Tax Season Scams

Tax season began on Jan. 29, when the Internal Revenue Service (IRS) started receiving and processing 2023 federal income tax returns. Simultaneously, this date acts as a wave-off to frauds, who start bombing people with fake emails and texts. The IRS expects over 146 million individual tax returns to be filed this season, with April 15 being a deadline. Since during this time a whole lot of personal information is exchanged, it becomes rather easy for con artists to access sensitive data. It includes Social Security numbers and other sensitive details that can be used to create convincing tax returns, collect refunds, or perpetrate other types of fraud.

The IRS has warned that tax-related phishing and unsolicited texts have become increasingly common and even reached the top of the annual scams list. Some scammers may even use the IRS logo in phishing attempts to trick people into providing sensitive information, claiming that their account has been suspended or needs urgent action. It is essential to understand that The IRS doesn’t initiate contact with taxpayers by email, text messages, or social media to request personal or financial information. Next, let’s look at the most common types of tax scams.

Tax Season-Related Phishing

Phishing is the most effective modus operandi for frauds who hunt for personal data. They send emails and text messages en masse to steal confidential information. Since tax season-themed emails are expected, the chances of a successful scam are high – the victim will not suspect a fraud. Before calling the listed phone number, clicking on a link, or opening a file, we recommend going to the organization’s official website in your browser by manually entering the address, and double-checking the information.

Another trait of fraud is a sense of urgency and threat. Scammers sometimes reach people on the phone, pretending to be a collection agency, law enforcement, or the Bureau of Tax Enforcement. They may claim that your social security number has been canceled, the identity of yours has been stolen and you urgently need to contact them. They may also threaten to arrest you if you don’t call back. In such cases, the best option is to disconnect the call.

Alternatively to threats or urgency, frauds can try gaining your trust. Let me unfold this in more detail in the next paragraph.

Social Engineering Tricks

For the filing season, taxpayers may be cautious of anyone trying to help them set up an account. An IRS online account can give a lot of valuable information, including a payment history or a tax transcript. The system allows you to sign up for and manage an IRS payment plan. So, scammers may attempt to steal personal information like Social Security numbers, tax identification numbers, or photo IDs under the guise of helpfulness. Setting up an online IRS account is free, and if you require assistance, it is recommended that you work directly with the IRS representatives, to avoid any potential scams.

At the same time, some scammers may promise to sign your declaration while taking your money and not doing anything. According to the law, anyone paid to prepare or assist in preparing federal tax returns must have a valid Preparer Tax Identification Number (PTIN). Paid preparers must sign the return and include their PTIN on it. Failure to sign the return is a warning sign that the paid preparer may be looking to make a quick profit by promising a large refund or charging fees based on the size of the refund. Such muddy waters are a perfect place for different scams, both ones that include data leaks and money loss.

Malicious Google Ads

Upon facing any problems during the tax preparation, users often go to Google and look for the information. Fraudsters know this and buy search ads in advance to appear at the top of the results and look more convincing. The advertised sites may have different addresses and phone numbers but have nothing to do with legitimate services. Moreover, despite the differences, these sites usually look identical because they use the same template. Unfortunately, Google struggles with weeding out such promotions, so scoundrels manage to get their bite off the taxpayers, albeit for a rather short amount of time.

Some sites have an address visually identical to the legitimate one. However, if you examine it more closely, one or two characters often differ in the address of the fake site. This creates a visual similarity and sometimes allows you to bypass advertising moderation. In addition, such sites claim to have been on the market for many years. Though a simple website scanning on a service like Whois reveals that the site was created only a year ago.

The page that opens when you click on the link

The next click opens another tab

Another one

Safety Recommendations

To summarize, the first and most important recommendation is to be vigilant and pay attention to each of your steps. The Internal Revenue Service’s official website is https://www.irs.gov/ and no other. Any help with tax payments should be done by authorized people, who sign their action with PTIN. Please read the information carefully. especially the fine print. If you doubt the reliability of the website, use our URL scanner, which shows data from Whois and a verdict regarding the site’s status. Before calling a phone number, Google that number and find information about it. You can also use special services to identify the number.

One more piece of advice is using proper security tools. I recommend using Gridinsoft Anti-Malware and special ad blockers. The ad blocker will remove search ads, and Gridinsoft Anti-Malware will be able to block malicious and suspicious sites with its Online Security module. Using this combination and the recommendations from the previous paragraph, you will maximize the security of your online activity.

The post Tax Season Scams On The Rise, Beware! appeared first on Gridinsoft Blog.

Water Curupira’s Email Spam Campaigns

Water Curupira, one of the known operators behind Pikabot, have been instrumental in various campaigns. It primarily aims at deploying backdoors such as Cobalt Strike, that end up with Black Basta ransomware. Initially involved in DarkGate and IcedID spam campaigns, the group has since shifted its focus exclusively to Pikabot.

Pikabot’s Mechanism

Pikabot operates through two main components, a distinguishing feature that enhances its malicious capabilities. The loader and core module enable unauthorized remote access and execution of arbitrary commands through a connection with a command-and-control (C&C) server.

Pikabot’s primary method of system infiltration involves spam emails containing archives or PDF attachments. These emails are skillfully designed to imitate legitimate communication threads. They utilize thread-hijacking techniques to increase the likelihood of recipients interacting with malicious links or attachments. The attachments, designed either as password-protected archives with an IMG file or as PDFs, are crafted to deploy the Pikabot payload.

System Impact

Once inside the target system, Pikabot demonstrates a complex and multi-layered infection process. It employs obfuscated JavaScript and a series of conditional execution commands, coupled with repeated attempts to download the payload from external sources. The core module of Pikabot is tasked with collecting detailed information about the system, encrypting this data, and transmitting it to a C&C server for potential use in further malicious activities.

Another layer of Pikabot mischievous actions is the ability to serve as a loader/dropper. Malware uses several classic techniques, such as DLL hookup and shellcode injection. Also, it is capable of straightforward executable file launching, which is suitable for certain attack cases. Among other threats, Pikabot is particularly known for spreading Cobalt Strike backdoor.

Recommendations

To protect yourself against threats like Pikabot, which is spread by Water Curupira through email spam, here are some key recommendations:

• Always hover over links to see where they lead before clicking.
• Be cautious of unfamiliar email addresses, mismatches in email and sender names, and spoofed company emails.
• For emails claiming to be from legitimate companies, verify both the sender’s identity and the email content before interacting with any links or downloading attachments.
• Keep your operating system and all software updated with the latest security patches.
• Consistently backup important data to an external and secure location, ensuring that you can restore information in case of a cyber attack.
• Educate yourself and your company. Keep up to date with the latest cyber news to stay ahead of the curve.

The post Water Curupira Hackers Spread PikaBot in Email Spam appeared first on Gridinsoft Blog.

What is SMTP Smuggling?

SMTP smuggling is a novice exploitation technique that manipulates the SMTP, a protocol used globally for sending emails since the inception of the Internet. This technique takes advantage of the differences in how outbound and inbound SMTP servers interpret the end-of-data sequence. It allows attackers to insert arbitrary SMTP commands and potentially send separate emails​​​​​​.

The core of SMTP smuggling lies in the discrepancies between how different servers handle the end-of-data sequence (<CR><LF>.<CR><LF>). By exploiting these differences, attackers can break out of the standard message data, smuggling in unauthorized commands. This technique requires the inbound server to accept multiple SMTP commands in a batch, a feature commonly supported by most servers today​​​​​​.

In-depth research into this vulnerability has revealed that SMTP servers of prominent email providers like Microsoft, GMX, and Cisco are susceptible to this exploit. While Microsoft and GMX have addressed these issues, Cisco has categorized the findings as a feature rather than a vulnerability, choosing not to alter the default configuration. Consequently, SMTP smuggling remains possible in Cisco Secure Email instances under default settings​​​​. Subsequently, the vulnerability was also identified in Microsoft’s Outlook SMTP server, further expanding the threat landscape​​.

What is the danger of SMTP vulnerability?

The implications of SMTP smuggling are far-reaching and alarming. Attackers can use this method to send forged emails that appear to be from credible sources, thereby circumventing checks designed to authenticate incoming messages, such as DomainKeys Identified Mail (DKIM), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Sender Policy Framework (SPF)​​.

In simple words, using this trick, frauds will be able to reach the corporate emails that were not receiving any spam before. Sure, the companies which opted for this security method are most likely aware of the dangers and have other protection methods running. But the very fact of them being exposed, too, creates a much bigger risk of cyberattacks.

Mitigating the effects of vulnerability

To mitigate the risks posed by SMTP smuggling, experts recommend several best practices. For Cisco users, changing settings from “Clean” to “Allow” is advised to avoid receiving spoofed emails with valid DMARC checks​​. Additionally, all email service providers and users should remain vigilant, regularly updating their systems and staying informed about the latest security developments.

Regularly monitor for unusual server activity and review security logs to detect potential breaches. Educate users about phishing and encourage skepticism about emails from unknown senders. Finally, consider consulting with cybersecurity professionals for advanced protective measures tailored to your specific infrastructure.

The post SMTP Smuggling is a New Threat to Email Security appeared first on Gridinsoft Blog.

Kinsta Phishing: Hackers Exploit Google Ads

In an email notification, Kinsta shares that cybercriminals use Google Ads as the primary vector for their phishing attacks. These attackers specifically target individuals who have previously visited Kinsta’s official websites. They craft fraudulent websites that closely mimic Kinsta’s own, cunningly enticing users to click on them.

The email from Kinsta states:

The Impact

This incident highlights a broader trend of cybercriminals exploiting Google Ads to deceive users and compromise their security. I’ve reviewed the first massive case of 2023 back in January, though similar phishing ads kept appearing for the whole year. Recent examples include deceptive ads masquerading as legitimate pages for Amazon. Clicking on these ads redirected users to tech support scams.

The primary objective was to lure users into entering their Kinsta login credentials on the fake website. Once stolen, attackers could exploit these credentials to gain access to users’ WordPress websites, potentially causing serious damage. This could include:

• Sensitive information stored on compromised websites, such as customer data, financial details, and intellectual property, could be exposed.
• Attackers could inject malicious code into compromised websites, redirecting visitors to phishing sites or spreading malware further.
• The website’s content could be defaced or replaced with malicious messages.
• Access to payment gateways or sensitive financial information could lead to financial losses for users or their clients.
• A successful phishing attack could damage Kinsta’s reputation by casting doubt on its security measures and leading to user distrust.

Phishing increases with Google Ads

Google Ads, a widely used advertising platform, has unfortunately become an increasingly popular tool for hackers and cybercriminals. These individuals and groups are exploiting the platform’s reach and visibility to carry out various malicious activities.

Several websites advertised fake downloads for popular software including Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave through Google Ads.

Protecting Against Phishing Threats

Kinsta emphasizes the malicious nature of these sponsored websites. Also, strongly advises users to exercise extreme caution when dealing with any links. These links should lead directly to the official kinsta.com or my.kinsta.com domains. The company also urges users to enable two-factor authentication (2FA) on their accounts to enhance security measures further.

To protect against these threats, it is crucial to exercise caution when interacting with online ads. Always verify the URLs of the websites you visit and refrain from clicking on suspicious links or sharing login credentials in response to unsolicited messages. To be completely sure that you follow a proper link, avoid clicking any ads in Google Search, using regular results instead.

Use reliable anti-malware software with network protection features. We highly recommend GridinSoft Anti-Malware because it is a fast, lightweight and highly effective solution that can effectively counter a wide range of threats. You can explore its features during the 6-day free trial period.

The post Kinsta Alerts About Phishing Campaign on Google Ads appeared first on Gridinsoft Blog.

AeroBlade Attacks US Aerospace Company

According to the cybersecurity experts, the spear phishing attack included sending the malicious file over email. The document, named [redacted].docx, employed a remote template injection technique and a malicious VBA macro code. The attacker’s network infrastructure became operational around September 2022, with the offensive phase occurring in July 2023, as assessed by BlackBerry with “medium to high confidence.”

The attack unfolded as follows:

1. The malicious Word document is delivered through email spear phishing, enticing users to manually execute the file.
2. The executed document employed a remote template injection to download a second-stage file, “[redacted].dotm.”
3. The second-stage file executed “item3.xml,” creating a reverse shell connecting to “redacted[.]redacted[.]com” over port 443.

The attack’s sophistication lies in the use of a remote template injection technique, a more advanced method than traditional phishing. By retrieving a payload from a remote server, attackers can circumvent some security measures that often catch more straightforward malicious attachments. The attack involved deploying a DLL as a reverse shell, granting control over the victim’s system.

AeroBlade Threat Actor – Is This Serious?

Callie Guenther, senior manager of cyber threat research at Critical Start, suggested the involvement of state-sponsored or highly organized criminal groups due to the level of commitment and resources demonstrated. As companies in the aerospace industry tend to be large in size and have well-built security systems, hacking them is never a trivial task. Such actions require commitment, professionalism and understanding the risks.

Analysts from BlackBerry suppose the commercial nature of AeroBlade group. In all detected episodes of its activity it aimed at the same company. The complexity of both attack approach and used tools grew significantly, especially in areas that aim at info exfiltration. Though, as other analysts suggest, nothing stops them from switching to more “classic” ransomware extortion in future.

Preventing phishing attacks

Phishing attacks prevention requires a multi-step approach that combines technological solutions, user education, and organizational policies. Here are essential steps:

• Regularly conduct phishing awareness training for employees to educate them about the various types of phishing attacks, warning signs, and safe online practices. Teach users how to recognize phishing emails, including checking sender email addresses. Also, scrutinizing email content for grammatical errors or suspicious links, and verifying unexpected attachments.
• Implement robust email filtering solutions to automatically detect and quarantine phishing emails before they reach users’ inboxes. Use email authentication protocols to verify the authenticity of incoming emails and reduce the likelihood of email spoofing. Also, consider implementing CDR systems – they will simply excise any content that is able to harm the system.
• Implement web filtering tools that block access to known malicious websites and URLs associated with phishing campaigns. Use URL scanning services to analyze and categorize website links, helping users avoid clicking on potentially harmful URLs.
• Keep all software, including operating systems, browsers, and security software, up to date with the latest patches. Cybercriminals often exploit vulnerabilities in outdated software to launch phishing attacks. Keep an eye on the latest cybersecurity news to be aware of new vulnerabilities.

The post AeroBlade TA Spies On U.S. Aerospace Industry appeared first on Gridinsoft Blog.

What is Sextortion?

The term “Sextortion” is rather self-explanatory, aside from the fact that this practice has been in use for a pretty long time. That is a type of email scams that aim at money extortion through the threats of publishing explicit visual content with the victim. To look more authoritative, the scammer may claim to have access to the target’s social media accounts.

Contrary to more classic email phishing scams, the attacker will never ask the victim about an action other than sending a sum of money. The reason for such a generous act is, as the villain assures, its possession over some compromising materials about you. Email text often discloses the way these photos and videos were obtained – from a webcam while you were browsing through adult sites, leaked from the hacked phone, or the like.

All this boils down to a simple demand: send the money or I will leak all these nude videos and pics to the public. Some definitely not exaggerating mates say they will post it from your profile, as they have access to it as well. Though ones who try to look more realistic simply promise to tag your entire friends list on a specific social media.

Are Sextortion Threats Real?

99.5% of the time, they are not. Even though some people can have someone’s nude photos on hand, the number of scam emails exceeds the number of these people by orders of magnitude. And since such graphic materials rarely end up in the hands of a stranger, it will be particularly easy to identify the extortionist. This adds up to the generic message text and absence of any proof – some definite signs of a scam. By the way, let’s have a more detailed look at them.

How to detect a Sextortion Scam Email?

Same as any email scam, sextortion bears on 3 psychological tricks: calling for a shock, forcing the feel of vulnerability and feeling of urgency. This leaves its footprint in the text, and eventually makes it somewhat templated in all the scam cases. Let’s review the most popular of them.

Typical Sextortion Email Patterns in Text

With time, there were dozens and hundreds of different text patterns for extortion emails. Most of them, however, are created with the intention of being suitable to any victim. It would be rather uncomfortable for a scammer to adjust the text whenever they target a new group of people. Thus, utterly generic and abstract text with absolutely no personalization is what you would expect from sextortion scams.

The sense of shock appears as the stranger says it has your nude photos. Moreover, this guy tries to pose as a “professional hacker”. They boasts of having access to all the browsing history, webcams, online wallets and the like. Why would they do nothing about this info – hijacking accounts, stealing all the money from online wallets? The question is rhetorical.

Urgency to the situation appears due to the “deadline” you should pay the ransom before. As the hacker says, any negotiations and stuff are not possible, and failing the payment date will end up with publishing all the materials. Some crooks also say things like “this is not my email so I will stop using it shortly after”. This creates even bigger concerns about the inability to avoid public shame.

Sure enough, the same methods may be used by someone whose threats are real. But they never follow the pattern, at least not that straightforward. This distinguishes a letter written by a real human from a tool of scammers, designed to fit any circumstances.

Check For A Re-Used Crypto Wallet

As sextortion scams are running in “waves”, you are most likely not the only person who got such an email. Frauds often stick to the exact same text, changing only the crypto wallet they ask to send the ransom to. A simple Google search of the wallet may reveal not just one, but several text patterns used in the same scam wave.

Two sextortion emails from 2019 and 2023 using the same text

Two sextortion emails from 2019 and 2023 using the same text

Obviously, when the con actor is real in its threats and is not running this as a business, it will never use someone else’s crypto wallet or the one used in a scam before. Even when a real hacker does something like this (such an occasion happens once in a while) it will never use the same wallet twice. Moreover, “real hackers” rarely opt for Bitcoin as a payment method, preferring cryptos like Monero or DarkCoin. The latter have the anonymizing infrastructure that is so heavily demanded when you are going outlaw.

AI-fueled Sextortion Scams Incoming

All in all, sextortion is a rather old scam that was not really effective over the last few years. People are aware about it, and there is almost no way this is real after all. This is true, but over the last few years, there is a huge risk of sextortion scams being resurfaced with a force yet unseen. Let me explain.

The current AI development is exciting. But what is more mind-boggling is the number of malignant implementations for this potential. In particular, we are talking about their photo editing capabilities. There are quite a few AI services even these days that will edit the clothing out of the picture of a person you’ve uploaded. Combine this ability with sextortion scams and the fact that most people share their normal photos without any doubt – and you receive fuel for a new, unpredictably powerful scam wave.

Scammers who stand behind sextortion emails will finally stop extorting money for nothing. This time, they may get not only a manipulative text, but things to prove their claims with. And, if you ignore the demand, they will post them somewhere. There’s still no reason to believe in their tails about access to all your accounts, but dumping the photos while tagging all your friends list may still be effective.

Sure, it is rather easy to prove the AI origin of images and videos. But the very fact of these images’ existence may throw people into panic. This will eventually force them to pay the ransom – which still does not guarantee that the scammer will not publish these fake photos. And even when you remain calm and ignore all the threats, it may be bothersome to prove that these nude photos of yours are just a hallucination of a vicious neural network.

How to protect yourself from email scams?

Well, that is not an easy question to answer. As I’ve just explained, things are getting complicated, and there is no well-rounded advice for the most modern cases. However, I took my time to think through the possible mitigation options for the majority of situations.

Control sharing your personal email address. While benign services try to keep their customers’ info private, there are enough services that do not care. Some shady forums, torrent tracking sites, websites with cracked software – they will gladly sell databases of their users’ emails to someone. Then, these databases are used to spam people and spread scams, including sextortion. Avoid leaving any personal info in such places, or at least do not use your personal email for authorization purposes.

Keep your head cold. A thing all extortionists rely on is your panic actions upon realization that someone may publish inappropriate graphic content with you online. You, in turn, should not do any emotional acts – that will save you both money and gray hair.

Change all your passwords. This is mostly for good measure, as only a few cases out of thousands of sextortion scams could really boast having your passwords leaked. Though, the very habit of updating your login credentials is a great enhancement to your personal cybersecurity.

Warn your friends, colleagues and relatives about a fake video. By announcing preventively that a provocative video can appear, you minimize the initial shock it may create. After that, all the fake video will do is call friendly laughs, avoiding shame or arguments. Even if the scammer is kidding and there is no graphic material in its possession, even a fake one, this will uplift the awareness of such cases.

The post What is Sextortion? Explanation, Signs & Ways to Avoid appeared first on Gridinsoft Blog.

What is Catfishing?

In brief, catfishing is the creation of a false identity to lure a victim into an online relationship. However, besides catfishers, there are other types of imposters, scammers, and internet trolls using similar tactics. Although the meaning of their actions is the same, their motives are different. For example, trolls hide under the cloak of anonymity mainly to engage in cyberbullying, sow discord, and assert themselves at the expense of other Internet users. Scammers conceal their true nature to gain financial profit, about which we have a dedicated article. The primary purpose of catfishers is to create longer term relationships, the reasons for which we will talk about next.

While this problem has been exacerbated traditionally during the pandemic, it is nothing new. The first serious mentions date back to 2010 when Nev Schulman shed light on the topic in the documentary Catfish. This was followed by the reality show Catfish: The TV Show, indicating that this scam is thriving. Thus, the FBI noted a 22% increase in romantic relationship scam complaints between 2019 and 2020. Moreover, the FBI has officially warned that there are risks of encountering a romance scam or catfish. This is not surprising as social media’s gaining popularity gives a green light to potential scammers in terms of personal information and photos.

How Does Catfishing Work?

Generally, the term catfishing comes from the movie mentioned above, which tells how live cod were shipped to Asia from North America. Due to the fish’s inactivity in the tanks, only the softened flesh reached its destination. However, the fishermen found that putting the catfish in the cod tanks kept them active and thus ensured the quality of the catch. In addition, a character in the movie states that his wife acts like a catfish, making life interesting for those around her. The title of the movie and this tactic is based on this dialog, hence the term “to catfish”.

In fact, the reasons for such behavior of people are not a good life. Most often, such people are lonely in real life and have low self-esteem. Some catfishers may sometimes troll, retaliate, engage in cyberbullying, or extort money from the victim. Also, in some cases, these may be the first steps to kidnapping or physical abuse. Whatever the case, if catfishing is detected, we recommend that you stop such communication as soon as possible.

While catfishing is not illegal in general, its derivatives, such as stalking, extortion, intimidation, and other scams, are unlawful. Not all the catfishing cases lead to these illegal areas, but that does not make it more of a pleasant experience either.

Signs You’re Being Catfished

Identifying signs of catfishing paying attention to various clues that may hint at deceptive online behavior. For example, the individual’s social media presence, number of followers or friends, profile photos, etc. Unfortunately, proving catfishing can be pretty tricky. It will likely require you to expose your personal life to investigators. It also involves monitoring all your devices. Therefore, we recommend taking preventive measures: if you suspect that you are dealing with catfishers, we recommend that you document all communications, especially if you are sent photos or asked for money. It would also be advisable to consult with a trusted adult. Now, let’s move directly to the signs of catfishing.

Few followers or friends.

Catfishers create smurf social media accounts to create a sense of authenticity and reliability. They carefully craft their online identity to give the impression that they are real people with busy social lives and a wide circle of friends. A real person who is active on social media usually has a decent number of connections, including friends, family, coworkers, and even casual acquaintances. If a person is said to have an active online life, but has very few followers or friends on social media, this is a red flag, as it contradicts the idea of an active and engaged person. It is important to note that not all people with few followers on social media are catfishers. Some people may simply be less active on social media and have more engagement IRL.

They’re using someone else’s photos or haven’t changed profile photos in a long time (or ever).

Profile photos play a critical role in online interaction as a visual representation of a person’s personality. Catfishers have limited options for updating their profile photos for several reasons. First, they carefully craft their fictional image. Changing a photo means making edits to their image. Second, because these photos are someone else’s, and therefore stolen, catfisher simply may not have enough photos. If you suspect the person is using someone else’s photos, do a reverse google search on the photo. There is a good chance you will find the original source of the photo.

Go to the profile of the person we're interested in

Use a reverse google photo search to find the original source of the photo

Lookup the source of the main photo fake profile

All photos are professional.

Ordinary people, on the other hand, tend to use more ordinary photos that capture themselves and their daily activities. Professional photos, such as headshots or business cards, can be a red flag. If the photos are all taken from the same angle or in the same lighting, it could be a sign that the photos were taken professionally and do not show the person they claim to be. This also applies to photos where the person is posing against exotic locations or expensive objects. These are signs of ostentation, hence the person is trying to look more spectacular than they really are. The flip side of this is the overuse of filters and effects. If the photo is over-edited or the face is covered with a sticker, most likely the person is trying to hide their appearance. That is not always the sign of catfishing, but should raise concern either way.

So, these were the basic outward signs that may indicate that you are dealing with catfishing. Next, we will break down the red flags directly when communicating as well as the behaviors that give catfishers away.

Their story doesn’t add up.

It may be if someone’s story seems too good to be true. Catfishers are often skillful manipulators who understand the human desire for connection and validation. They concoct elaborate stories, sometimes in real-time, capitalizing on our hopes and dreams. They paint a picture of a perfect life filled with success, love, and adventure. Often, these stories are too perfect, flawless, and in tune with our desires, making them all the more enticing. However, if you listen closely, you may notice inconsistencies and contradictions. Details may not match, timelines may not make sense, and experiences may seem too outlandish to be true. These inconsistencies are often subtle and easy to overlook. If something in the interlocutor’s story is unsatisfactory, you should pause and investigate further. Be bold, ask questions, ask for clarification, and look for inconsistencies.

Once again, all this may take place with a real person. Such signs should be reviewed in the overall context of the personality. Simply put, it is not a serious concern when it is the only sign, but in combination with others – no bueno.

Their life sounds too exciting.

In addition to the previous point, catfishers often make up identities that seem more exciting than their own lives. They do this to gain trust and admiration: by portraying themselves as successful, adventurous people, they build trust and make themselves more attractive to their victims. On the other hand, catfishers may use the images they invent to escape from their ordinary lives or to compensate for feelings of inferiority. Genuine connections are built on honesty and authenticity. When the person’s life is too good to be true, it means either your companion is not telling you something or is a storyteller (liar). Listening carefully to the person’s stories is essential, especially if they seem overly exaggerated or unrealistic.

Conversations get personal quickly.

Suppose you have just recently met someone online, and the person you are talking to immediately tries to get personal. This is not a good sign in every sense, both online and in real life, as it goes against the natural development of a real relationship. Catfishers create a false sense of intimacy by making their victims feel closer to them. In addition, by taking the conversation personally, catfishers can manipulate their victims’ emotions, making them more susceptible to their influence. Of course, malicious motives have never been eliminated. By eliciting personal details, catfishers can gather valuable information about their victims’ lives. They may use it for financial gain, other malicious activities and even other catfishing episodes.

One-side information sharing.

To begin with, let’s clarify that genuine relations involve the mutual sharing of personal information. People gradually share details of their lives, thoughts, and experiences as they get to know each other. However, catfishers may ask for some personal information while keeping quiet about their lives. This is also a red flag because in typical communication, both parties share personal details gradually, creating a balanced exchange of information. Of course, it can be the other way around; when it’s more important for a person to speak out and say what you would like to say, they don’t care. Though, that is a different topic we are not talking about today.

They’ve never sent you a casual selfie.

On-the-fly selfies showcase a person’s daily life, interests, and personality, giving a glimpse into their true nature. However, as previously stated, catfishers have limited photos; hence, they must keep track of which photos they can send and when. For example, if a person tells you that they have been to an event but have not sent any photos from that event, it is a reason to think twice. On the other hand, if a person sends an abstract photo where they are not in the frame, you can once again perform image search on Google. Chances are, it’s not his photo, but it was taken from the Internet.

You can’t find any trace of them online.

In the age of social media and the internet, it’s tough to be online without leaving a digital footprint. However, catfishers often create fake identities and personas, avoiding creating an authentic online presence that would leave a trace of their digital existence. If you have investigated, done a thorough search, and found no data or even the photo’s source, you are most likely dealing with a virtual. For example, it could have used https://thispersondoesnotexist.com to generate the photo.

This though is one more 50/50 sign, as there are enough people who do not share a whole lot about them online. Information security becomes a more widespread concern with time, and to be honest – these are not the worst practices to follow.

Avoiding Phone Calls.

Communicating by texting is very limiting because texting will not convey emotion. Obviously, a person who wants to communicate will be happy to talk on the phone. Yet if a person prefers texting but avoids talking on the phone, this becomes a red flag. Catfishers often avoid phone calls because they find it easier to manage their personality through text messages. Avoiding phone calls and asking to continue communicating only by texting is a clear sign that the person lurking behind the screen is not who they say they are.

They’re reluctant to meet in real life or video chat.

As mentioned above, the catfishers’ destiny is typing, nothing more. However, any prolonged communication sooner or later comes to video calls and sometimes leads to real-life meetings. This is not true for catfishers. Such people will find thousands of excuses to avoid a video call, spending half a day explaining the reason, but never agreeing to a video call or meeting. Thus, if you communicate with a person who avoids live communication in every possible way, preferring to communicate only by correspondence, it is a reason to think about ending communication with such a person. In such a case, it is the same as communicating with an AI chats, and they at least openly declare not being a person.

Make plans with you, but repeatedly cancel.

In some cases, catfishers may agree for a video/phone call or even a meeting. However, at some point, they backpedaled and canceled all plans under the guise of excuses. They will tell convincing excuses every time, but the result is the same – no meetings and calls, only correspondence. An important note: any meetings with strangers are important to organize in a crowded place on neutral territory.

Safety recommendations

Online dating is always a lottery, but knowing the signs of fraud is more accessible to avoid. Here are some recommendations for preventing problems when dating and communicating online.

• Always be suspicious. Internet scammers are masters of their craft; if they wish, they will find a way to put your vigilance to sleep. However, the philosophy of zero trust and healthy skepticism will not allow them to do it so easily.
• Take your time. Since catfishers often have some purpose, they prefer to skip the foreplay. It’s essential to resist this tendency and discourage attempts to “get right to the point.”
• Keep in touch. Indeed, we have someone with whom we share our experiences and events. Let someone you trust know about your “new friend.” This can help you make informed decisions. Also, involving another person can serve as an early warning system.
• Be careful about sending photos. Take your time to be the first to send photos to a stranger. Instead, offer to talk on a video chat to prove their personality. Catfishers usually communicate with several victims at once. Once the catfisher has your photos, he may send them to another victim. When it comes to intimate photos, catfishers can further use them to blackmail you.

The post What is Catfishing? Explanation & Ways to Avoid appeared first on Gridinsoft Blog.

What is Octo Tempest Cybercrime Gang?

Octo Tempest’s journey into the world of cybercrime is an intriguing one. Only a few months ago, it became the first English-speaking affiliate of the BlackCat ransomware gang. This collaboration marks a rare occurrence in the cybercriminal ecosystem, as historically, Eastern European ransomware groups have been reluctant to do business with native English-speaking criminals.

Octo Tempest’s modus operandi is characterized by well-organized and prolific attacks, reflecting a depth of technical expertise and the involvement of multiple operators with hands-on-keyboard skills. The group first appeared on the radar in early 2022, initially targeting mobile telecommunications and business process outsourcing organizations for SIM swaps. Notably, their activities were traced to ransomware attacks against Las Vegas casinos in September of the same year.

However, their ambitions did not stop there. In 2022, Octo Tempest orchestrated a large-scale campaign that compromised over 130 organizations, including prominent names like Twilio and Mailchimp, highlighting the group’s capacity to wreak havoc on a grand scale.

Collaboration with BlackCat and Ransomware Deployment

A significant turning point in Octo Tempest’s cybercriminal career was its collaboration with BlackCat, also known as ALPHV. The group began deploying ransomware payloads developed by BlackCat, extending their focus to both Windows and Linux systems. More recently, Octo Tempest has directed its efforts towards VMWare ESXi servers.

Octo Tempest remains financially motivated, with diverse monetization techniques. Their activities span from cryptocurrency theft to data exfiltration for extortion and ransomware deployment.

Octo Tempest Methods of Initial Access

Octo Tempest employs a range of methods for gaining initial access, including:

• Installing remote monitoring and management utilities.
• Navigating to fake login portals using an adversary-in-the-middle toolkit.
• Purchasing stolen employee credentials or session tokens on the dark web.
• Conducting SMS phishing campaigns targeting employee phone numbers with links to fake login portals.
• Leveraging SIM swaps or call forwarding on an employee’s phone number.
• Initiating a self-service password reset once control of the employee’s phone number is established.
• Fear-Mongering Tactics and Reconnaissance.

In rare instances, Octo Tempest resorts to fear-mongering tactics, targeting specific individuals through phone calls, texts, and even physical threats to coerce victims into sharing their credentials for corporate access.

Upon gaining initial access, the group proceeds with a meticulous reconnaissance process. It includes enumerating hosts and services, collecting information, and identifying documents related to network architecture, employee onboarding, remote access methods, password policies, and credential vaults. Their access to internal networks allows them to carry out broad searches across knowledge repositories to gather intelligence about the target’s infrastructure.

Defending Against Octo Tempest

Detecting and defending against Octo Tempest is no easy task due to their use of social engineering, living-off-the-land techniques, and a diverse toolkit. However, cybersecurity experts offer guidelines to help organizations detect and combat this rising cyber threat.

• Monitoring and reviewing identity-related processes, Azure environments, and endpoints are crucial steps in bolstering defenses against Octo Tempest.
• Educate yourself and your employees about social engineering and phishing tactics commonly used by Octo Tempest. Regular training on recognizing suspicious emails and links can help prevent successful attacks.
• Keep your operating systems, software, and applications up to date with the latest security patches. Cybercriminals often exploit known vulnerabilities in outdated software.
• Use a firewall to monitor and filter incoming and outgoing network traffic. Intrusion detection and prevention systems (IDPS) can also help detect suspicious activities.
• Regularly back up your data, both on-site and off-site. In the event of a ransomware attack, having clean, uninfected backups can save your data.
• Stay informed about emerging threats and vulnerabilities by monitoring cybersecurity news and threat intelligence feeds. This can help you adapt your defenses to evolving threats.

The post Octo Tempest Threat Actor – The Most Dangerous Cybercrime Gang? appeared first on Gridinsoft Blog.

Most people don’t realize the risks of clicking links in text messages instead of receiving them as text messages. Most people also aren’t aware of the fact that their phones can receive text messages from any number on Earth. Have you ever encountered a “UPSPS package not delivered” notification? Attackers often make big bucks by sending SMS when trying to phish for sensitive information like credentials or financial data. To look more realistic, they usually choose a disguise of a familiar organization – like United States Parcel Service (USPS).

What is a USPS scam text ?

USPS scam text is one type of smishing in which scammers disguise themselves as the parcel service. This method of fraud involves unsolicited mobile text messages indicating that the delivery is waiting for your action, with an unrecognized web link to click on in the message body. Do not follow the link. This type of fraudulent campaign is a fraud called smishing. Below in this article, we provide some details about this USPS text message scam.

EXAMPLE of USPS scam text (USPS unable to deliver text):

USPS Currently Awaiting Package
Undeliverable as Addressed(UAA) Problem with Address
USPS Allows you to Redeliver your package to your address in case of delivery failure or any other case. Nowadays, users often come across scheduled delivery USPS text scams.
You can also track the package anytime, from shipment to delivery.

How Does the USPS Text Message Scam work?

The United States Postal Inspection Service (USPIS) warns people of an increased risk of smishing scams that use the US Postal Service as a facade. The USPS text fraud trick victims into downloading malware onto their phones or sharing personal information with the USPS package in the hopes of stealing victims’ identities or emptying bank accounts.

Soon after making a purchase online, the scammer obtains access to the victim’s device. They can then take advantage of the confusion caused by receiving a package quickly to collect personal information. This scam also works well on individuals who recently ordered a gift delivery.

How to report USPS related smishing:

If you have received USPS scam text, you can report it. To do USPS package-related smishing, email spam@uspis.gov.

• Сopy the body of the suspicious text message and paste it into a new email without clicking on the web link.
• Enter your name in the email, and also add a screenshot of the text message showing the sender’s phone number and the date sent.
• Include any relevant details in your email.
• The Postal Inspection Service will contact you for more details.

Complaints of non-USPS related smishing can also be sent to any of the following law enforcement partners of the U.S. Postal Inspection Service:

• The Federal Bureau of Investigation’s (FBI), Internet Crime Complaint Center (IC3)
• The Federal Trade Commission.

The Right Way to Arrange a Redelivery

The USPS text scam recently warned the public about a popular scam involving fake mail notifications. They provide instructions on how to report bogus text messages sent by scammers. The first step to protecting yourself from data harvesting is to always double-check that the official site your data is being delivered to matches the URL you see on the landing page. Be careful with the USPS text message hack.

This way, you’re sure to catch any mistakes before they occur. No matter the delivery service, always pay attention to the URL on the landing page and ensure it matches up with the official site you’re familiar with. Failing to do so can lead to them following up on your data later with no guarantee that they won’t reap your information if they make a mistake.

The post USPS Scam Text 2024: “Your Package Could Not Be Delivered” appeared first on Gridinsoft Blog.

What is Phishing?

Phishing is a malicious practice where attackers trick individuals into revealing sensitive information through fake emails that look legitimate. The victim willingly provides their credentials, which cannot be considered extortion or malware .

Phishing attacks, accounting for 39.6%, are the most common type of cyber attack and are frequently combined with other forms of malware such as HTML, URL, PDF, and executables.

Phishing techniques are diverse, and it is nearly impossible to list them all without missing some. Nevertheless, several methods are currently the most prevalent. These methods have always been widely used due to their simplicity and the high likelihood of successfully trapping the victim.

Various types of phishing attacks include spear phishing, whaling phishing, angler phishing, pharming, pop-up phishing, and others. Spear phishing targets regular employees, while whaling phishing targets high-profile employees, such as C-level executives.

Whaling Phishing

The whale is often considered the ruler of the ocean, symbolizing high authority. In the realm of phishing, ‘whale’ refers to C-level executives. These executives hold significant power within an organization, and the metaphor draws parallels between these influential individuals and the ocean’s king.

Due to their power and authority, C-level executives are targets for whaling attacks, which aim to deceive and exploit them, leveraging their access to sensitive information and decision-making abilities. When a CEO requests an urgent task from an employee, it is usually prioritized and completed quickly.

Whaling phishing is not characterized by special types of spreading. It is distributed via email, SMS, and voice like any other phishing attack. Let’s explore them through real-world examples.

Examples of Whaling Attacks

At their core, the common thread in examples of past successful whaling campaigns aren’t too dissimilar from successful phishing campaigns: The messages are seemingly so urgent, so potentially disastrous that the recipient feels compelled to act quickly, putting normal security hygiene practices by the wayside. Scammers writing successful whaling emails know their audience won’t be compelled by just a deadline reminder or a stern email from a superior. Instead, they’ll prey upon other fears, such as legal action or being the subject of reputational harm.

In one example of a whaling attempt, several executives across industries fell for an attack. They laced with accurate details about them and their businesses that purported to be from a United States District Court with a subpoena to appear before a grand jury in a civil case. The email included a link to the subpoena. When recipients clicked the link to view it, they were infected with malware instead.

Phases of Whaling Phishing Attacks

Here three phases in the phishing attack also apply to the whaling attack:

1. When an attacker wants to access a system, the first step is to research the potential target. Learning about their position within the company and their relationship with other employees.
2. Once the attacker has gathered enough information, they will create a customized phishing email that looks legitimate. (This is how the HR and Finance departments from Seagate and FACC Cyber Heist were deceived)
3. The attacker will trick the target into clicking on a link or attachment. If the victim falls for the trick, the attacker must bypass security measures and inject a malicious payload. Then, they can steal data and sensitive information.

Defending Against Whaling Attacks

If you are an executive or someone who might be a target of whaling, you should remember the standard prevention advice for phishing attacks. It’s essential to be cautious of clicking on links or attachments in emails, as these attacks require the victim to take some action to be successful.

Implementing whaling-specific best practices can help organizations harden their defenses and educate potential targets.

It’s essential to be aware of the information public-facing employees share about executives. Whaling emails can seem more genuine if they include readily available online details. It can be birthdays, hometowns, favorite hobbies, or sports. Whaling emails can appear even more legitimate during major public events, like industry conferences or company events. Therefore, it’s essential to remind executives and spokespersons to exercise caution while checking their inboxes, particularly during high-publicity events when they are likely to be in the spotlight.

The post What is Whaling Phishing and How To Recognize and Avoid It? appeared first on Gridinsoft Blog.