactics to carry out identity-based attacks, targeting organizations through phishing campaigns, credential stuffing, password spraying, pass-the-hash techniques, man-in-the-middle (MitM) attacks, and more. Phishing campaigns, for example, involve the mass distribution of deceptive emails designed to trick recipients into divulging their login credentials or other sensitive information. Spear-phishing campaigns, on the other hand, are highly targeted attacks that leverage personal information to tailor phishing messages to specific individuals, increasing their likelihood of success.  

Credential stuffing attacks exploit the widespread practice of password reuse, where individuals use the same passwords across multiple accounts. Cybercriminals obtain credentials from previous data breaches or password dump sites and use automated tools to test these credentials across various websites, exploiting the vulnerabilities of users who reuse passwords. Password spraying attacks capitalize on human behavior by targeting commonly used passwords that match the complexity policies of targeted domains. 

Instead of trying multiple passwords for one user, attackers use the same common password across many different accounts, making it more difficult for organizations to detect and mitigate these attacks. Pass-the-hash techniques involve obtaining hashed versions of user passwords from compromised systems and using them to authenticate into other systems without needing to crack the actual password. This method allows attackers to move laterally within a network, accessing sensitive data and executing further attacks. MitM attacks occur when attackers intercept network connections, often by setting up malicious Wi-Fi access points. 

By doing so, attackers can monitor users' inputs, including login credentials, and steal sensitive information to gain unauthorized access to accounts and networks. To mitigate the risk of identity-based attacks, organizations must adopt a multi-layered approach to security. This includes implementing strong password policies to prevent the use of weak or easily guessable passwords and regularly auditing user accounts for vulnerabilities. 

Multi-factor authentication (MFA) should be implemented across all applications to add an extra layer of security by requiring users to provide a second form of authentication, such as a one-time password or biometric data, in addition to their passwords. Furthermore, organizations should protect against social engineering attacks, which often target service desk staff to gain unauthorized access to sensitive information. Automated solutions can help verify user identification and reduce the risk of social engineering vulnerabilities. 

 Identity-based attacks pose significant risks to organizations, but by implementing robust security measures and remaining vigilant against evolving threats, businesses can effectively mitigate these risks and safeguard their sensitive information from cybercriminals.
Read more »
USA
Cyber Attacks FBI phishing Road Toll SMS Phishing USA

Nationwide Scam Targets Road Toll Users via SMS Phishing Scheme

 



The Federal Bureau of Investigation (FBI) has alerted the public to a widespread SMS phishing scam sweeping across the United States. The scam, which began in early March 2024, specifically targets individuals with fraudulent messages regarding unpaid road toll fees.

What Does The Scam Entails?

Thousands of Americans have already fallen victim to this harrowing scam, with over 2,000 complaints flooding the FBI's Internet Crime Complaint Center (IC3) from at least three states. The deceptive messages typically claim that the recipient owes money for outstanding tolls, urging them to click on embedded hyperlinks.

The perpetrators behind these attacks employ sophisticated tactics to deceive their targets. By impersonating legitimate toll services and altering phone numbers to match those of the respective states, they create a false sense of authenticity. However, the links provided within the messages lead to fake websites designed to extract personal and financial information from unsuspecting victims.

Cautionary Advice

Authorities are urging individuals who receive such messages to exercise caution and take immediate action. The Pennsylvania Turnpike, one of the affected toll services, has advised recipients not to click on any suspicious links and to promptly delete the messages. Similarly, the Pennsylvania State Police have issued warnings about the scam, emphasising the dangers of providing personal information to fraudulent sources.

To safeguard against falling prey to this scam, the FBI recommends several preventive measures. Victims are encouraged to file complaints with the IC3, providing details such as the scammer's phone number and the fraudulent website. Additionally, individuals should verify their toll accounts using the legitimate websites of the respective toll services and contact customer service for further assistance. Any suspicious messages should be promptly deleted, and if personal information has been compromised, immediate steps should be taken to secure financial accounts and dispute any unauthorised charges.

What Is Smishing?

Smishing, a blend of "SMS" and "phishing," is a form of social engineering attack wherein fraudulent text messages are used to deceive individuals into divulging sensitive information or downloading malware. In this instance, the scam preys on individuals' concerns regarding unpaid toll fees, exploiting their trust in official communication channels.

As the SMS phishing scam continues to proliferate, it is imperative for individuals to remain vigilant and sceptical of unsolicited messages. By staying informed and taking proactive measures to protect personal information, users can mitigate the risks posed by such malicious activities. Authorities are actively investigating these incidents, but it is crucial for the public to be proactive in safeguarding their financial and personal information from exploitation.


Read more »
X
malware Netflix phishing URLs Websites X

X's URL Blunder Sparks Security Concerns

 



X, the social media platform formerly known as Twitter, recently grappled with a significant security flaw within its iOS app. The issue involved an automatic alteration of Twitter.com links to X.com links within Xeets, causing widespread concern among users. While the intention behind this change was to maintain brand consistency, the execution resulted in potential security vulnerabilities.

The flaw originated from a feature that indiscriminately replaced any instance of "Twitter" in a URL with "X," regardless of its context. This meant that legitimate URLs containing the word "Twitter" were also affected, leading to situations where users unknowingly promoted malicious websites. For example, a seemingly harmless link like netflitwitter[.]com would be displayed as Netflix.com but actually redirect users to a potentially harmful site.

The implications of this flaw were significant, as it could have facilitated phishing campaigns or distributed malware under the guise of reputable brands such as Netflix or Roblox. Despite the severity of the issue, X chose not to address it publicly, likely in an attempt to mitigate negative attention.

The glitch persisted for at least nine hours, possibly longer, before it was eventually rectified. Subsequent tests confirmed that URLs are now displaying correctly, indicating that the issue has been resolved. However, it's important to note that the auto-change policy does not apply when the domain is written in all caps.

This incident underscores the importance of thorough testing and quality assurance in software development, particularly for platforms with large user bases. It serves as a reminder for users to exercise caution when clicking on links, even if they appear to be from trusted sources.

To better understand how platforms like X operate and maintain user trust, it's essential to consider the broader context of content personalization. Profiles on X are utilised to tailor content presentation, potentially reordering material to better match individual interests. This customization considers users' activity across various platforms, reflecting their interests and characteristics. While content personalization enhances user experience, incidents like the recent security flaw highlight the importance of balancing personalization with user privacy and security concerns.


Read more »
Social Media attacks
Cyber Security Linkedln Perception Point phishing Social Media attacks

LinkedIn Users Targeted in Complex Phishing Scheme

 

LinkedIn Users Targeted in Complex Phishing Scheme A concerning security threat has emerged for users of the professional networking platform LinkedIn. Known as the "Microsoft Two-Step Phishing Campaign," this attack involves hackers using compromised profiles to deceive users and steal their sensitive information. 

It Starts With Exploiting Trust 

The attack begins innocently enough, with hackers taking control of LinkedIn profiles that users trust within their professional networks. These profiles appear normal but are actually manipulated by the attackers, who exploit the trust between users and their connections. 

Let’s Understand The Attack Tactic: Two Steps to Success 

The heart of this attack involves two stages. First, hackers combine stolen user accounts with a tricky phishing attack. They use a sneaky program called Snake, which targets not only LinkedIn but also Facebook users. Snake pretends to send legitimate messages but actually tricks users into downloading harmful software. 

Once installed, Snake quietly steals users' browsing data, giving hackers access to their accounts and compromising their security. This method shows how social media platforms, like LinkedIn, can unwittingly help cybercriminals steal important information and breach corporate systems. 

Furthermore, Perception Point's Enterprise Browser Security extension quickly caught a sneaky attack pretending to be Microsoft. It used sophisticated textual and image recognition AI models and found these suspicious key indicators: 

Logo Similarity: It found an image that was almost identical to the real Microsoft logo. 

Favicon Impersonation: The attack tried to fool users by using a small icon that looked like the one Microsoft uses for Outlook. 

Phoney Login Page: The attackers set up a login page that pretended to be from Microsoft. It asked for email addresses and passwords. 

URL Analysis: The extension checked the website's reputation and details like when it was created. It also looked for any weird stuff in the code. 

What It Means for You 

This new campaign highlights the urgent need for better security measures, especially on platforms like LinkedIn. As more people and businesses rely on these sites for networking, they must stay alert to the risks posed by hackers. This incident also shows how cybercriminals are constantly changing their tactics. 

To stay safe, it is essential for users and companies to not only have strong security systems in place but also to educate themselves about potential threats. In response to this growing danger, social media companies and cybersecurity experts must work together to develop strategies to protect users from phishing attacks and other online threats. 
Read more »
Privnote
Cryptocurrency Breach Data Breach Data Theft malicious phishing Privnote

Privnote Secure Messaging App Is Under Phishing Threat

 

Privnote.com, launched in 2008, revolutionized secure messaging with its encryption technology. It allows users to send messages with a unique link, ensuring privacy as the content self-destructs after reading. However, its popularity among cryptocurrency enthusiasts also drew the attention of malicious actors who engaged in phishing activities. 

Phishers exploit Privnote's model by creating clones, such as privnote[.]co, that mimic its functionality. These clones surreptitiously replace cryptocurrency addresses when users create notes containing crypto wallets. Thus, unsuspecting users fall victim to sending funds to the phisher's address instead of the intended recipient. 

GitHub user, fory66399, lodged a complaint last month against MetaMask, a cryptocurrency wallet, alleging wrongful flagging of privnote[.]co as malicious. Threatening legal action, fory66399 demanded evidence and compensation. However, MetaMask's lead product manager, Taylor Monahan, swiftly debunked these claims by providing screenshots showing the fraudulent activities of privnote[.]co. 

According to DomainTools.com, the domain privatenote[.]io has changed hands between two individuals: Andrey Sokol from Moscow and Alexandr Ermakov from Kiev, over two years. While these names may not be the real identities of the scammers, they provide clues to other sites targeting Privnote since 2020. 

Furthermore, Alexandr Ermakov is linked to several other domains, including pirvnota[.]com, privatemessage[.]net, privatenote[.]io, and tornote[.]io, as per DomainTools. This suggests a potential network of fraudulent activities associated with Privnote, emphasizing the need for caution in identifying phishing attempts. 

Let’s Understand Suspicious Activities on Privnote: 

Domain Registrations: The domain pirvnota[.]com saw a change in registration details from Andrey Sokol to "BPW" and "Tambov district" as the registrant's state/province. This led to the discovery of pirwnote[.]com, along with other suspicious domains like privnode[.]com, privnate[.]com, and prevnóte[.]com, all linking to the same internet address. Interestingly, pirwnote[.]com is now selling security cameras from a Hong Kong-based internet address. 

Deceptive Legitimacy: Tornote[.]io appears to have undergone efforts to establish credibility. A Medium account has published numerous blog posts endorsing Tornote as a secure messaging service. However, testing reveals its malicious intent, as it also alters cryptocurrency addresses in messages. 

Search Engine Manipulation: Phishing sites manipulate search engine results to appear prominently for terms like "privnote." Currently, a Google search for "privnote" lists tornote[.]io as the fifth result. These sites rotate cryptocurrency addresses every five days to evade detection. 

According to the Privnote website, it is a web-based service focused on privacy, allowing users to create encrypted notes shared via unique one-time-use HTTPS links. Notes and their contents are processed securely in users' browsers, with no readable data stored on Privnote's servers. 

IP addresses are processed solely for communication and promptly deleted thereafter. Personal data within notes remains encrypted and inaccessible to Privnote. The service uses cookies for functional and non-functional purposes, respecting user privacy preferences. Privnote does not target children under 16 and commits to regularly updating its Privacy Policy.
Read more »
phishing
Chineses Hackers Cyber Crime iMessage iPhone PaaS phishing

Darcula: The Emergence of Phishing-as-a-Service and Its Worldwide Impact

 

In the ever-evolving landscape of cybercrime, phishing-as-a-service (PaaS) has emerged as a formidable threat, enabling cybercriminals to orchestrate sophisticated attacks with ease. Among the myriad PaaS platforms, Darcula stands out for its technical sophistication, global reach, and pervasive impact. 

Darcula, a Chinese-language platform, has garnered attention from cybersecurity researchers for its role in facilitating cyberattacks against more than 100 countries. With over 19,000 phishing domains created, Darcula represents a significant escalation in the capabilities and reach of phishing operations. At the core of Darcula's operation is its ability to provide cybercriminals with easy access to branded phishing campaigns. 

For a subscription fee of around $250 per month, individuals gain access to a wide range of phishing templates targeting global brands and consumer-facing organizations. From postal services to financial institutions, Darcula's phishing campaigns cover a broad spectrum of sectors, exploiting the trust of unsuspecting victims to steal sensitive information. 

What sets Darcula apart is its technical sophistication and innovative approach to phishing. Unlike traditional phishing kits, Darcula leverages advanced tools and technologies commonly used in application development, including JavaScript, React, Docker, and Harbor. This allows cybercriminals to create dynamic and convincing phishing websites that are difficult to detect and defend against. 

Moreover, Darcula utilizes iMessage and RCS (Rich Communication Services) for text message phishing, enabling scam messages to bypass traditional SMS firewalls and reach a wider audience. This tactic represents a significant challenge for cybersecurity defenses, as it allows phishing messages sent via Darcula to evade detection and exploit unsuspecting victims. While Darcula primarily targets Chinese-speaking cybercriminals, its impact extends far beyond linguistic boundaries. 

The platform's global reach and extensive network of phishing domains pose a significant threat to organizations and individuals worldwide. With an average of 120 new domains hosting Darcula phishing pages detected daily, the scale of this operation is unprecedented, making it a top priority for cybersecurity professionals and law enforcement agencies alike. 

Defending against Darcula and similar PaaS platforms requires a multifaceted approach. Enterprises and individuals must remain vigilant against phishing attempts, avoiding clicking on links in unexpected messages and verifying the authenticity of communication from trusted sources. Additionally, employing commercial security platforms to block access to known phishing sites can help mitigate the risk of falling victim to Darcula-based attacks. 

Darcula represents a new frontier in the world of cybercrime, highlighting the growing sophistication and global reach of phishing-as-a-service platforms. By understanding the tactics and techniques employed by Darcula and remaining vigilant against evolving threats, organizations and individuals can better defend against cyberattacks and safeguard sensitive information in an increasingly digital world.
Read more »
phishing
Cyber Security E-Commerce Fake Website Online Shopping phishing

E-Commerce Scam: Read These 5 Tips to Stay Safe from Fake Sites

scam

The e-commerce industry has witnessed tremendous growth in the last decade, and it's likely to rise. Tech behemoths like Apple lead the market, but most businesses these days sell goods and services online, including local stores.

Not only has it changed the way of doing business, but e-commerce has also caused a rapid change in shopping consumer habits. Today, buying what you need is just a click away, you can shop from the comfort of your home, that's the trend now. It is evident that online shopping provides a level of ease that traditional retail can't match, however, e-commerce is without a doubt more risky. 

The e-commerce industry is a hotspot of cyber threats, from phishing attacks to false advertising and credit card skimming scams. As a conscious user, we must know how to protect ourselves. These five helpful tips can help you decide if you're on a fake site before you "add to cart" your favorite product. 

Verify the URL

The URL (Uniform Resource Locator) is the address of a webpage. Hackers make fake sites that look almost the same as the original, they use a domain name that's nearly identical to the site domain they are faking. 

The first thing you should look for is if there are any errors or extra characters in the URL.

For instance, an attacker might make a fake site at flippkartt.com, to scam people into thinking they are using the original Flipkart site. But the real URL will look like "https://flipkart.com/." The URL of the fake site would be "http://flippkartt.com/." You might observe there is a difference in the protocol. The original site uses HTTPS (Hypertext Transfer Protocol Secure), while the fake uses HTTP (Hypertext Transfer Protocol). 

The HTTPS prefix means your data is encrypted in transit, but takes more time and cost to set up, so the scammers don't try. 

In a nutshell, most phishing scams work like this. It all comes down to cloning a real business and stealing sensitive info from users. It is always important to check the URL before you proceed. 

The content and design

A real business website would not have grammatical and spelling mistakes. Few scammers might hustle to proofread the content of their fake site, but not all do that. If you visit a site and notice it has mistakes and typos, chances are it's a scam. 

Similarly, a real business won't publish low-quality images or poor designs. Scammers will do that because they don't have an image to maintain. 

The scammer would scrape photos from the web using software, or just put random images that aren't related to the product. This is your sign to stay away from the fake website. 

Don't fall for too-good-to-be-true offers

The iPhone 15 is currently costing around 72000 INR. Suppose you see the product online selling for 30000 INR, it is most likely a scam. 

It is an easy bait as buyers like to crack deals, and in a rush, fall prey to the scam. Scammers know that huge discounts work as a glue trap for economically struggling buyers. So next time, make sure you see the right price before rushing to "add to cart" on an online shopping website. 

Read the About Us page

A legit e-commerce site will always have an elaborate "About Us" page, the buyer can clearly understand the business's goals, mission, etc. with the help of given info. Sometimes, "About Us" also includes info regarding careers, team members, and ownership. Lastly, there's a detailed privacy policy and a contact form for interested customers and media professionals. 

With time, the scams have upped their games as scammers now use AI to scale their attacks, however only a few bother to make a legit "About Us" page. If you notice that an online shopping site doesn't have these elements, and it's lacking transparency, you should avoid it. Don't spend your money without checking these pages. 

Read the reviews

You should always go through an online store's reviews before buying a product. A legit business will always have a review somewhere. You can start with Google reviews, just type the business name and go to the reviews section. Bingo, you can now check what others say about the store. 

If you can't find even a single review, the store might not be fake, but it's best to avoid it. You can also check what others are saying on social media. Twitter and Reddit are some common sites where users share their experiences. It barely takes a minute, but can save you from a scam. 

Read more »
Subscribe to: Posts (Atom)