Fake ChatGPT Sites: From Money Scams to Malware

The wave of hype around the public release of ChatGPT attracted a lot of attention from people, though not all of them were able to use it right away. Folks from a lot of countries were hunting for access to the novice technology, and it was quite obvious that rascals would find the way to scam the rushing ones. This started the wave of malicious fake ChatGPT apps, which now evolved into more sophisticated and diverse frauds.

Let’s talk about the typical profile of such a scam. The webpage involved in a scam typically has a strange URL, which contains ChatGPT or OpenAI name, and is commonly registered on a cheap TLD – .online, .xyz or the like. The exact website is made exquisitely simple, with minimum details and only a few buttons to click on. And all the activity on the website boils down to 2 things: downloading a file or paying a certain sum of money that will never be seen again.

In some cases, frauds opt for spreading mobile malware under the guise of a genuine app from OpenAI. This was especially profitable before the official one was released, but such frauds still go even these days. In the best case scenario, they just charge a sum of money for a cheap shell over GPT 3.5 API, which is free. Worse situations include no functionality at all, chargeware activity of the app, or a spyware/infostealer hidden inside.

I will begin reviewing the examples of fake ChatGPT sites and apps that spread outright malware. However, there were a couple with a financial scam at the end – you will see them in the end.

Chat-gpt-pc[.]online

Probably, one of the earliest malicious fake ChatGPT sites, detected a year ago – in early February 2023. On a fairly nice designed site, frauds were offering to download a desktop client for the chat bot. For people who were not aware that the original Chat is available only on the OpenAI’s website, this was a seemingly legit offer. However, upon downloading and installing the supposed client, defrauded folks were infected with RedLine stealer. Most of the instances were promoted through Facebook ads and groups and, in some regions, via SEO poisoning.

Openai-pc-pro[.]online

One more malicious website, that copies the design of the original OpenAI page and effectively repeats the first one in our list. Aside from the same page design, it was offering to download the “desktop client” for the chat bot. As you may guess, the downloaded file contained malware, specifically Redline Stealer. Since both were promoted from the same Facebook group with ChatGPT-related naming, I suspect they belong to the same malware spreading campaign.

Chatgpt-go[.]online

A malicious website that copied the design of the original OpenAI page with ChatGPT dialogue box, but without the usual input prompt. Instead of the latter, there was a button labeled “TRY CHATGPT”, which led to malware downloading. Several other interactive elements across the site were also downloading the malware. For payloads from that site, I detected Lumma Stealer and several clipper malware samples. The main way of promotion this time was malicious Google Ads.

Pay[.]chatgptftw[.]com

A fake ChatGPT that contrasts three previous examples. Instead of malware spreading, one tries to gather users’ payment information. By mimicking a billing page that allegedly takes pay for accessing the technology, frauds collect the complete set of banking info, including usernames and email addresses. The promotion ways for such scams were the same – groups and ads on Facebook.

SuperGPT (Meterpreter inside)

The example of malware disguised as a SuperGPT Android app, which is a legit AI assistant derived from the original GPT model. It was rather obvious that scoundrels will take advantage of poor app moderation on GP in this case. The questions were about where and how the frauds will exploit it. On the surface, the app looks the same as the original one. Though, it in fact contains Meterpreter malware – a RAT/backdoor designed specifically for Android.

AI Chatbot

A recent semi-scam iOS program that looks like yet another ChatGPT-like application. Even though there is an official app, and people now are more aware of GPT 3.5 being free, this thing does its job pretty well. It is hard to call one an outright scam or malware, as people deliberately give up the money. But the pricing of $50 for accessing the 3.5 model, along with the rather limiting interface, makes it a rather junky program to use.

ChatGPT1

Another example of malware that targets Android devices, but this time, it falls under the designation of chargeware. This peculiar mobile-specific type of malware brings money to its devs by draining users’ mobile accounts and banking cards with covert subscription services. ChatGPT1 specifically does that by sending SMS messages to a premium number, each of them costing quite a penny.

How to Detect and Avoid Malicious Fake ChatGPT Apps?

Even though the brainchild of OpenAI has been around for over a year now, it is still a profitable topic for frauds. Promises to get access to a paid AI model for free or at a discount may sound attractive, but will inevitably have certain drawbacks. Such tricky services may range from a softcore swindle to outright malicious tricks. Here are a few tips to follow each time when you encounter an AI-related service.

If the offer is too good to be true, it is most likely not true. Who and what will ever offer paid AI models access at miserable prices? In legit cases, this still requires paying for the API access, and splitting the account may lead to lags and delays. But most of the time, frauds will take your money and give you a free/less expensive model, or nothing at all.

Be vigilant to the apps you download and install. A file from some shady site with a strange URL, that is allegedly a desktop ChatGPT version, just screams with red flags. Even if you encounter a seemingly legit offer, but on a strange domain or Google Play listing, be careful with the files they spread. Consider scanning such a download on our free Online Virus Scanner.

The post Malicious Fake ChatGPT Apps: 7 AI Malware Scams to Avoid appeared first on Gridinsoft Blog.

What is Windows Defender Security Warning?

Fake Windows Defender Security Warning (Microsoft Security Warning) is a malicious attempt to deceive users into believing their system is compromised or at risk. In reality, these warnings are part of a scam. Cybercriminals create deceptive pop-up notifications or messages that mimic the appearance and language of genuine Windows Defender alerts. These counterfeit warnings often use scare tactics.

Usually, such sites claim the presence of malware, viruses, or security breaches on the user’s system. They aim to trick users into taking immediate, unwarranted actions. It can be clicking on malicious links, downloading fraudulent software, or providing sensitive information like login credentials or credit card details.

What makes these fake warnings even more convincing is the abuse of Microsoft Azure services. In short, Microsoft Azure is a reputable cloud computing platform that provides tools and services for legitimate purposes, including hosting websites and applications. However, cybercriminals exploit Azure’s flexibility to host their malicious landing pages and phishing sites, thereby lending an air of legitimacy to their schemes.

By leveraging Azure, scammers can secure SSL certificates and create deceptive subdomains, making their fake security warnings appear more convincing. They use Azure to build seemingly genuine login forms and landing pages, often targeting users with Microsoft, Office 365, Outlook, or OneDrive accounts.

How Does This Scam Work?

There are two most common scenarios for this kind of scam, and we’re going to look at them now.

Fake Login Page

In the first common scenario, attackers launch spam email campaigns that appear to originate from a reputable organization. For example, these scammers do their best to trap victims by mimicking the official login pages for Microsoft, Office 365, Outlook, and OneDrive. More often than not, these pages are indistinguishable from the real thing. For example, they may have a Microsoft logo, the correct color schemes, and even a nearly identical URL. Many users may genuinely believe they are on a legitimate Microsoft page.

To make their attacks even more convincing, attackers use Transport Layer Security (TLS) certificates. These certificates encrypt data between a user and a website and often serve as an indicator of trust. In this case, the certificates issued by Microsoft Azure TLS Issuing CA 05 for the *.1.azurestaticapps.net domain make the fake pages indistinguishable from the real ones. Attackers go even further to make their phishing pages attractive to attack users of other platforms such as Rackspace, AOL, Yahoo, and other email services. In this case, the spoofing becomes particularly camouflaged thanks to legitimate Microsoft security certificates.

When users are trying to determine if a phishing attack is targeting them, they are usually advised to carefully check the URL in the browser bar when prompted to enter credentials. However, in the case of phishing campaigns abusing Azure Static Web Apps, this advice is meaningless, as the azurestaticapps.net subdomain and the presence of a valid TLS security certificate will fool many users.

Tech Support Scam

Fake Microsoft Technical Support Scam – involves a scheme in which attackers impersonate Microsoft representatives or certified technicians. Usually, this scheme starts with a phishing site that contains a fake Microsoft Security Warning. This leads to the victim calling the scammers, hoping to get help solving the “problem”. They may use a variety of techniques to gain the attention and trust of potential victims. But, sometimes, scammers call random users and claim that the user’s computer has serious problems, viruses, or security breaches and offer to help resolve them.

To “help” users, scammers may ask permission to control the computer remotely. If the user agrees, attackers gain full access to the system and can install malware or steal personal data. In addition, scammers often ask the user to provide personal information such as credit card numbers, passwords, addresses, and other sensitive information.

How To Avoid These Scams?

To avoid falling victim to phishing scams like the ones abusing Azure Static Web Apps, it’s essential to follow the next practices for online security and remain vigilant. Here are some steps you can take to protect yourself:

• Check URLs before entering data. You should check the URL in the address bar when you’re asked to enter your account credentials on a login page. Look for any unusual subdomains or misspellings that could indicate a phishing site. Ensure that the domain is the official one for the service you’re using.
• Be careful with suspicious emails. Please don’t click on links or download attachments from unsolicited or unexpected emails. Always verify the legitimacy of an email, even if it appears to come from a trusted source.
• Verify the Source. When you receive an email requesting sensitive information or actions, contact the supposed sender directly through official channels to verify the request’s authenticity.
• Use a Password Manager. Thus, you can create strong, unique passwords for your online accounts. This prevents a single compromised password from affecting multiple accounts.
• Enable Two-Factor Authentication. Whenever possible, enable 2FA for your online accounts. This adds another layer of security and requires a second form of verification, such as a temporary code sent to your phone.
• Educate Yourself. It is crucial to keep yourself updated on the latest phishing techniques and common scam tactics to stay informed and protected. Be vigilant and cautious while browsing the internet or dealing with suspicious emails or messages. The more you know, the better you can protect yourself.
• Use Security Software. We recommend installing reputable anti-malware solutions on your devices. It can help detect and block malicious websites and emails.
• Keep Software Updated. Keep your operating system, web browsers, and security software up-to-date. This ensures that any known vulnerabilities are fixed.

By following these precautions and maintaining a healthy level of skepticism, you can significantly reduce the risk of falling victim to phishing scams. Cybercriminals continuously adapt their tactics, so staying vigilant is essential to your online security.

The post What is Microsoft Security Warning Scam? appeared first on Gridinsoft Blog.

Professional Hacker Email Scam Overview

Despite being a distinctive kind of email spam, “Professional Hacker” still has some variations to it. Though, all of them have a text stating nearly the same thing: a hacker got into your computer and gathered a lot of sensitive information. If you do not pay the ransom – all this info will be published. Here are some common patterns the forms of this scam follow all as one.

Worrying Claims At The Very Beginning

The message starts with the subject like “Your personal data has leaked due to suspected harmful activities”. This serious yet threatening claim may already inflict fear and make the victim believe every word in the message body.

The body is not better either. Commonly, there are claims like “successfully managed to hack your operating system” and “gained full access to your account”. They are nonsense from the technical point of view, but look legitimate for people who are not aware of such details.

Fake Hacker Activities Description

Further in the message body, the hacker says that it was “monitoring all your activities and watching you for several months”. The crook claims it has installed various malware (trojan viruses) to your system. Interestingly enough, the spreading way they say about a lot is “adult sites”. While in the past such pages were really a threat, it is barely a thing these days. It is also unclear why there is so much attention to a single victim. The actions hacker boasts of may be done in a matter of days, if not hours. Thence, it is either about unprofessionalism or stalking.

Claims On Compromised Video Being Recorded

Another typical claim is about the video taken from the webcam. Not a regular one – hacker says about a recording of you being in pretty compromising situations. This is, actually, the culmination point of the scam letter. These rows say about the potential possession of highly compromising materials. In other words, this is what should force a victim to pay. It is particularly hard to prove or disprove this statement, though as the overall email has a lot of questionable takes, this one is not realistic either.

Explanation of Malware Invulnerability

To prove its proficiency, a hacker states that the malware it uses integrates at driver level, which makes it impossible to detect and remove. Well, this part is at least somewhat true – driver-level malware integration is a thing and it is done exactly to make both detection and removal much more complicated. But to perform such a trick, a hacker should either trick you into running the malware with high privileges, or escalate them through an exploit – which is not a trivial task.

Some crooks also mention “hourly updates” (each several hours, daily etc), which is, in turn, just a fiction. There are much less effort-intensive ways to avoid detection, so using such an ineffective trick is either a mark of an unskilled hacker or a liar.

Ransom Demands & Publishing Threats

Obviously, the outro of the scam email – ransom demands. “Professional Hacker” commonly asks for a ransom in Bitcoins, and sets a deadline of 48-72 hours. If the demand is dismissed, the hacker promises to publish all the gathered info and videos on your social media – as it “has full access to your accounts”.

The ransom sum varies depending on unknown factors, but most commonly the ask ranges from $1000 to $2000 in Bitcoin. Some messages do not tell the ransom amount and instead offer to negotiate the sum on the email.

Typical Professional Hacker Scam Email Example

As I said, there could be dozens of different text variations of this scam. Though, they differ just a bit, so I collected the most common ones.

Typical example of a sextortion email

Is “Professional Hacker” Email True?

No, it is just an attempt to make a scared user pay for deleting non-existent compromising materials. Sure, some of the things described in the email may happen. But the overall course of action is not how hackers normally work. Spending more than a month spying on a single victim is a thing in cyberattacks on large companies. However, doing so in attacks on home users is counter-productive.

There are a lot of things in the message that make me conclude it is a scam written by a low-profile scam actor. It may be aware of some typical tactics and practices that cybercriminals use. However, any of their attempts to describe them in detail uncover the complete incompetence of a subject. “Malware uses drivers” “Updating the signatures every four hours” – any tech-savvy guy will laugh his head off listening to such twaddle.

Social Engineering Tactics Used in “Professional Hacker” Email Scam

As you could have possibly supposed, Professional Hacker email scam is based purely on social engineering. There are mistakes in the technical description of a “hack“ that show low technical competence. Nonetheless, the psychological tricks scam actors are trying to use are quite clear and professional. Let’s have a look at each one.

Pretending to be a professional

First paragraph of a scam message starts with a claim about being a professional hacker. Most probably, a victim will not trust it from the start. But it changes as a victim sees details adult sites, trojan viruses and the like. All these tales make the target person believe the hacker who attacked them is really a professional one, and it is not a joke.

The scammers’ hope here is that the target individual don’t know a thing about how hackers operate. And let’s be honest – there are quite a lot of people who don’t. They will surely believe a scary story about month-long spying with an undetectable malware.

Privacy compromise notifications

Once the authority is gained with the tricks I described above, the hacker switches to scaring the victim. The first sprouts of this appear at the very beginning of an email message – in the message subject. Then, the rascal says that it possesses a whole bunch of compromising information – from dialogues in messengers to video from a webcam with the victim watching content on adult sites.

This may look like a silly show, but don’t forget – the victim believes it is a genuine hacker who has sent an email. Thus, it can enforce a genuine fear or even panic, especially when a blind take about compromising messagings or visits to adult sites was dead-on.

Threats of public humiliation & ransom demands

By appealing to the compromising info possessed and the overall access to the victim’s system, a hacker threatens to publish all the info to social media, using the victim’s accounts. Sure enough, a scared user will now be ready to do whatever the hacker asks to avoid this. And the task is quite obvious – a ransom you should pay off in Bitcoins. The scammer specifies the wallet in the message. Even in the cases where the message body does not mention the ransom at all, it still ends up there.

Inflicting urgency

Despite all the places in this message that may scare the victim, the key element that makes it pay is time sensitivity. Hackers inflict urgency of a payment by saying that the deadline for making a payment is 48-72 hours from the moment when it have sent the message. No payment = all your friends on social media will know about your dirty deeds. Well, they would not, but hacker’s role is make you believe that this will happen.

Scan Your System For Malware

Once you suspect that your system has some unwanted items in it, or see scam messages stating so, consider checking your system with a security tool. Despite what these wannabe-hackers say in the email, anti-malware programs are able to counteract spyware, trojan viruses and other malware. Sure enough, not each one can boast of top efficiency – a security program should feature most modern detection mechanisms. GridinSoft Anti-Malware can show you all the profits of such capabilities – consider trying it out.

The post “Professional Hacker” Email Scam Revealed & Explained appeared first on Gridinsoft Blog.

Most people don’t realize the risks of clicking links in text messages instead of receiving them as text messages. Most people also aren’t aware of the fact that their phones can receive text messages from any number on Earth. Have you ever encountered a “UPSPS package not delivered” notification? Attackers often make big bucks by sending SMS when trying to phish for sensitive information like credentials or financial data. To look more realistic, they usually choose a disguise of a familiar organization – like United States Parcel Service (USPS).

What is a USPS scam text ?

USPS scam text is one type of smishing in which scammers disguise themselves as the parcel service. This method of fraud involves unsolicited mobile text messages indicating that the delivery is waiting for your action, with an unrecognized web link to click on in the message body. Do not follow the link. This type of fraudulent campaign is a fraud called smishing. Below in this article, we provide some details about this USPS text message scam.

EXAMPLE of USPS scam text (USPS unable to deliver text):

USPS Currently Awaiting Package
Undeliverable as Addressed(UAA) Problem with Address
USPS Allows you to Redeliver your package to your address in case of delivery failure or any other case. Nowadays, users often come across scheduled delivery USPS text scams.
You can also track the package anytime, from shipment to delivery.

How Does the USPS Text Message Scam work?

The United States Postal Inspection Service (USPIS) warns people of an increased risk of smishing scams that use the US Postal Service as a facade. The USPS text fraud trick victims into downloading malware onto their phones or sharing personal information with the USPS package in the hopes of stealing victims’ identities or emptying bank accounts.

Soon after making a purchase online, the scammer obtains access to the victim’s device. They can then take advantage of the confusion caused by receiving a package quickly to collect personal information. This scam also works well on individuals who recently ordered a gift delivery.

How to report USPS related smishing:

If you have received USPS scam text, you can report it. To do USPS package-related smishing, email spam@uspis.gov.

• Сopy the body of the suspicious text message and paste it into a new email without clicking on the web link.
• Enter your name in the email, and also add a screenshot of the text message showing the sender’s phone number and the date sent.
• Include any relevant details in your email.
• The Postal Inspection Service will contact you for more details.

Complaints of non-USPS related smishing can also be sent to any of the following law enforcement partners of the U.S. Postal Inspection Service:

• The Federal Bureau of Investigation’s (FBI), Internet Crime Complaint Center (IC3)
• The Federal Trade Commission.

The Right Way to Arrange a Redelivery

The USPS text scam recently warned the public about a popular scam involving fake mail notifications. They provide instructions on how to report bogus text messages sent by scammers. The first step to protecting yourself from data harvesting is to always double-check that the official site your data is being delivered to matches the URL you see on the landing page. Be careful with the USPS text message hack.

This way, you’re sure to catch any mistakes before they occur. No matter the delivery service, always pay attention to the URL on the landing page and ensure it matches up with the official site you’re familiar with. Failing to do so can lead to them following up on your data later with no guarantee that they won’t reap your information if they make a mistake.

The post USPS Scam Text 2024: “Your Package Could Not Be Delivered” appeared first on Gridinsoft Blog.

Fake Windows Updates in Browser – What is That About?

Even the most novice Windows users have likely seen the Update section of Settings in Windows at least once. There all updates, including ones for Microsoft Defender, are displayed. This is the only place users can observe and control the patches installation, without any exception. The latter, however, is not that obvious, and hackers use it for their good.

Actually, that is not the first case when the topic of Windows Update is exploited. Since the release of Windows 10, when Microsoft started to offer the updates to their new OS in a pretty obsessive manner, numerous campaigns impersonating the infamous system notifications popped up. Users were tricked into clicking the “install button” that triggered the malware installation. Current case is almost the same, yet different in possible consequences.

Most often, tricks like fake Windows update banners/pages were aiming at installing malicious browser plugins, adware or unwanted programs. These three are unpleasant, yet not critical. In the case of the most recent campaign, victims receive Aurora stealer – a threat of a completely different grade.

What is an Aurora Stealer?

Aurora is a novice example of infostealer, emerging in early autumn 2022. First spreading way it used was noteworthy as well – malware exploited ads in Google Search to propagate itself. At that time, the campaign of malvertising in Google Ads was unexpected, and Aurora had a great start.

Itself, this malware appears to have some features that are worth having a peek. Immediately after the execution, Aurora checks not for the “classic” VM presence, but for the WINE environment. This toolkit for Linux allows to run most Windows programs, even when they are not ported to the *NIX platform in a proper way. Malware analysts appreciate WINE because of the ability to observe the malware behaviour and absence of any counteraction from malware – contrary to virtual machines and debugging tools.

When it comes to functionality, Aurora appears to be a classic example of infostealer that aims at in-browser data, session tokens, and crypto wallets as a desktop app and browser extensions. First of all, it gathers a small blob of system information to fingerprint it. System name, username, HWID, CPU, RAM, GPU, screen resolution and malware file location are accompanied by two sample-specific values (buildID and groupID) and are sent to the C2 server.

Data stealing

After the initial fingerprint, malware checks web browser files to locate SQLite databases with cookies, search history and login data. Having that done, it starts seeking for crypto wallets extensions by their extension ID. Overall, there are 100+ extensions it searches for. Furthermore, it starts checking the AppData/Roaming folder to see if there are any desktop crypto wallet apps. If ones are present, malware gathers the data from databases these wallets use to store credentials in.

Once Aurora is done with cryptowallets and stuff, it switches to session tokens and credentials for several popular applications. In particular, it aims for Steam and Discord – stealing their session token allows them to take over the user session. Telegram treats the user in a different way, thus malware simply tries to extract all the session-related data available. With FTP access utilities, malware works in a manner similar to web browser contents – it extracts sensitive data from databases located in the program folder.

Unusual Details

Extensive stealer capabilities are threatening, though not the most interesting detail of Aurora malware. First of all, the spreading campaign appears to be related to a row of URLs exploited to display the malignant banner. Some of them belong to the Russian domain name pool, and some contain obscene phrases in Russian in URLs.

Once the victim opens the site, it shows the banner that states about Windows Update and plays animation. Then, it asks to finish the update setup “by installing the critical Security Update” – a file downloaded when the “update” is at 95%. The request to update a third-party browser to finish the Windows patch sounds goofy, but for inexperienced users it may look normal. In fact, the “update” is an InvalidPrinter loader that acts as a precursor to Aurora. Though, it is not obliged to deliver only this one – other malware strains may appear as well.

How Did Fake Windows Update Page Appear?

Obviously, most of the users who witnessed or even fell victim to that scam will never visit these sites on their own. Moreover, they will likely fail to access them manually – they simply do not respond. That happens because such websites wait for the clients from adware – the specific kind of malware that shows unwanted and malicious promotions to its victims. This virus changes networking properties of a system, forcing it to connect to the mentioned site through a specific port.

Even away from the fake Windows update, adware is a pretty unpleasant thing. Showing spam-like ads is distracting and annoying, but when these promotions contain malicious content, things become dangerous. The case I described above is a perfect depiction. Additionally, adware-related banners commonly contain phishing links or downloading pages of unwanted programs. If you see the fake Windows update page, you’d likely see other signs of malware.

How to protect yourself?

The advice for counteracting fake Windows update pages, and particularly adware that causes it, consists of preventive and reactive measures.

To avoid being infected with adware, the best option is to avoid any dubious software sources. They always were and remain a widely used source of malware. Crooks add malware into the bundle with the initial app, or even spread one instead of the promised software. Using unlicensed software is illegal, and, as you can see, may end up with a chain of really bad consequences.

Use a proper security tool. Adware may be quite tricky to find and remove, especially one that masks as a legit app. Malware that can arrive during its activity is even more tough. For that reason, a really complex and high-quality solution is needed. GridinSoft Anti-Malware is what can help you with all purposes. It features frequent database updates that are very useful against adware, and heuristic detection – a silver bullet for spyware and other stealthy malware.

The post Fake Windows Update in Browser Deliver Aurora Stealer appeared first on Gridinsoft Blog.

Uncertain account activity

Scammers can get your credentials through phishing emails or scams that trick you into revealing your password. This can happen with social media accounts, email accounts, ride-hailing and food ordering apps, and even streaming services like Netflix. In addition to personal information, they can also access any stored credit card information associated with the account.

The most common sign here is seeing numerous messages and posts made, from your name without your will. In most cases, hackers who have possessed your account will try to conceal the crime by deleting the messages locally. However, not all messengers and social media support such a trick; publications are not possible to delete locally at all. Some of the side effects, like stealing personal data and banking info, may appear long after the initial case.

Problems with wire out transactions on investment platforms

One day, you may uncover that it is impossible to withdraw money from crypto investments. Investment fraud has been a major source of income for fraudsters, especially in the cryptocurrency market. They can create fake investment opportunities, promise high returns and convince victims to invest. However, when it comes time to withdraw their earnings, they may find that their account is frozen, their funds are gone, or the investment itself was fake from the start. This type of fraud can be difficult to recover from because cryptocurrencies are often unregulated and transactions are irreversible.

Scammers can create companies with convincing names and makeup success stories to make people believe that their product/scheme works. Sometimes they may even use well-known people in the cryptocurrency industry to further convince their victims. However, everything becomes clear at the moment when you try to get your money back. It is the clearest, and probably the most widespread symptom of investment scams. Sure, sometimes even legit companies have financial troubles and cannot fulfill all the wire-out requests of their clients. But you’d likely be warned if that is the case.

The inability to withdraw money for you may be served for different reasons. Softer cases imply offering you to hold on and take part in a very profitable deal you should not miss. Harder, however, may sometimes come up with asking you to prove your identity once again, prove that you are the real owner of the account, et cetera. Over these “security check-ups”, they will most definitely find something unmatching, that is enough to refuse the withdrawal.

Strange banking transactions

If fraudsters have your data and/or financial details, they can use them to commit payment scams – where stolen card details and/or cards stored in hijacked accounts are used without your knowledge. Alternatively, they may use your personal information to obtain new credit cards.

Fraudsters can also use stolen data to apply for a loan in their own name, but with the victim’s bank details. For example, a fraudster may use their own social security number or other personal details, but provide the victim’s address and account information. Not all banks may suspect this as fraud and therefore approve such a loan, transferring the funds to the fraudster’s account. Additionally, not all financial institutions require personal information such as address and name, and all they need are bank details.

The first sign that something is wrong with your bank account can be noticed by strange activity on the account, including “strange” debits. If the problem is with Automatic Payments (NAF), it may be more difficult to notice until you receive a letter or email notifying you of late payments.

Product that was not shipped

Internet fraud is a growing problem. Scammers often try to sell expensive goods online, usually at greatly reduced prices, in order to attract buyers. They create websites or social media accounts that offer products at fairly low prices, such as electronics, household appliances, branded clothing, jewelry, etc. It is the low price that appeals to potential victims.

When a buyer is ready to make a purchase, scammers typically assure them that the item is available, but payment must be made through instant payment apps such as Zelle, Venmo, and Cash App. These apps do not offer buyer protection, so once the money is transferred, it cannot be refunded.

After the payment is made, scammers either disappear and do not ship the item, or demand more money by inventing various reasons. For example, they may claim they accidentally provided the wrong payment details or that additional payment is required for shipping/insurance. If the buyer refuses to pay, scammers may begin to blackmail them by threatening to disclose their personal information, leaving the victim feeling trapped.

From love to fraud

A romance scam sounds better than it is. Unfortunately, in today’s world, fraudsters are ready for anything to extort money from a person. This is the type of scam that preys on people looking for love and communication online. At first, fraudsters create believable profiles on social networks or in special applications such as Tinder. They may spend weeks or even months building a relationship with the victim, sharing personal information, and creating a sense of trust and intimacy.

When the fraudster is sure that the victim is in love with him, he starts asking for small amounts at first. For example, top up a mobile phone account or pay a small fine. Then the amounts can grow, and the “reasons” to send money are more serious. For example, to treat a terrible illness of the mother, or to pay out loans.

Unfortunately, as soon as the victim sends the money, the scammer can disappear immediately. But in some cases, they may continue to contact the victim and demand more and more money, using threats or emotional manipulation to keep them on the hook.

The post 5 Signs That You’ve Fallen Victim to a Scam appeared first on Gridinsoft Blog.

The most common types of scams on Instagram

Since Instagram was founded, mobile scammers have devised many ways to scam users. From seemingly lucrative investment offers to fake job offers, scammers can try to carry out their dirty plans differently. Here are the most common and relevant scams on Instagram today that you should avoid:

Influencer scams

While many legitimate influencers on Instagram exist, not all influencers are the same. Some are fake accounts created to trick gullible users. Instagram influencer scams include accounts with fake followers and likes, racy profile pictures, and promoting investment opportunities or financial services. In some cases, it is possible that the account was once real but was hacked.

Yeah. I’m sure this Instagram account will really help me succeed financially. pic.twitter.com/QGZdlvazEC

— Gaetano (@gaetano_nyc) April 14, 2022

Phishing scams

Like classic phishing attacks, Instagram phishing scams come with a sense of urgency. You may receive an urgent direct message (DM) or email telling you to take action, or your Instagram account will be “suspended”. In such messages, scammers impersonate the official Instagram support account and try to convince users that your account is in danger. Such attacks are often accompanied by requests for personal information. This information may include your username and password and alerts that you need to check your account for “suspicious activity”. To avoid this, it’s critical that you keep all account information private from others. And remember, Instagram will never send you a message about your account.

Fake job scams

Unfortunately, many people lost their jobs during the pandemic. Fraudsters have tried to take advantage of the situation by promoting fake job postings on Instagram, and they’ve partly succeeded. Phony job scams often include messages from fake recruiters, links to artificial job applications, and requests for your personal information. However, once you give a so-called recruiter your confidential information, they can use it to steal your identity, emptying your financial accounts. In some cases, it has ended up taking over your Instagram profile.

Music promotion scams

This scam is much more specific and can apply almost exclusively to musicians. If you share music on Instagram, you may fall victim to music promotion scams. The music promotion scams usually start with DMs from fake music promotion accounts. If so, the scammers may ask for money in exchange for a promotional post, claiming they can help increase your music streams. Sometimes, these accounts have many subscribers, views, and likes. At first glance, it may seem like there are thousands of people listening to your music. However, these are often bot accounts. Hence these Instagram views will not lead to new listeners on streaming platforms.

Sponsorship scams

Fake sponsorship scams (sometimes called Instagram ambassador scams) on Instagram also use fake or hacked accounts. However, these accounts pretend to be legitimate brands instead of posing as an influencer. Similar to the previous points, signs of sponsorship scams start with DM from fake brand accounts, which often ask to pay them to advertise. They may also ask for your personal information and, in some cases, offer to be an ambassador. They may promise a free trip or discounted travel, such as for a private meeting or photoshoot. Such situations are often fake and are only used to steal your personal and financial information. All such contacts require a thorough analysis.

Lottery and giveaway scams

Another standard Instagram scam scheme is a fake lottery and giveaway. Typically, these scams are designed to steal your information by convincing you that you have won a prize or contest. First, they congratulate you in a direct message and tell you that you have won an award. Next, scammers ask for your personal information to send you a prize. Sometimes they ask you to follow a link that redirects you to an insecure website. Rascals sometimes hijack real accounts or pretend to be someone running a legitimate giveaway. That’s why it’s essential always to be careful and keep personal information private from someone you’re not sure about.

Crypto scams

These days, it’s almost impossible to be on the Internet without hearing about cryptocurrency. Unfortunately, scammers here also managed to take advantage of the situation to scam Instagram users. The main signs of a crypto scam on Instagram can be considered any DM from extraneous accounts is claiming they can make you rich. In doing so, they ask you for payment or personal information. The only thing that can happen to your investment if you contact such scammers is that you lose it.

Romance scams

Romance scams can make you and your account vulnerable to hackers. In addition, these scams can be frustrating, often causing emotional and financial pain. Here, too, it’s all classic, DM from a fake account, lengthy romantic communication, then requests for payment, gifts, etc. In such attacks, scammers use the most sophisticated lies and social engineering to manipulate you and extract your money and personal information.

Investment scams

Similar to crypto scams, many scammers target those looking for extra money. They will send DMs and offer investment opportunities, so it’s best to be wary of any cash exchange or get-rich-quick schemes. The red flags of this scam include DMs from people with luxury lifestyles and promises of wealth and financial success. In return, you will be asked for an initial investment, often using mobile payment apps. However, once the scammer gets your initial investment, you will never hear about him again, and he will continue to try to do so with others. Alternatively, the crook will convince you to make another investment, which is promised to cover the previous losses.

Fake product scams

And the most massive scheme is the counterfeit items and online shopping scams on Instagram. Such scammers often buy a promoted Instagram account with many followers, which makes them more convincing. The red flags of this scam are

• Fake products ads
• Heavily discounted prices compared to other stores
• Links to questionable sites
• Requests for personal information to complete the purchase

Not only that, once you’ve given the scammers your personal information, you could lose access to your Instagram account, could get a fake version of the product you ordered, or, even worse, they could steal your identity.

Paid subscription scams

Another scam you should look out for is paid subscription scams. Scammers may offer access to genuine subscription services at a reduced price in these scams. The red flags, in this case, are account advertising of a lifetime or discounted admission to subscription services, requests for payment and personal information, and links to fraudulent sites. Usually, these are popular subscription services such as Netflix, Spotify, or Xbox Live. Again, we recommend only subscribing to a subscription service on the official website.

Blackmail scams

Sometimes hackers can break into an Instagram account and try to blackmail you as a form of harassment or for financial gain. This is all accompanied by threats to reveal personal information and claims that the hacker has access to your files. However, the hacker may not even have any information he claims to have. These are common attempts to scare you into complying with their demands.

What to do if you were scammed on Instagram

To protect yourself and your Instagram account, follow these steps:

• Don’t reply or click on links. Whenever you receive fraudulent messages on Instagram, the best solution is not to respond or click on any links.
• Block the account. The scammer won’t trouble you if he realizes you won’t fall for his tricks. To block someone on Instagram, click on their profile, tap the three-dot icon in the top right corner of the screen and select “Block.”
• Report the account. Follow the same steps above, but select “Report” and follow the instructions on the screen to let Instagram know the specifics of the scam.

This way, you can protect yourself and help Instagram prevent fraud with these accounts.

How to avoid Instagram scams

To reduce the likelihood of fraud, follow these cybersecurity tips:

• Use common sense. So it is if you’re offered a deal that seems too good to be true. Always be cautious and use common sense when communicating with other Instagram users.
• Enable two-factor authentication. Using 2FA can help prevent outsiders from accessing your Instagram account, even if they gain access to your password.
• Look for the confirmation check mark. If someone texts you from an account claiming to be an influencer or brand account, look for the blue verification check mark next to their name. Luckily, anyone on Instagram can’t buy it for $8, and it’s probably a fraudulent account if there’s no checkmark.
• Don’t link your Instagram with third-party apps. In some cases, third-party apps may request access to your Instagram account. Before you say yes, research and ensure the app is legitimate, as some apps can collect and sell your data.
• Make your account private. If you set your Instagram account to private, then only approved users will be able to view your account. You can do this by clicking “Settings,” selecting “Privacy,” and then turning on the “Private Account” feature.
• Use strong passwords. If you don’t do this item, all others will go to waste. So to keep your Instagram account as secure as possible, it’s essential to use a strong password. This can help prevent scammers from hijacking your Instagram account through password spraying or other tactics.
• Never click on suspicious links. In many cases, Instagram scammers may try to direct you to a malicious website. To avoid this, only click links you’re sure about.
• Shop only from verified accounts. Since Instagram added the shopping feature, many companies have started advertising and selling products online. Unfortunately, scammers pretend to do the same. To be safe, buy only from verified accounts with a blue check mark.
• Use an antivirus app. You can install an antivirus app on your mobile device for an extra layer of protection. This will help protect your phone from mobile threats, including viruses, malware, and spyware.

By following these tips, you can browse Instagram without worrying about scams.

The post 12 Instagram Scams to Know and Avoid in 2023 appeared first on Gridinsoft Blog.

What is the TikTok Invisible Challenge?

Same as Instagram back in the previous decade, TikTok gives birth to numerous challenges. Invisible Challenge is just another example that touched tens of countries across the globe. It offers people to record a video using a new filter that removes the human body from the record, leaving only a transparent silhouette and clothes that were on the person. Such AI-based filters are not a new thing, but this challenge seemingly aims at propagating their usage. Not a bad practice on paper, but that created an unexpected problem.

Some users, particularly females, decided to undress on camera having this filter enabled. As the filter remains active, that’s no risk of revealing your naked body. But a certain number of viewers started thinking of reverting the filter effect to see the original – with no clothes and no filter. Despite the fact that it is not real unless you have access to the device that recorded this video, some cunning fellas offered a way to “unfilter” the video. And here is where the problems have started.

TikTok Invisible Challenge spreads malware

Most of the time, the handymen who offer to unfilter the video will share the link to a Discord server. This place is full of videos that look like the outcome of the filter removal utility. Hence, the unsuspecting user will likely believe that the ability to remove the filter is real. As I have mentioned before, it is possible only when you have access to the source video, which is present only on the author’s device. TikTok servers contain only the edited version of this video, where it is impossible to tear off the filter.

Therefore, we already figured out that the “Unfilter” utility is not real. If so, what goes under the guise of this tool? Numerous victims that followed the instructions from discord[.]gg/unfilter got WASP stealer on their device. This malware aims at credentials, cryptowallets information, banking data, and the like. The exact application was posted on GitHub, which for some reason is considered a reliable source with no chance to get malware. A bot in Discord additionally asked the channel participants to give a star (i.e. upvote) to the repository of a pseudo-utility. By the number of those stars – over 100 – we can estimate the number of victims. The exact Discord channel had over 700 followers and now is defunct.

Is WASP stealer dangerous?

Safe malware does not exist; it is an oxymoron. Stealers are not an exclusion, as they aim to steal a lot of users’ credentials, including financial ones. Most often, crooks pack the data they got into large databases and sell them on the Darknet. At that point, anyone can purchase it, and use it for their purposes. And as you can guess, Darknet is not a place that is famous for benevolent users. You can surely say goodbye to your savings in both crypto and bank accounts, as well as your accounts on social networks. That will not happen instantly, but this event is unavoidable if countermeasures are not taken.

If you suspect the infection with stealer malware, do the following steps:

• 1. Scan your computer with anti-malware software. It should be your first-and-foremost step since active malware can make all of the following actions useless. Stealers are not very easy to detect, hence you need an advanced solution that has both complex scanning systems and often updates. GridinSoft Anti-Malware fits both of these criteria.

• 2. Change all the passwords. Malware grabbed your current credentials, so it is quite obvious that changing your login information is vital to make its job useless. The sooner you do it, the fewer time hackers have to use your accounts and money.
• 3. Notify your friends and family about the threat. TikTok is a very popular social network, thus not only you but someone you know may also be at risk. The more people will be aware that Invisible Challenge filter reversion is not real – the fewer profit hackers will have.

However, stealers, as well as any other malware, is better to prevent before they will make their way to your device. Avoid any questionable things, especially when they contradict the very basis of how things work. Be also very skeptical about any software from unknown publishers you find online. Preventing the threat is always way easier, than dealing with its consequences.

The post TikTok Invisible Challenge Is Used to Spread Malware appeared first on Gridinsoft Blog.

What is a romance scam?

Romance scam artists create fake dating profiles on apps and websites or use popular social media platforms like Instagram and Facebook. They use these fake accounts to chat and talk with their victims multiple times a day. Once they’ve gained the victim’s trust, scammers create a story and ask for money. Reports to the Federal Trade Commission for romance scams rose by about 80% in 2020 compared to 2021. This led to an estimated 547 million dollar loss for scam victims in 2021. Paying romance scammers with gift cards was more expensive than other payment methods in 2021. The 2021 report also shows that cryptocurrency payments are the most expensive.

The ACCC states that Google Hangouts scams cost victims more than $640,000 every year. But scammers are constantly trying new scams and changing their tactics. For example, romance scam artists are using apps to lure people who aren’t actively looking for love. They also use blackmail and sugar daddies to steal money from victims.

The Lies Romance Scammers Tell

Romance scam liars tailor their stories based on what they think will work in each situation.

• Scammers say they can’t meet you in person. They can pose as an important person who works abroad, constantly traveling and working with very important organizations and companies.
• Scammers will ask you for money. Once the attacker has gained the victim’s trust, he will ask for money for some very urgent needs. For example, for the treatment of a family member, and the payment of a debt or an urgent back ticket. And the story will be very convincing, especially after a couple of weeks of chatting. In addition to everything, scammers can promise you a return of this money in cryptocurrency to interest you as much as possible.
• Scammers will tell you how to pay. All scammers, not just love scammers, want to get your money fast. The way they want your money makes it very difficult for you to get it back. They’ll tell you to transfer money via a company like Western Union or MoneyGram, put the money on a gift card (like Google Play, Amazon, iTunes, or Steam) and give them a PIN, send money via a money transfer app, or a cryptocurrency transfer.

How to Avoid Losing Money to a Romance Scammer

Bottom line: never send money or gifts to a loved one you haven’t met. If you suspect a love scam:

• Immediately cut ties with this person. If you suspect the person you have a romantic chat with tries to scam you, there’s no reason to keep talking to it. Moreover, there is nothing you can probably hear from the scammer – other than attempts to make you pay.
• Talk to someone you trust. Are your friends or family members saying they are worried about your new relationship? And what do they think about trusting this person with your money?
• Do an online search for the person’s job type and the word “con artist.” Has anyone else posted a similar story? For example, search for “oil rig scammer” or “US Army scammer.”
• Perform a reverse image search on the person’s profile picture. Is it associated with a different name or details that don’t match? These are all signs of a scam. Crooks may have a poor imagination and use the same, unedited picture for different scam avatars.

How to Report a Romance Scam?

Contact the company or bank that issued your card or payment method as soon as possible. Explain to them that you paid a romance scam actor and ask them to refund your money. You should report any suspected fraud to the FTC. Tell the social media site or app you met the scammer through too.

The post Online Dating Scams: How to Avoid Romance Scam appeared first on Gridinsoft Blog.

How Do Scams Work?

Fraudsters use various methods to trick people into giving away their sensitive information or financial details, or straightly spending money for non-existent items. They create fake websites or online stores that look like legitimate businesses, use stolen logos, product descriptions, and images. All this is needed to make victims believe they’re dealing with a genuine website.

To attract people to their scam pages, frauds commonly opt for ads on social media and email spam messages. The former usually promises some unbelievable discounts for all who enter the promo code from the ad; so do the emails, with a difference of being more personalized. The latter is achieved through copying the style of genuine shops, which may once again convince the user about the legitimate status.

Common “Black Friday” Scams

Unfortunately, shopping is also a playground for scammers looking to spoil the fun. Let’s take a look at some scams you might encounter during this shopping festival:

Fake Websites

Imagine you’re excitedly browsing for Black Friday deals, and you come across what seems like an amazing offer. The catch? The website you land on looks exactly like the real deal, but it’s actually a cleverly crafted fake. These cyber tricksters put in serious effort to make these sites look legit. The logos, the layout – everything screams authenticity. They offer jaw-dropping discounts that make you think you’ve hit the jackpot. However, behind the scenes, there’s a dark agenda. When you decide to make a purchase on these fake sites, you’re not just getting a knockoff product. You’re also handing over your personal info – things like your account details. It’s like stepping into a digital trap.

We found examples of phishing sites that contain similar registered information and look similar to each other:

• www.dollsaleshop.com
• www.oyepackaging.com
• www.onlinepills.su
• www.cluwex.com

Payment Scams

When working with victims through legitimate pages, con artists often try to avoid any possible refunds and responsibilities. This may be done by convincing you to pay outside of an official website payment system. Rascals offer discounts or incentives if you pay via PayPal, Venmo, CashApp or even in crypto. However, paying that way makes them free to cheat on your item. The buyer protection mechanism does not cover the deals where payments were done through a third-party system. Sure enough, you can report them to the support team, but they will likely scam another dozen people before their account will be deleted.

Delivery and Shipping Scams

And now, finally, you’re eagerly waiting for your Black Friday purchases, and suddenly you find out that scammers are playing dirty tricks in the delivery and shipping game.

Scammers often use the deceptive tactic of sending fake delivery notifications that appear to be from popular delivery services such as FedEx, UPS, or the U.S. Postal Service (USPS). These scams are typically sent via text messages and contain a link to a fake website that claims to resolve a shipping issue. In reality, the website tricks the user into providing personal information or paying a fake fee or tax.

Another example that’s been causing headaches is a campaign using something called AgentTesla malware. They send you emails, talking about orders and shipments with subjects like “shipping documents.gz.” Then in those attachments are nasty surprises that can mess with your system.

In October 2023, researchers discovered a 13% spike in sneaky files linked to orders and delivery compared to the previous year. It’s like these cyber adversaries are stepping up their game, making it crucial for us to be extra cautious and beef up our online defenses.

How To Identify The Scam

• Thoroughly check emails for grammatical errors, unclear terminology, or signs of machine translation to ensure accuracy. Phishers often use domains that have minor spelling errors or appear to be legitimate.
• Never trust offers that are too good to be true. Most of the time, they are not, and all these offers aim is to make you pay for a non-existent item or one of subpar quality.
• When assessing a message for scam potential, look out for a sense of urgency or desperation, as well as depersonalized appeals (using “Dear user” instead of your username).
• Be careful when opening unexpected emails. It’s suspicious to receive discounts for items you’ve never shown interest in from sites you’ve never been to. Verify information through legitimate websites, and try to find more info regarding the offer from that particular site.
• Beware of URL phishing attacks that trick you into clicking on a malicious link. To protect yourself, hover over links in emails to verify their destination. Avoid clicking on links. Instead, go directly to the company’s website and navigate to the relevant page.

How To Prevent “Black Friday” Scams

To ensure a secure and enjoyable shopping experience, consider the following preventive measures. If someone claims to be a representative of a brand and you’re uncertain, take the extra step to call the company directly and verify their identity. Always scrutinize the sender’s email address; legitimate brand communications typically come from official domains, not suspicious webmail addresses. Opt for well-known online retailers with a proven track record of trustworthiness. Ensure the website address begins with “https://“ for a secure connection, and be cautious of sites with misspellings or unusual domain names. Resist the temptation to click on links in unsolicited emails or pop-up ads. Instead, manually type the retailer’s official URL into your browser to access their site directly. When dealing with delivery-related emails, verify tracking information on the retailer’s official website. Avoid clicking on links or downloading attachments from the email itself.

Keep yourself informed about the latest scam tactics; awareness serves as a robust defense against cyber threats. Share this knowledge with friends and family to collectively enhance awareness and vigilance. It’s a community effort in staying one step ahead of potential scams.

The post Black Friday Scams: Ways to Detect & Avoid Shopping Frauds appeared first on Gridinsoft Blog.