What is Catfishing?

In brief, catfishing is the creation of a false identity to lure a victim into an online relationship. However, besides catfishers, there are other types of imposters, scammers, and internet trolls using similar tactics. Although the meaning of their actions is the same, their motives are different. For example, trolls hide under the cloak of anonymity mainly to engage in cyberbullying, sow discord, and assert themselves at the expense of other Internet users. Scammers conceal their true nature to gain financial profit, about which we have a dedicated article. The primary purpose of catfishers is to create longer term relationships, the reasons for which we will talk about next.

While this problem has been exacerbated traditionally during the pandemic, it is nothing new. The first serious mentions date back to 2010 when Nev Schulman shed light on the topic in the documentary Catfish. This was followed by the reality show Catfish: The TV Show, indicating that this scam is thriving. Thus, the FBI noted a 22% increase in romantic relationship scam complaints between 2019 and 2020. Moreover, the FBI has officially warned that there are risks of encountering a romance scam or catfish. This is not surprising as social media’s gaining popularity gives a green light to potential scammers in terms of personal information and photos.

How Does Catfishing Work?

Generally, the term catfishing comes from the movie mentioned above, which tells how live cod were shipped to Asia from North America. Due to the fish’s inactivity in the tanks, only the softened flesh reached its destination. However, the fishermen found that putting the catfish in the cod tanks kept them active and thus ensured the quality of the catch. In addition, a character in the movie states that his wife acts like a catfish, making life interesting for those around her. The title of the movie and this tactic is based on this dialog, hence the term “to catfish”.

In fact, the reasons for such behavior of people are not a good life. Most often, such people are lonely in real life and have low self-esteem. Some catfishers may sometimes troll, retaliate, engage in cyberbullying, or extort money from the victim. Also, in some cases, these may be the first steps to kidnapping or physical abuse. Whatever the case, if catfishing is detected, we recommend that you stop such communication as soon as possible.

While catfishing is not illegal in general, its derivatives, such as stalking, extortion, intimidation, and other scams, are unlawful. Not all the catfishing cases lead to these illegal areas, but that does not make it more of a pleasant experience either.

Signs You’re Being Catfished

Identifying signs of catfishing paying attention to various clues that may hint at deceptive online behavior. For example, the individual’s social media presence, number of followers or friends, profile photos, etc. Unfortunately, proving catfishing can be pretty tricky. It will likely require you to expose your personal life to investigators. It also involves monitoring all your devices. Therefore, we recommend taking preventive measures: if you suspect that you are dealing with catfishers, we recommend that you document all communications, especially if you are sent photos or asked for money. It would also be advisable to consult with a trusted adult. Now, let’s move directly to the signs of catfishing.

Few followers or friends.

Catfishers create smurf social media accounts to create a sense of authenticity and reliability. They carefully craft their online identity to give the impression that they are real people with busy social lives and a wide circle of friends. A real person who is active on social media usually has a decent number of connections, including friends, family, coworkers, and even casual acquaintances. If a person is said to have an active online life, but has very few followers or friends on social media, this is a red flag, as it contradicts the idea of an active and engaged person. It is important to note that not all people with few followers on social media are catfishers. Some people may simply be less active on social media and have more engagement IRL.

They’re using someone else’s photos or haven’t changed profile photos in a long time (or ever).

Profile photos play a critical role in online interaction as a visual representation of a person’s personality. Catfishers have limited options for updating their profile photos for several reasons. First, they carefully craft their fictional image. Changing a photo means making edits to their image. Second, because these photos are someone else’s, and therefore stolen, catfisher simply may not have enough photos. If you suspect the person is using someone else’s photos, do a reverse google search on the photo. There is a good chance you will find the original source of the photo.

Go to the profile of the person we're interested in

Use a reverse google photo search to find the original source of the photo

Lookup the source of the main photo fake profile

All photos are professional.

Ordinary people, on the other hand, tend to use more ordinary photos that capture themselves and their daily activities. Professional photos, such as headshots or business cards, can be a red flag. If the photos are all taken from the same angle or in the same lighting, it could be a sign that the photos were taken professionally and do not show the person they claim to be. This also applies to photos where the person is posing against exotic locations or expensive objects. These are signs of ostentation, hence the person is trying to look more spectacular than they really are. The flip side of this is the overuse of filters and effects. If the photo is over-edited or the face is covered with a sticker, most likely the person is trying to hide their appearance. That is not always the sign of catfishing, but should raise concern either way.

So, these were the basic outward signs that may indicate that you are dealing with catfishing. Next, we will break down the red flags directly when communicating as well as the behaviors that give catfishers away.

Their story doesn’t add up.

It may be if someone’s story seems too good to be true. Catfishers are often skillful manipulators who understand the human desire for connection and validation. They concoct elaborate stories, sometimes in real-time, capitalizing on our hopes and dreams. They paint a picture of a perfect life filled with success, love, and adventure. Often, these stories are too perfect, flawless, and in tune with our desires, making them all the more enticing. However, if you listen closely, you may notice inconsistencies and contradictions. Details may not match, timelines may not make sense, and experiences may seem too outlandish to be true. These inconsistencies are often subtle and easy to overlook. If something in the interlocutor’s story is unsatisfactory, you should pause and investigate further. Be bold, ask questions, ask for clarification, and look for inconsistencies.

Once again, all this may take place with a real person. Such signs should be reviewed in the overall context of the personality. Simply put, it is not a serious concern when it is the only sign, but in combination with others – no bueno.

Their life sounds too exciting.

In addition to the previous point, catfishers often make up identities that seem more exciting than their own lives. They do this to gain trust and admiration: by portraying themselves as successful, adventurous people, they build trust and make themselves more attractive to their victims. On the other hand, catfishers may use the images they invent to escape from their ordinary lives or to compensate for feelings of inferiority. Genuine connections are built on honesty and authenticity. When the person’s life is too good to be true, it means either your companion is not telling you something or is a storyteller (liar). Listening carefully to the person’s stories is essential, especially if they seem overly exaggerated or unrealistic.

Conversations get personal quickly.

Suppose you have just recently met someone online, and the person you are talking to immediately tries to get personal. This is not a good sign in every sense, both online and in real life, as it goes against the natural development of a real relationship. Catfishers create a false sense of intimacy by making their victims feel closer to them. In addition, by taking the conversation personally, catfishers can manipulate their victims’ emotions, making them more susceptible to their influence. Of course, malicious motives have never been eliminated. By eliciting personal details, catfishers can gather valuable information about their victims’ lives. They may use it for financial gain, other malicious activities and even other catfishing episodes.

One-side information sharing.

To begin with, let’s clarify that genuine relations involve the mutual sharing of personal information. People gradually share details of their lives, thoughts, and experiences as they get to know each other. However, catfishers may ask for some personal information while keeping quiet about their lives. This is also a red flag because in typical communication, both parties share personal details gradually, creating a balanced exchange of information. Of course, it can be the other way around; when it’s more important for a person to speak out and say what you would like to say, they don’t care. Though, that is a different topic we are not talking about today.

They’ve never sent you a casual selfie.

On-the-fly selfies showcase a person’s daily life, interests, and personality, giving a glimpse into their true nature. However, as previously stated, catfishers have limited photos; hence, they must keep track of which photos they can send and when. For example, if a person tells you that they have been to an event but have not sent any photos from that event, it is a reason to think twice. On the other hand, if a person sends an abstract photo where they are not in the frame, you can once again perform image search on Google. Chances are, it’s not his photo, but it was taken from the Internet.

You can’t find any trace of them online.

In the age of social media and the internet, it’s tough to be online without leaving a digital footprint. However, catfishers often create fake identities and personas, avoiding creating an authentic online presence that would leave a trace of their digital existence. If you have investigated, done a thorough search, and found no data or even the photo’s source, you are most likely dealing with a virtual. For example, it could have used https://thispersondoesnotexist.com to generate the photo.

This though is one more 50/50 sign, as there are enough people who do not share a whole lot about them online. Information security becomes a more widespread concern with time, and to be honest – these are not the worst practices to follow.

Avoiding Phone Calls.

Communicating by texting is very limiting because texting will not convey emotion. Obviously, a person who wants to communicate will be happy to talk on the phone. Yet if a person prefers texting but avoids talking on the phone, this becomes a red flag. Catfishers often avoid phone calls because they find it easier to manage their personality through text messages. Avoiding phone calls and asking to continue communicating only by texting is a clear sign that the person lurking behind the screen is not who they say they are.

They’re reluctant to meet in real life or video chat.

As mentioned above, the catfishers’ destiny is typing, nothing more. However, any prolonged communication sooner or later comes to video calls and sometimes leads to real-life meetings. This is not true for catfishers. Such people will find thousands of excuses to avoid a video call, spending half a day explaining the reason, but never agreeing to a video call or meeting. Thus, if you communicate with a person who avoids live communication in every possible way, preferring to communicate only by correspondence, it is a reason to think about ending communication with such a person. In such a case, it is the same as communicating with an AI chats, and they at least openly declare not being a person.

Make plans with you, but repeatedly cancel.

In some cases, catfishers may agree for a video/phone call or even a meeting. However, at some point, they backpedaled and canceled all plans under the guise of excuses. They will tell convincing excuses every time, but the result is the same – no meetings and calls, only correspondence. An important note: any meetings with strangers are important to organize in a crowded place on neutral territory.

Safety recommendations

Online dating is always a lottery, but knowing the signs of fraud is more accessible to avoid. Here are some recommendations for preventing problems when dating and communicating online.

• Always be suspicious. Internet scammers are masters of their craft; if they wish, they will find a way to put your vigilance to sleep. However, the philosophy of zero trust and healthy skepticism will not allow them to do it so easily.
• Take your time. Since catfishers often have some purpose, they prefer to skip the foreplay. It’s essential to resist this tendency and discourage attempts to “get right to the point.”
• Keep in touch. Indeed, we have someone with whom we share our experiences and events. Let someone you trust know about your “new friend.” This can help you make informed decisions. Also, involving another person can serve as an early warning system.
• Be careful about sending photos. Take your time to be the first to send photos to a stranger. Instead, offer to talk on a video chat to prove their personality. Catfishers usually communicate with several victims at once. Once the catfisher has your photos, he may send them to another victim. When it comes to intimate photos, catfishers can further use them to blackmail you.

The post What is Catfishing? Explanation & Ways to Avoid appeared first on Gridinsoft Blog.

What are online shopping scams?

Online shopping scams are what it sounds like. Websites, often poorly-made or copying each other’s designs, offer absolutely anything for sale. Some of them are dedicated to a certain topic, some are not, but all of them boast of huge – up to 90% – discounts. To attract users even more, sites offer free delivery for orders that exceed $50-70.

But, as you may guess, none of these claims are true, including even the goods from the website. People who ordered from these sites either do not receive the order at all, or have low-quality/irrelevant item delivered. Additionally, there is a suspicion that an ongoing “USPS delivery failure” scam campaign uses personal data leaked from these sites.

Shopping scam sites often adjust their themes corresponding to the current events. In May, after the Bed, Bath & Beyond bankruptcy, rascals began opening “Bed Bath & Beyond stock liquidation” sites. Upon financial troubles of the UK-based retailer Wilko, they began to mimic this retail chain as well. Other retail chains that do not have such troubles are copied, too, just without a notice about stock liquidation.

Halloween Online Shopping Scams – What to Expect?

Well, based on what I have seen under the mentioned cases of Bed, Bath & Beyond and Wilko, it is possible to predict some of the features of the scams to come. As usual, they will boast of huge discounts and free delivery for the orders over 5 cents. Local concentration of Halloween scams though is not tied to a specific brand, thus I expect to see them targeting users in both Americas, Europe and the UK.

Another edge of the story is the way cheaters will promote these scams. The majority of fraudulent shops usually use advertisements on Facebook or sites that do not filter the content they promote. This time, things won’t be much different – most likely, these “halloween discounters” will promote themselves with slogans like “purchase the Halloween stuff you’ve missed so far!”.

Actually, a couple of scams on this topic appeared back in late August. Possibly, they tried to play on folks who are going to have all things bought in advance. Though, these early hatchlings can give quite a good depiction of a Halloween-themed scam website.

How to protect yourself?

Being aware of ongoing scam campaigns already makes it harder for scammers to steal your money. Nonetheless, they constantly try to make their phishing place better. More realistic claims, less discounts, less templated websites – it may be not that easy even for experienced users to uncover the scam. Nonetheless, there are a couple of signs that fraudsters can never get rid of. Let me explain each one.

Recent registration date. Why would a long-running retail chain establish a separate site for Halloween items? Most scam sites, even those who do their best to look genuine, are registered less than a month ago. Keeping them up for longer in idle mode, just to clear up the image, cuts possible profits, while active scamming ends up with a domain ban rather quickly.

You can check the date of domain registration on any domain lookup utility available online. Using GridinSoft Online Domain Scanner, you can also see the status conclusion from our network filter.

Dubious URL. As branded or harmonically-looking domain name costs quite a penny, frauds are off to use URLs like stremgtvs.com or sadnfqemma.com. Obviously, none of legit shops will ever stick to such a name – it is just irrelevant for building their brand image. Another element to watch out for is the domain name zone. Con actors typically opt for cheaper ones, like .xyz, .shop, .site and the like.

Absence or scarce support options. This is yet another thing that goes from the purpose of the site. Genuine shopping websites will offer to contact support via email, sometimes even several ones, catch them on a phone, or even in a live chat. Scam sites will most likely end up with a single address that will never respond. In some cases, crooks use a single “support” email address that remains the same for different scams. This makes it possible to track related scam sites with a simple Google search dork.

Offers to use an untraceable/uncontrolled payment method. This is a rare occurrence, and it obviously requires you to go further into the scam. If the available payment methods are crypto transfers or Venmo/CashApp payments, be sure that you’re facing a scam. While being used in a number of benevolent businesses, these payment methods are either untraceable or do not suppose any returns. This implies that once your money is out, that’s no way back – quite a suitable option for fraudsters.

The post Halloween Shopping Scams — Ways to Detect & Avoid appeared first on Gridinsoft Blog.

Wilko Shopping Scams Emerge As Business Struggles

Hard times happen in every business, and retailers appear to be the most susceptible to problems over the last few years. Supply chain issues, lockdowns with sharp decrease in consumer demand, inflation surge – all this poison any retail chains. And those that had previous issues experienced compounded effects. Earlier, US-based Bed, Bath & Beyond chain went bankrupt due to the impossibility to go profitable and get any funding. Wilko was expected to be the next, because of unsolved financial struggles since early 2022. In early August 2023, the company announced massive layoffs and store close-outs, needed to ease reaching profitability. Excess goods stored in warehouses are also going to be sold.

But what is woe for company employees and management is a way to earn money for rascals. Fraudsters chose the topic of warehouse stock clearance to bait users into ordering stuff at their sites. These websites look similarly to a real Wilko page, and sometimes even have the legitimately-looking URL. Nonetheless, all this is a complete fake – hackers simply take your money and vanish. In rare cases, they can actually send you a package, but you won’t find anything even remotely resembling your order. Boulders, cheap trinkets worth a nickel, empty bottles – that’s it.

Who is in danger?

Wilko is the UK-exclusive retail chain, so that’s not much of a chance for someone to be interested in buying their stuff abroad. For that reason, the main audience of all these scams is in Britain. And be sure, stuff like household goods, homeware, kitchenware, cleaning products, garden supplies and the like at a huge discount is a desired thing for a number of people.

Key places where crooks promote such scam sites are advertisements in social media. Upon launching campaigns in Facebook, they opt specifically for users who are interested in goods they offer – just like proper ad campaigns do. This makes it quite hard to weed out for target users. Fortunately, there are several notable elements present on each of such sites that clearly say that it is a scam.

Ways to Tell Wilko Shopping Site Is a Rip-Off

• Website information. It does not appear on the exact page, but using free domain lookup services you can easily find some facts about it. Among other things, check out for the registration date. Scam sites commonly exist for a couple of weeks, rarely longer. Then either a hosting or the fraudsters shut them down. The latter happens when they’ve scammed enough people and it’s time to go. If the site started days ago, and there’s no info about its owners, while it is pretending to be a representative of the Wilko chain – beware.
• Domain name. If you’d have a business, would you pick a domain name close to its name, or an unpronounceable thing like afaobmy.com? That’s a rhetorical question. Aside from using mismatching names, such pages commonly use the cheapest top-level domains possible. Things on .site, .online, .shop or .store domains cost pennies, but are not likely to be picked for legitimate businesses.
• Contact information. Normally, you will find several contact emails, phones or even a link to a support service that is ready to answer questions and resolve issues. These pages, however, have only one email address mentioned as a contact, and it is not a responsive one. Some variants of Wilko sell-off scams do not even bother creating a legitimate look and do not offer any at all.
• User feedback. Genuine sites, even if they are not running for a long time, have feedback right on page or on specialised resources that collect feedback about such places. You won’t find any reviews on the exact site, and places from the outside will likely be full of people curious about their undelivered goods.
• Offers. Well, sell-off of warehouse stock supposes lower prices – you can often see 30-40% discount on these events. But 80-90% offs, even though they may sound miraculous, are not true. There is also a repeating header seen on numerous similar scam websites that offer free delivery if your order exceeds a certain sum – £50-70. The sum is relatively small, though due to the discounts, it can take numerous items to meet the number. This creates a psychological trick, when the victim is eager to order and pay for all things more quickly and get the ordered stuff, forgetting about any concerning indicators.

List of sites noticed in Wilko clearance shopping scam campaign:

Seeing any of these red flags is a reason to think of stopping any further deals with this site. Unfortunately, if you have already paid for something, it is likely that your money is lost. Still, there are steps to take if you fell victim to a scam.

What can I do as a victim of the Wilko Stock Liquidation Scam?

Bad things can happen to anyone, scams are just another possible scenario. And not the worst situation, to be honest – there are a lot of things you can do once you uncover it. They are mostly related to making your friends and authorities aware of the scam, and trying to get your money back.

First of all, contact your bank. Despite being mentioned the last, it is the first step to do, as banking operations are time-sensitive. Gather as much payment information as possible from the transaction with the scammers. Then, reach out to your bank – by phone, email/online support, or even come an actual branch. Ask them for a refund for the transaction to the scammers. This may require the info I’ve just mentioned, and some time to complete. Nonetheless, there is a high probability of success if you do this in less than a week after the fraudulent transaction.

Notify the authorities. Online hopping scams are as outlaw as any real-life scam. Notifying the corresponding authorities will at least speed up the website shutdown by the hosting. It also gives additional clues that may help to find and punish the scammers. This may need more time than any of us would desire, but will still happen at the end.

Tell your friends, colleagues and relatives about the scam. The more people are aware of the fraudulent site, the less likely scammers are to find new victims that easily. If your friends tell the same story to their friends, the effects increase even further. By raising awareness, you will probably save someone a hundred pounds or even more.

The post Wilko Stock Liquidation Scams – Fake Shopping Sites appeared first on Gridinsoft Blog.

The Season of Back to School Scams

Cybersecurity researchers discovered a scam campaign that uses PDF files. Under the guise of a helpful back-to-school tips document, attackers distribute a file that leads victims to a malicious website. The file’s first page contains a fake captcha that is supposedly supposed to screen out bots. The next page had advice for parents and students to return to school. However, instead of an actual captcha, the document contains a picture that, when clicked, opens a malicious site. This is all done to encourage unsuspecting victims to click on the captcha.

Identity theft, ad targeting, and tracking are all potential risks of sharing personal information online. Attackers can use your information for fraudulent purposes, companies may target you with unwanted ads, and your activities may be tracked and used for various purposes. It is also widespread for scammers to sell stolen information on the Darknet.

A malicious site of Russian origin

As I mentioned above, clicking on the captcha opens a fraudulent website that contains the domain “ru” and the text “all hallows prep school uniforms”. In addition, before reaching the actual site, the user is thrown through several redirects. The site sets cookies, tracks behavior, and collects data on user interactions. Although, according to the analysis, the target audience is the US and India, 11 of the 13 domains detected were Russian, and two were South African. Here’s their list:

• getpdf.pw
• jottigo[.]ru
• luzas.yubit[.]co[.]za
• trafffe[.]ru
• gettraff[.]ru
• ketchas[.]ru
• traffine[.]ru
• cctraff[.]ru
• leonvi[.]ru
• norin[.]co[.]za
• maypoin[.]ru
• traffset[.]ru
• trafffi[.]ru

These were all created in 2020 and 2021 and use Cloudflare name servers.

Seasonal scams

Scammers become particularly active like any other event, whether it’s Black Friday, summer vacation season or Christmas. The following are the most common fraudulent schemes. Knowing which ones you can prevent unpleasant consequences.

• Identity theft. Scammers can use identity theft tactics to target students and parents. It can be accessing school databases, creating fake enrollment forms, and posing as educational institutions or retailers through phishing emails. All this aimed to steal personal information and login credentials.
• Deepfake AI scams. Since the AI epochs are in full swing, scammers are taking full advantage of it. They use deepfake AI to create convincing voice recordings of school officials and mimic students’ or teachers’ voices to trick parents into making payments or sharing personal information. Usually, these scams take advantage of the trust and urgency surrounding back-to-school activities.
• Shopping scams. Similarly Black Friday, as the demand for shopping increases, so does the number of scams. Scammers create one-day websites where they sell low-quality goods. In addition, the victim often receives nothing at all after payment. Beware of fake online stores, fraudulent social media ads and phony package delivery emails are common tactics used to steal personal information and payment details.
• Tax-free scams. Scammers offer false promises of debt reduction or forgiveness, or fake scholarships/grants, demanding upfront payments or personal info. Common scams include student loan forgiveness and scholarship/grant scams. Be cautious and do not give out personal information or pay upfront fees. Check with the Federal Trade Commission or your state’s attorney general’s office to verify legitimacy.

The post Back to School Scams Expand As August Begins appeared first on Gridinsoft Blog.

What’s a .zip domain?

Some time ago, Google allowed new Top Level Domain (TLD) names for registration. Those are .zip, .mov, and .phd. Now everyone can buy a domain with the .zip extension, just like purchasing domains with .com or .org extensions. However, the security community has expressed concerns about the potential risks associated with these new TLD.

Experts have discovered that cybercriminals are using .zip domains to deceive users into believing that they are downloadable files when they are URLs. Research indicates that one-third of the top 30 .zip domains can be blocked by our threat detection engines utilize the names of prominent tech companies, including Microsoft, Google, Amazon, and Paypal, to fool people into thinking they are trustworthy files associated with these reputable companies.

Earlier, such concerns appeared about TLDs like .xyz, .online, .biz, .info, .ru, .life, and .site. However, they were mostly true – the vast majority of sites using these domains were used in phishing, shopping scams and pop-up advertisements spam. This time, however, things could be worse.

Security Risks of .Zip Domain

These .zip domains are blurring the lines between a file and a website and making it harder to tell what’s what. One primary concern is the potential for file mix-ups, which can make it hard to tell apart local and remote sources, posing a security threat. Cybercriminals have created a prototype email that considers the possibility that the attachment and the link could lead to different places. This ensures better accuracy and avoids confusion for the recipient.

This is an example of a common scam created by cybercriminals. They send an email with an attachment named "attachment.zip," claiming it is a necessary software update. The email contains a link that seems to open the attachment but actually leads to a remote URL. It’s a sneaky tactic used to deceive unsuspecting users.

The Browser file archiver

There is a phishing kit called "file archiver in the browser" that uses ZIP domains to trick users into running malicious files. This attack makes fake WinRAR or Windows File Explorer windows appear in the browser, making it seem like the user is using actual software. Also, to make it even more convincing, the attackers are using a .zip domain. A security researcher recently discovered this phishing tactic.

With the toolkit, it is possible to create a fake WinRar window within the browser that appears to open a ZIP archive and show its contents when accessing a .zip domain. But, this can be used to deceive users.
In conclusion, threat actors may use this phishing toolkit to steal credentials and distribute malware.

What are .zip domain phishing risks?

Security researchers have warned that domains using the “.zip” top-level and similar domains increase the chances of exposing sensitive information due to accidental DNS or web requests. With the new .zip TLDs, internet browsers and messaging applications like Telegram recognize strings that end with .zip as URLs and automatically create hyperlinks.

It has been found that these domains are susceptible to abuse, as evidenced by Silent Push Labs. This cyber intelligence firm recently detected a phishing page at microsoft-office[.]zip. This page designed to steal Microsoft Account credentials.

Potential @Microsoft phishing page abusing the new .zip top-level domain

Hosted on 151.80.119[.]120 → AS16276 @as16276

IoCs:
microsoft-office[.]zip
microsoft-office365[.]zip#phishing pic.twitter.com/gDhZMobXZp

— Silent Push Labs (@silentpush_labs) May 13, 2023

There is a debate among developers, security researchers, and IT administrators regarding the recent developments. Some believe the concerns surrounding the ZIP and MOV top-level domains (TLDs) are unfounded. In contrast, others think these TLDs pose an avoidable risk in an already precarious online environment.

Recommendations

Be cautious of websites with a .zip Top-Level Domain (TLD), as they may contain harmful content.

• Monitor your company’s web traffic and observe any unusual activities related to .zip TLDs. Above all, keep a close eye on these activities to ensure the safety and security of your company’s online presence.
• To enhance protection against possible threats, it’s advisable to introduce email filters that target messages containing .zip TLDs in their content.
• Keep your antivirus software updated to ensure it’s working at its best against any new threats. Make sure to check for updates to stay protected regularly.
• It’s essential to stay informed about emerging threats to stay safe from potential dangers. Also, Regularly reading security bulletins and reports can help you avoid these threats.

The post Are .zip Domains Safe to Use and Visit? appeared first on Gridinsoft Blog.

Twitter Blue to X Phishing Emails

As Twitter’s global rebranding is not going as well as planned, scammers are taking advantage of it. For example, a Twitter user named @fluffypony recently received an email designed for Twitter Blue users. As a reminder, Twitter Blue is a checkmark that previously indicated that an account was verified. However, after the purchase of Twitter by the great strategist Elon Musk, it could be obtained by anyone for $8 a month. The email informs the user, “Twitter Blue seamlessly transforms into Stay Blue with X, your existing subscription is nearing its expiration and requires migration,” and prompts them to click the blue box labeled “Transition”. In addition, the email says that if the user fails to complete the migration, he risks losing his verified checkbox. As a result, he will have to reapply for it and re-subscribe. It’s worth noting that this phishing campaign is not targeted, and similar emails were received by Twitter users who are not tick owners.

Email details

Although the email is definitely phony, the attackers have gone to great lengths to make the scheme as effective as possible. First, the email comes from x.com and passes the Security Policy Framework (SPF), even though it comes from the Sendinblue (now known as Brevo) mailing list platform. This customer relationship management (CRM) company includes a mailing list platform that bypasses many spam filters, including those in Gmail. As mentioned above, the email contains a “Transition” link that, when clicked, opens a legitimate API authorization screen that asks you to log in and an app that looks like the official Twitter app. However, as @fluffypony writes, the post-authorization URL is null/complete, so it is not a valid Twitter application. In other words, authorizing the app will give attackers control over the victim’s Twitter account. Attackers will be able to access and update the profile and account settings and subscribe and unsubscribe to accounts. Cybercriminals can view, publish, and delete tweets from the account.

Mitigation

Suppose you are a victim of this phishing campaign. In that case, you can block the attackers from accessing your Twitter account by following the steps:

1. Go to Twitter Settings
2. Open Security and accounts access, then go to Apps and Sessions
3. Here, find the Connected Apps menu
4. There, revoke app authorization. This will terminate the authorization attempt from the phishing email.

Safety recommendations

Although, even if you are not affected by this phishing attack, you can check your authorized applications. Twitter is aware of this issue and is working to fix it. Anyway, the primary responsibility lies with the end user. We recommend that you take the following tips into consideration, which will help you avoid such scams in the future:

• Be careful with the emails you receive. Statistically, phishing is the most effective method of spreading malware. Only open it if you expect to receive an email from a specific company or organization.
• Carefully check the address of the site to which you are redirected. Please hover the mouse over the link or button, and the full address where the link leads will appear in the lower left corner. Do not follow the link if the site address differs from the correct one. (This method may not work if attackers use a URL Shortener).
• Never enter your personal information, such as logins and passwords, on sites you don’t know or doubt their legitimacy. Today, scammers have learned how to spoof legitimate sites. The presence of an SSL certificate on a phishing site is no surprise to anyone. Therefore, it is essential to be vigilant before entering any information on the site.
• Be careful with attachments and links. Legitimate organizations never ask via email to download and run a file. Instead, they ask you to download the file from the official website. Only open files or click on links if you are sure the sender is trustworthy.
• Use two-factor authentication for your online accounts. 2FA adds an extra layer of security by asking you to enter a code from your cell phone when you log in.
• Use antivirus software and keep it up to date. Sometimes a person can make a mistake and inadvertently download malware onto a device. In this case, an anti-malware solution will neutralize the threat before it deploys the payload.

The post Twitter Blue to X Phishing Breakout appeared first on Gridinsoft Blog.

Bed Bath and Beyond Scams Filled the Web

What can be more pleasant than getting a thing you wanted at a hefty discount? Such a wish of getting things practically for free is well known to scoundrels, and they never disdain using it.

To perform their dirty deeds, they establish websites that pretend to be places where the bankrupted company sells off the rest of its stock. This fails to pass even the most basic fact-checking, as the company used other ways to liquidate its inventory upon discontinuation. But this is not that clear to people who trip through such sites and see the things they wanted to buy – and with a huge discount.

Scammers Registered Dozens of Fake Bed Bath & Beyond Sell-off Sites

The websites I am talking about are mostly hosted on .shop domains. Scammers registered dozens of them, and despite being shut down after several weeks, they still bring the hackers enough profit to keep going. And the profit there is not measured in money sums: the sites aim at collecting personal data and sometimes even credit card information. All these things cost quite a pretty penny on the Darknet, particularly on its hacker forums. I managed to collect the list of sites involved in this scam campaign. Note – these are not all the pages that appear in this scam:

All these pages, despite having more or less relevant URLs, have a pretty much the same design. Apart from that, offers are the same as well: visitors can see goods typical for the Bed Bath & Beyond chain with up to 90% off. Upon the “checkout”, victims receive a form which asks them to drop personal details for delivery. That also looks familiar, but with one simple difference: the site does not have any goods in stock. It simply collects all you type in the form, and then shows you the “estimated delivery date” which will never actually happen. Usually, data these pages gather touches user home address, email, real name, phone number, and the like. And don’t even try to contact their “support” – you will never get a response, obviously.

Scams Aim At Banking Information

Some sites among ones I mentioned above went further in the categories of data they can collect. By asking for a prepayment for ordered goods, the site initiates a redirect to a phishing copy of the payment system page. It is not likely to take your money, as such operations are relatively easy to track for law enforcement. Instead, the form sends your card number, CVV code and expiration date – the full kit needed to stripe the card down. Once you’d try to perform the payment, the site will return an error, as it simply does not have any other options. Sure enough, carding is way less profitable now than it used to be, but is still possible – and still brings money to both data stealers and its “end users”.

How can I protect against Bed Bath & Beyond scams?

Fortunately, all such scams become obvious once you are attentive enough. First and foremost, check out the information from the company’s officials. Usually, when it comes to inventory sell-off, they notify about the way it will be done. But yes, after some time, third parties that were not mentioned in the initial message will come across these goods and will market them as well. So to distinguish the fraud from a genuine offer, you should perform an analysis of the exact website.

Do not believe the offers that are too good to be true. As expected, hackers will offer the best price possible – simply to attract customers. 70, 80, 90% – they sometimes go really crazy, though it does not always work in their favour. Such generous offers are most oftenly the signs of a scam. Even though these goods were already bought at a discount, no one will sell them below this cost, if they are sane.

Check the source of the page. Websites with shopping scams are often promoted via pop-up ads and dubious banners you can come across on some pages. In particular, adware often promotes such sites, for a small pay for each viewer. If you suspect or even witnessed such an unexpected appearance of the Bed Bath & Beyond scam website, close it as soon as possible and don’t even interact with it.

Use an anti-malware program with a network filter. To make your life much easier and minimise the chance of getting on a scam page, use a program that will prevent you from visiting such questionable places. Not all solutions can offer network protection – but GridinSoft Anti-Malware does. Consider trying it out, as it is not only about online security, but also exceptional malware protection capabilities.

The post Bed Bath & Beyond Shopping Scams appeared first on Gridinsoft Blog.

What is adware?

Adware is a short form of “advertising malware”, a term that says for itself. Its primary purpose is to flood your system with any possible advertisements. Considering that Grand Explorer comes as a desktop app, it is capable of spreading banners on all pages you open in any of your browser, and use system notifications for the same purpose. Additionally, a typical action of any adware is setting up a task in Task Scheduler to launch the browser. In it, malware will instantly open a page full of ads, or a paid banner of a certain service – most often a betting company or online casino.

As you can already see, it is quite an unpleasant thing to deal with. Grand Explorer has no difference with other adware examples, so you will experience all this nasty goo one by one. For powerful computers, it may not be a problem, while low-end computers may struggle to handle all this disaster. It is definitely suboptimal to have your workflow disrupted by such a miserable thing.

Is Grand Explorer dangerous?

There are a lot of controversial opinions on how dangerous the adware is. Some say it is just annoying, others rightly consider it quite dangerous because of the illicit banners it typically shows. My opinion is that adware uses you and your system to earn dirty money – and that is right enough to count it malicious. And when we remember that it can bring more troubles to your system, the grade of danger becomes even bigger.

Thing is, people are mostly prone to be ignorant towards dangers latched in ads. Banners may look innocently, or annoying – when they are unwanted, but only those who post them know what will really happen once you click one.

Illegal advertisements are issued by the same crooks as ones who handle Grand Explorer. No legit and well-known brand will use such a promotion method – because it equalises them with cybercriminals. Thus, only malignant stuff waits for you in adware-related banners. Phishing and online scam pages are probably the most widespread type of fraud you may face. Another side of the problem is unwanted programs or even full-fledged malware that is offered as something legit and urgently needed. “Critical security update” or “security plugin needed to access the site” – such things may pop-up out of the blue, and it may be challenging for inexperienced users to find out whether it is legit or not.

How did I get adware?

There is one way that adware typically exploits for propagation – software cracks. They are spread on third-party websites or torrent-trackers, and are released by low- to no-name users. The key trick of cracking is to disable the licence check mechanism, so one can use the program without paying for it. To monetise their effort, such handymen often opt for software bundling – and here adware comes into view. Consciously or not, they add one to the package, and you are getting infected without expecting any issues.

Another possible way for Grand Explorer spreading is intrusive banners you may see in the network. They may be placed by the site owner who tries to maximise profits, as well as pop out as the result of other adware activity. This or another way, it lures you to click the banner or follow its instructions, which most often guide you to install a third-party thing. The latter may be literally anything – and Grand Explorer is quite a peaceful option. Others, meanwhile, are spyware, stealers and coin miner trojans.

How to remove Grand Explorer malware?

Grand Explorer is relatively easy to remove manually, thanks to its attempts to look like a legit program. It adds itself to the list of apps installed in the system, and may be seen as “Grand Explorer 1.0.0.1”. Click with the right mouse button and choose “Uninstall” – and that’s it. However, it may not be a sole threat running in your system. To be sure that everything unwanted and malicious is wiped out, use GridinSoft Anti-Malware. It will surely find and remove all pests you may ever encounter.

The post Grand Explorer Software – Remove Malware & Repair System appeared first on Gridinsoft Blog.

Uncertain account activity

Scammers can get your credentials through phishing emails or scams that trick you into revealing your password. This can happen with social media accounts, email accounts, ride-hailing and food ordering apps, and even streaming services like Netflix. In addition to personal information, they can also access any stored credit card information associated with the account.

The most common sign here is seeing numerous messages and posts made, from your name without your will. In most cases, hackers who have possessed your account will try to conceal the crime by deleting the messages locally. However, not all messengers and social media support such a trick; publications are not possible to delete locally at all. Some of the side effects, like stealing personal data and banking info, may appear long after the initial case.

Problems with wire out transactions on investment platforms

One day, you may uncover that it is impossible to withdraw money from crypto investments. Investment fraud has been a major source of income for fraudsters, especially in the cryptocurrency market. They can create fake investment opportunities, promise high returns and convince victims to invest. However, when it comes time to withdraw their earnings, they may find that their account is frozen, their funds are gone, or the investment itself was fake from the start. This type of fraud can be difficult to recover from because cryptocurrencies are often unregulated and transactions are irreversible.

Scammers can create companies with convincing names and makeup success stories to make people believe that their product/scheme works. Sometimes they may even use well-known people in the cryptocurrency industry to further convince their victims. However, everything becomes clear at the moment when you try to get your money back. It is the clearest, and probably the most widespread symptom of investment scams. Sure, sometimes even legit companies have financial troubles and cannot fulfill all the wire-out requests of their clients. But you’d likely be warned if that is the case.

The inability to withdraw money for you may be served for different reasons. Softer cases imply offering you to hold on and take part in a very profitable deal you should not miss. Harder, however, may sometimes come up with asking you to prove your identity once again, prove that you are the real owner of the account, et cetera. Over these “security check-ups”, they will most definitely find something unmatching, that is enough to refuse the withdrawal.

Strange banking transactions

If fraudsters have your data and/or financial details, they can use them to commit payment scams – where stolen card details and/or cards stored in hijacked accounts are used without your knowledge. Alternatively, they may use your personal information to obtain new credit cards.

Fraudsters can also use stolen data to apply for a loan in their own name, but with the victim’s bank details. For example, a fraudster may use their own social security number or other personal details, but provide the victim’s address and account information. Not all banks may suspect this as fraud and therefore approve such a loan, transferring the funds to the fraudster’s account. Additionally, not all financial institutions require personal information such as address and name, and all they need are bank details.

The first sign that something is wrong with your bank account can be noticed by strange activity on the account, including “strange” debits. If the problem is with Automatic Payments (NAF), it may be more difficult to notice until you receive a letter or email notifying you of late payments.

Product that was not shipped

Internet fraud is a growing problem. Scammers often try to sell expensive goods online, usually at greatly reduced prices, in order to attract buyers. They create websites or social media accounts that offer products at fairly low prices, such as electronics, household appliances, branded clothing, jewelry, etc. It is the low price that appeals to potential victims.

When a buyer is ready to make a purchase, scammers typically assure them that the item is available, but payment must be made through instant payment apps such as Zelle, Venmo, and Cash App. These apps do not offer buyer protection, so once the money is transferred, it cannot be refunded.

After the payment is made, scammers either disappear and do not ship the item, or demand more money by inventing various reasons. For example, they may claim they accidentally provided the wrong payment details or that additional payment is required for shipping/insurance. If the buyer refuses to pay, scammers may begin to blackmail them by threatening to disclose their personal information, leaving the victim feeling trapped.

From love to fraud

A romance scam sounds better than it is. Unfortunately, in today’s world, fraudsters are ready for anything to extort money from a person. This is the type of scam that preys on people looking for love and communication online. At first, fraudsters create believable profiles on social networks or in special applications such as Tinder. They may spend weeks or even months building a relationship with the victim, sharing personal information, and creating a sense of trust and intimacy.

When the fraudster is sure that the victim is in love with him, he starts asking for small amounts at first. For example, top up a mobile phone account or pay a small fine. Then the amounts can grow, and the “reasons” to send money are more serious. For example, to treat a terrible illness of the mother, or to pay out loans.

Unfortunately, as soon as the victim sends the money, the scammer can disappear immediately. But in some cases, they may continue to contact the victim and demand more and more money, using threats or emotional manipulation to keep them on the hook.

The post 5 Signs That You’ve Fallen Victim to a Scam appeared first on Gridinsoft Blog.

Background of PDF Virus

First things first, so let’s see the definitions – just to be sure we have the same things. Under PDF viruses, people most commonly mean any kind of malicious payload embedded into a PDF file. Viruses as a malware type were one of the most massive ones in the mid-00s, which made their name a common noun for any malware. In years to come, viruses were pushed out from a scene with more advanced and self-sufficient malware. Spyware, stealers, dropper malware, and sometimes even ransomware – that’s what’s expected from infected PDFs.

Using legitimate files as a carrier to malicious things is more common for infection continuation rather than initial access. Hackers tend to use PDF (along with JPEG and PNG images) as a disguise for a data package needed to send new guidance to the malware. For users, the file will look like something legit or a nonsense item they got by mistake. Still, nothing stops hackers from using PDF files to spread viruses directly. Let’s check out the main causes of such an occasion.

PDF Virus: Technical details

I pointed out that PDFs can be used for malware distribution. However, they differ from, say, MS Office documents armed with infected macros. Key attack surfaces in PDF documents are related to JavaScript applets and reader applications. While JS is a pretty classic story, vulnerable readers are less common. These days, people tend to use web browsers as PDF readers – and OS use this setting by default. However, some users prefer stand-alone applications, which receive fewer updates, and may contain security vulnerabilities.

JScript

JavaScript, or JScript/JS for short, is a script programming language used massively in web applications and (obviously) scripting. It is overall used in cyberattacks as a way to leak information about the users or redirect them to another page. But having things that reside in the computer’s memory, it is possible to prepare a completely different treat.

Hackers embed a malicious JS script into the PDF file. By design, JS is attachable to PDF files to make their contents dynamic. That may be used when these documents are displaying the current instructions, but the latter depends on the weekday or other circumstances. However, a malicious instance of the JavaScript applet will run as soon as you open the file. If there is no antimalware software running in your system, the script will flawlessly run and download whatever the hacker asked it to.

Vulnerabilities in the reader application

PDF readers, as I mentioned before, are used less often these days. That actually works against them – seeing less popularity, developers tend to spend less time and effort on making them better. And they have enough things to change, as with time more and more vulnerabilities are getting uncovered.

The content needed to trigger the exploit and give the hackers what they need is commonly embedded in the document’s editable elements. They require your device to run the code that displays the corresponding information. Normally, the code executed in the document should remain in the specific execution environment, called the sandbox. Bypassing it, however, is not a big deal, and hackers are always ready to do that trick and start acting in a live system. Actually, the very essence of the exploitation is quite similar to JScript’s case: a part that stores the active content gets a malicious filling.

Malicious links in the text

Same as the previous two things, malicious links are also related to the active content. However, instead of relying on code execution, links try to trick the victim into sharing sensitive data. It is a classic example of phishing – but embedded into a PDF file instead of an email message. The key problem (for hackers) here is the fact it does not work automatically – the victim should click the link to make it run. Though after opening the link, it will most likely see a malicious copy of a login page of a website related to the PDF topic.

Risks of PDF Viruses

The risks related to PDF viruses mostly rely on what exactly is happening. When a malicious JScript runs, it most likely contacts the command server to retrieve the payload – i.e. act as a downloader. As an outcome, any kind of malicious program is possible. However, the most common types of malware, in that case, are spyware or stealers. Ransomware, vandal malware, APTs and other things are possible though, but there are no documented cases of these threats being spread in that way.

Vulnerabilities in the reader can be used to both deploy the initial payload and boost the existing one. Same as with JScript applets, they can be the source for any malware – everything depends on the choice of hackers. When it comes to boosting the already running payload, everything depends heavily on the type of a used exploit. Privileges escalation breaches may be used to make malware run; arbitrary code execution vulnerabilities can initiate the connection to a command server to get additional instructions.

Phishing threats are less likely to be related to malware infection. The key thing most phishing operations aim at is the victim’s personal information. The aforementioned malicious link will try to resemble a website you know, and will likely ask you to type login credentials or certain info about yourself. The reasons to follow the instructions will be mentioned in the PDF body.

How to avoid infected PDF files?

Preventive, and the most effective way to avoid facing malicious PDF files is to avoid interacting with questionable things at all. PDFs that contain viruses are unlikely to appear on official websites, genuine emails, and stuff like that. Strange emails sent by a stranger rather than a company, that ask you to open the attached file or a link to a third-party website – that is what you should look for and avoid. For both individuals and companies, being aware of what attacks to expect is essential.

Obviously, it may not be an easy task when you have to deal with dozens and hundreds of emails each day. That case requires a counteraction of another kind – reactive. If you cannot prevent a malicious file from making its way to your system, then it is vital to be able to stop one when it appears. There are several types of software solutions that suit that case.

Content Disarm and Reconstruction (or CDR) will fit organizations that have extensive networks. CDR solutions control the launched files and excise the active content which can be malicious. They may apply that blindly to all files, as well as have a detection system that distinguishes good from bad.

Anti-malware software is a more all-encompassing solution that can effectively detect and stop the execution of malicious code. PDF, however, is a bit troublesome, as some antivirus software considers it safe and ignores it completely. GridinSoft Anti-Malware is a different story – it offers a top protection rate against any kind of threats – even cunning things like a PDF virus.

The post Can PDFs Have Virus? Exploring the Risks of Downloading PDF Files appeared first on Gridinsoft Blog.