The Phantom Hacker Scams

The FBI has warned the public about a recent increase in phantom hacker scams nationwide. This fraudulent activity mainly targets senior citizens and is an evolved version of tech support fraud. Back in August 2023, losses from such scams have increased by 40% compared to the same period in 2022. For specific numbers, during the first half of 2023, nearly 19,000 individuals reported falling victim to tech support scams, resulting in over $542 million in losses.

According to the statistics, scammers often target older adults. Around 66% of total financial losses are suffered by victims over 60. Seniors usually have much more savings than younger age groups, making them more attractive targets for criminals. Additionally, older adults are more mindful of potential life-saving risks, making them vulnerable to calculated scams.

How Do These Scams Work?

The scam process is divided into three stages, each aiming to increase the victim’s level of trust. The perpetrators behind phantom hacker scams employ social engineering to deceive their victims.

1. Initial Contact. Fraudsters pose as computer technicians from well-known companies. They convince victims that their computers have serious issues, particularly malware, and that their financial accounts are also at risk due to foreign hackers.

2. Follow-Up. Accomplices then impersonate officials from financial institutions or even the U.S. government. They persuade victims to transfer their money from supposedly vulnerable accounts to new “safe” accounts, all under the guise of government protection of their assets.

3. The Deception. Obviously, there was never any foreign hacker. Instead of safe accounts, the scammers now fully control the victims’ money. The funds vanish together with the “technicians” and “govt agents”, leaving victims devastated.

Safety Recommendations

To summarize, it is worth remembering the rules of telephone communication again. Here is a list of “Don’ts” that you should follow to minimize the risk of financial loss:

• Don’t Trust Unsolicited Calls. Be cautious when receiving an unexpected call claiming to be from tech support or a financial institution. Scammers often impersonate legitimate organizations to gain your trust. To protect yourself, please end the call without providing any personal details. Additionally, consider setting up a blocker for such calls.
• Don’t Share Personal Information. Never share sensitive information when you receive a phone call unless you initiate the call. Sensitive information includes your credit card information, bank account number, social security number, or passwords. Before sharing any sensitive information, verify the identity of the person independently.
• Don’t Rush Decisions. Scammers often use urgency to pressure victims into making hasty decisions, resulting in funds being transferred without understanding the situation. Take your time. Ask questions, seek advice from trusted sources, and don’t let anyone rush you into making financial commitments.
• Don’t Transfer Funds. Proceed cautiously if someone asks you to transfer money based on an unsolicited request. Contact your financial institution directly using official contact information to confirm the transaction.
• Instruct Your Elderly About the Threats. Aside from showing more trust towards strangers, older generations often struggle to find security news in time. Consider explaining the dangers and the ways to understand they’re talking to a fraudulent person.

The post Phantom Hacker Scams On The Rise, Target Elderly appeared first on Gridinsoft Blog.

What is Windows Defender Security Warning?

Fake Windows Defender Security Warning (Microsoft Security Warning) is a malicious attempt to deceive users into believing their system is compromised or at risk. In reality, these warnings are part of a scam. Cybercriminals create deceptive pop-up notifications or messages that mimic the appearance and language of genuine Windows Defender alerts. These counterfeit warnings often use scare tactics.

Usually, such sites claim the presence of malware, viruses, or security breaches on the user’s system. They aim to trick users into taking immediate, unwarranted actions. It can be clicking on malicious links, downloading fraudulent software, or providing sensitive information like login credentials or credit card details.

What makes these fake warnings even more convincing is the abuse of Microsoft Azure services. In short, Microsoft Azure is a reputable cloud computing platform that provides tools and services for legitimate purposes, including hosting websites and applications. However, cybercriminals exploit Azure’s flexibility to host their malicious landing pages and phishing sites, thereby lending an air of legitimacy to their schemes.

By leveraging Azure, scammers can secure SSL certificates and create deceptive subdomains, making their fake security warnings appear more convincing. They use Azure to build seemingly genuine login forms and landing pages, often targeting users with Microsoft, Office 365, Outlook, or OneDrive accounts.

How Does This Scam Work?

There are two most common scenarios for this kind of scam, and we’re going to look at them now.

Fake Login Page

In the first common scenario, attackers launch spam email campaigns that appear to originate from a reputable organization. For example, these scammers do their best to trap victims by mimicking the official login pages for Microsoft, Office 365, Outlook, and OneDrive. More often than not, these pages are indistinguishable from the real thing. For example, they may have a Microsoft logo, the correct color schemes, and even a nearly identical URL. Many users may genuinely believe they are on a legitimate Microsoft page.

To make their attacks even more convincing, attackers use Transport Layer Security (TLS) certificates. These certificates encrypt data between a user and a website and often serve as an indicator of trust. In this case, the certificates issued by Microsoft Azure TLS Issuing CA 05 for the *.1.azurestaticapps.net domain make the fake pages indistinguishable from the real ones. Attackers go even further to make their phishing pages attractive to attack users of other platforms such as Rackspace, AOL, Yahoo, and other email services. In this case, the spoofing becomes particularly camouflaged thanks to legitimate Microsoft security certificates.

When users are trying to determine if a phishing attack is targeting them, they are usually advised to carefully check the URL in the browser bar when prompted to enter credentials. However, in the case of phishing campaigns abusing Azure Static Web Apps, this advice is meaningless, as the azurestaticapps.net subdomain and the presence of a valid TLS security certificate will fool many users.

Tech Support Scam

Fake Microsoft Technical Support Scam – involves a scheme in which attackers impersonate Microsoft representatives or certified technicians. Usually, this scheme starts with a phishing site that contains a fake Microsoft Security Warning. This leads to the victim calling the scammers, hoping to get help solving the “problem”. They may use a variety of techniques to gain the attention and trust of potential victims. But, sometimes, scammers call random users and claim that the user’s computer has serious problems, viruses, or security breaches and offer to help resolve them.

To “help” users, scammers may ask permission to control the computer remotely. If the user agrees, attackers gain full access to the system and can install malware or steal personal data. In addition, scammers often ask the user to provide personal information such as credit card numbers, passwords, addresses, and other sensitive information.

How To Avoid These Scams?

To avoid falling victim to phishing scams like the ones abusing Azure Static Web Apps, it’s essential to follow the next practices for online security and remain vigilant. Here are some steps you can take to protect yourself:

• Check URLs before entering data. You should check the URL in the address bar when you’re asked to enter your account credentials on a login page. Look for any unusual subdomains or misspellings that could indicate a phishing site. Ensure that the domain is the official one for the service you’re using.
• Be careful with suspicious emails. Please don’t click on links or download attachments from unsolicited or unexpected emails. Always verify the legitimacy of an email, even if it appears to come from a trusted source.
• Verify the Source. When you receive an email requesting sensitive information or actions, contact the supposed sender directly through official channels to verify the request’s authenticity.
• Use a Password Manager. Thus, you can create strong, unique passwords for your online accounts. This prevents a single compromised password from affecting multiple accounts.
• Enable Two-Factor Authentication. Whenever possible, enable 2FA for your online accounts. This adds another layer of security and requires a second form of verification, such as a temporary code sent to your phone.
• Educate Yourself. It is crucial to keep yourself updated on the latest phishing techniques and common scam tactics to stay informed and protected. Be vigilant and cautious while browsing the internet or dealing with suspicious emails or messages. The more you know, the better you can protect yourself.
• Use Security Software. We recommend installing reputable anti-malware solutions on your devices. It can help detect and block malicious websites and emails.
• Keep Software Updated. Keep your operating system, web browsers, and security software up-to-date. This ensures that any known vulnerabilities are fixed.

By following these precautions and maintaining a healthy level of skepticism, you can significantly reduce the risk of falling victim to phishing scams. Cybercriminals continuously adapt their tactics, so staying vigilant is essential to your online security.

The post What is Microsoft Security Warning Scam? appeared first on Gridinsoft Blog.

Fake Amazon and Microsoft call centers busted

Indian authorities, in collaboration with Amazon and Microsoft, conducted Operation Chakra-II to crackdown on 76 illegal call centers across at least 11 states in India. These call centers posed as tech support for Amazon and Microsoft customers and defrauded over 2,000 individuals. This marks the first time two major companies have collaborated to combat online and tech support fraud. The Central Bureau of Investigation of India (CBI) led the Chakra-II operation.

On the other hand, Amazon said this:

Country-level scam

Perhaps almost every user has seen the “Hello Your Computer Has Virus” meme or jokes about Indian men calling people and introducing themselves as Microsoft tech support. So, India is a fertile ground for a thriving network of scammers. The Hindu tech support scam can be considered a worthy competitor to the Nigerian Prince scam. Primarily, scammers run illegal operations from call centers masquerading as legitimate businesses.

According to the FBI, tech support call centers fraud victims lost more than $1 billion in the US last year, with scammers mainly targeting older people. Nearly half of the victims were over 60, and they accounted for 69%, or more than $724 million, of the losses. Many of these scams target customers of Amazon and Microsoft, two of the largest companies in the tech industry. Unsurprisingly, these companies have banded together for the first time to fight against these scams.

How did this scam work?

The Central Bureau of Investigation (CBI) recently revealed that fraudsters have been pretending to be Amazon and Microsoft customer service agents. They have been contacting victims through online pop-up messages that appear to be real security alerts from these companies. The pop-up message claims that the user’s computer is experiencing technical issues and provides a toll-free number to contact customer support. However, the phone number actually belongs to the fraudsters’ electronic call centers. By the way, we have an article dedicated to breaking down this scam scheme.

Once the victim calls scammers, they, with some trickery, remotely access the victim’s computer and show them fake problems. They then charge the victim hundreds of dollars for fake solutions that were not needed in the first place. This fraudulent activity has allegedly been going on for the past five years. The fraudsters use various international payment gateways and channels to move the illegally obtained funds.

CBI exposes fake call centers

As part of five separate cases, a nationwide crackdown was conducted in Delhi, Punjab, Haryana, Himachal Pradesh, Uttar Pradesh, Madhya Pradesh, Karnataka, Kerala, Tamil Nadu, and West Bengal, which resulted in the confiscation of 32 mobile phones, 48 laptops/hard disks, 33 SIM cards, and pen drives. The operation also seized numerous bank accounts alongside 15 email accounts that were associated with the scammer network.

While the CBI did not disclose the number of arrests made during the operation, it was revealed that the illegal call centers had targeted more than 2,000 Amazon and Microsoft customers. The victims primarily reside in the US, Australia, Canada, Germany, Spain, and the UK. Amazon also confirmed that it had removed over 20,000 phishing websites and 10,000 phone numbers from impersonation schemes in 2022. The company reported hundreds of attackers worldwide to authorities.

Is it the end of Amazon/Microsoft Tech Support scams?

Not really. Frauds like that are exceptionally profitable, so there will always be a temptation to restart it. Sure, current con actors are detained, but nature abhors a vacuum. Where one group of crooks is no more – another will pop up rather quickly.

Though, the impunity myth these guys were bearing on is now busted. Further scams will be either more concealed, distributed, and/or reliant on less traceable technologies. Will they be more effective with all these upgrades? This is what we are about to discover.

The post Fake Amazon and Microsoft Tech Support call centers busted appeared first on Gridinsoft Blog.