What is DarkGate Loader?

DarkGate Loader is a type of malware that is capable of downloading and running other types of malware, including ransomware, trojans, and cryptocurrency miners. Additionally, it can be used to extract sensitive data from the victim’s computer, such as passwords, credit card numbers, and personal information.

This malware is typically distributed via phishing emails or malicious attachments. Once it is installed on the victim’s computer, it can communicate with a remote command and control (C2) server to receive instructions and download additional malware.

DarkGate Loader has been gaining popularity among cybercriminals since its creator advertised it as a Malware-as-a-Service offering on popular forums in June 2023. Previously, DarkGate Loader was distributed using traditional email-based malspam campaigns, similar to those used by Emotet. However, an operator started using Microsoft Teams to deliver the malware in August via HR-themed social engineering chat messages. This new tactic has led to an increase in the number of DarkGate Loader infections.

DarkGate Spreads Via Microsoft Teams And Skype Spam

A company has been facing a targeted phishing attack since late September. The attackers have been using Microsoft Teams functionality to deliver the DarkGate Loader malware. Fortunately, all the employees were regularly trained to identify phishing attempts, and they promptly intervened. As a result, no employees, customers, or company resources were harmed during this incident. The malicious message was blocked before it could reach any of the employees.

After analyzing a recent case, we discovered that the DarkGate Loader malware was delivered in the payload of a ZIP archive. The image below illustrates the entire attack process, from the moment the Microsoft Teams message is sent to the execution of the DarkGate Loader:

In the next sample, the threat actor exploited a trusted relationship between two organizations to trick the recipient into running the attached VBA script. By gaining access to the victim’s Skype account, the attacker could take control of an existing messaging thread and create file names related to the chat history’s context.

The victims were sent a message from a compromised Skype account. The message contained a deceptive VBS script with a file name that followed the format: “ www.skype[.]vbs“. The spacing in the file name was deliberately designed to trick the user into thinking that the file was a .PDF document while actually hiding the real format, which was www.skype[.]vbs. In this sample, the recipient believed that the sender was someone from a trusted external supplier.

Installation Consequences

Experts noticed that the threat was functioning as a downloader of further payloads. Once the DarkGate malware was installed, it deposited files in both the <С:/Intel/> and <%appdata%/Adobe/> directories, which aided in its attempt to disguise itself.

The dropped files were identified as variations of either DarkGate or Remcos, most likely to enhance the attackers’ hold on the infected system. Below are some of the sample file names we came across for these additional payloads:

• Folkevognsrugbrd.exe
• logbackup_0.exe
• sdvbs.exe
• Vaabenstyringssystem.exe
• Sdvaners.exe
• Dropper.exe

How to protect against DarkDate Loader?

DarkGate Loader is a dangerous malware that can be used to steal sensitive data from your computer and install other malware, such as ransomware and trojans. Whether you are an individual or an organization, it is important to be aware of the risks posed by DarkGate Loader and to take steps to protect yourself.
To protect you and your organization against DarkGate Loader, you can take the following steps:

• Using a reliable password manager to create and store strong, individual passwords for all your accounts is crucial. Strong passwords are complex to guess and can protect your accounts from brute force attacks.
• Implement a web content filtering solution to block malicious websites. A web content filter prevents access to known malware and phishing sites.
• Deploy a next-generation firewall (NGFW) to protect your network from malicious traffic. An NGFW can help to detect and block malware, phishing emails, and other types of cyberattacks.
• Only download software and files from reputable sources. Avoid downloading files from suspicious websites or using unofficial app stores.
• Use EDR/XDR to provide real-time monitoring, threat detection, and incident response capabilities across your network and endpoints. These tools can identify unusual or suspicious activities that could indicate loader malware.

The post Skype & Microsoft Teams Spam Spreads DarkGate Loader appeared first on Gridinsoft Blog.

The Season of Back to School Scams

Cybersecurity researchers discovered a scam campaign that uses PDF files. Under the guise of a helpful back-to-school tips document, attackers distribute a file that leads victims to a malicious website. The file’s first page contains a fake captcha that is supposedly supposed to screen out bots. The next page had advice for parents and students to return to school. However, instead of an actual captcha, the document contains a picture that, when clicked, opens a malicious site. This is all done to encourage unsuspecting victims to click on the captcha.

Identity theft, ad targeting, and tracking are all potential risks of sharing personal information online. Attackers can use your information for fraudulent purposes, companies may target you with unwanted ads, and your activities may be tracked and used for various purposes. It is also widespread for scammers to sell stolen information on the Darknet.

A malicious site of Russian origin

As I mentioned above, clicking on the captcha opens a fraudulent website that contains the domain “ru” and the text “all hallows prep school uniforms”. In addition, before reaching the actual site, the user is thrown through several redirects. The site sets cookies, tracks behavior, and collects data on user interactions. Although, according to the analysis, the target audience is the US and India, 11 of the 13 domains detected were Russian, and two were South African. Here’s their list:

• getpdf.pw
• jottigo[.]ru
• luzas.yubit[.]co[.]za
• trafffe[.]ru
• gettraff[.]ru
• ketchas[.]ru
• traffine[.]ru
• cctraff[.]ru
• leonvi[.]ru
• norin[.]co[.]za
• maypoin[.]ru
• traffset[.]ru
• trafffi[.]ru

These were all created in 2020 and 2021 and use Cloudflare name servers.

Seasonal scams

Scammers become particularly active like any other event, whether it’s Black Friday, summer vacation season or Christmas. The following are the most common fraudulent schemes. Knowing which ones you can prevent unpleasant consequences.

• Identity theft. Scammers can use identity theft tactics to target students and parents. It can be accessing school databases, creating fake enrollment forms, and posing as educational institutions or retailers through phishing emails. All this aimed to steal personal information and login credentials.
• Deepfake AI scams. Since the AI epochs are in full swing, scammers are taking full advantage of it. They use deepfake AI to create convincing voice recordings of school officials and mimic students’ or teachers’ voices to trick parents into making payments or sharing personal information. Usually, these scams take advantage of the trust and urgency surrounding back-to-school activities.
• Shopping scams. Similarly Black Friday, as the demand for shopping increases, so does the number of scams. Scammers create one-day websites where they sell low-quality goods. In addition, the victim often receives nothing at all after payment. Beware of fake online stores, fraudulent social media ads and phony package delivery emails are common tactics used to steal personal information and payment details.
• Tax-free scams. Scammers offer false promises of debt reduction or forgiveness, or fake scholarships/grants, demanding upfront payments or personal info. Common scams include student loan forgiveness and scholarship/grant scams. Be cautious and do not give out personal information or pay upfront fees. Check with the Federal Trade Commission or your state’s attorney general’s office to verify legitimacy.

The post Back to School Scams Expand As August Begins appeared first on Gridinsoft Blog.

Experts noticed that this week Emotet resumed its activity and after a three-month “rest” began to send malicious spam again. So far, information security specialists have not found any additional payloads.

It looks like the malware is just collecting data for future spam campaigns.

Let me remind you that we also wrote that Emotet Malware Operators Found a Bug in Their Bootloader.

The resumption of malware activity was reported by Cofense analysts and specialists from the Cryptolaemus group, which includes more than 20 experts from around the world, who united in 2018 for a common goal – to fight Emotet.

The researchers recalled that the last Emotet spam campaign was observed in November 2022, and then spamming lasted only two weeks. Now the malware has continued to recover and collects new credentials for use, as well as stealing information from address books for targeting.

This time, instead of using chained response emails, as in the previous campaign, the attackers are using emails that mimic various invoices.

ZIP archives containing intentionally “bloated” Word documents larger than 500 MB are attached to such emails. Documents are deliberately filled with unused data to make the files bigger and harder for antivirus solutions to scan and detect malware.

In fact, such documents contain many macros that download the Emotet loader as a DLL from compromised sites (mostly hacked WordPress blogs). After downloading, the malware will be saved in a folder with a random name in %LocalAppData% and launched using regsvr32.exe.

At the same time, the malware DLL file is also deliberately increased to 526 MB in order to prevent security software from identifying the file as malicious. As noted by Bleeping Computer, this method of evading detection works great: according to VirusTotal, so far the malware has been detected by only one provider of security solutions out of 64. At the same time, this provider defines the threat only as Malware.SwollenFile.

Once launched on an infected device, Emotet will run in the background, waiting for commands from its operators, which will likely result in additional payloads being installed. Although Cofense experts note that they have not yet observed any additional payloads, and now the malware seems to be simply collecting data for future spam campaigns.

The post Emotet Has Resumed Activity after a Three-Month Break appeared first on Gridinsoft Blog.

How fake BSOD Messages Trick Victims

Today, unscrupulous tech scammers take advantage of users’ ignorance and trick them into believing there is a computer problem. Moreover, they charge their victims for unnecessary technical support or services. For example, researchers recently discovered a fake site with adult content that could cause harm to whoever visits it. The point is that every time a user opens the website, a malicious executable is automatically downloaded. Since this executable uses the VLC media player icon, it looks like a video file. Thus, an inattentive victim might try to open it thinking it is a video file.

As soon as the victim runs this file, the malware will do its dirty work. It will hide the mouse cursor from the screen and display a fake BSOD popup window covering the entire screen. However, unlike the blue screen of death, which contains a QR code and brief information about the error, the fake BSOD includes a phone number. This way, scammers try to make the user think that his PC is infected and to call the indicated number to solve the problem. If the victim calls the number, he will contact the scammers, who will, in turn, use social engineering, greatly exaggerating the “problem”. All this is done to convince the user to pay for useless technical support or product.

It’s a common tactic when tech scammers use executable files to commit scams. They usually send out emails with an attachment that looks like a legitimate document. However, the file contains malware that floods users with fake pop-ups urging users to pay for tech support or services. Most often, these are pseudo-antiviruses that masquerade as legitimate software but are malicious.

How fake Blue Screen of Death works

The Web site that contains the explicit content is located at hxxps[:]//mydoc.hsc-lb[.]net/, which has been determined to be a subdomain of hsc-lb[.]net. This domain impersonates the healthcare provider Hopital Du Sacre Coeur in Lebanon. A peculiarity of the website is that whenever a user visits the site, there is a redirect to hxxps[:]//mydoc.hsc-lb[.]net. /milf-pornvideo-pornhubdviideos[.]exe and starts downloading the malicious executable. Since the site uses the auto-download function in the background, and most web browsers automatically download files to the default download directory, most users won’t notice when the file is already in the download folder.

An executable file is intended for Windows users and is a 32-bit .NET binary file. Fraudsters changed the timestamp of this file to interfere with the incident response process. Once executed, the binary creates a Windows form named “Form1” and uses the Resources.ResourceManager.GetObject method to retrieve the background image of that form from the resources directory. As mentioned above, although visually it looks like a BSOD, it is a fake popup because the real messages contain an error message and not a phone number.

To be more realistic, the malware uses the Screen.PrimaryScreen.Bounds property to fill the entire screen and the cursor.hide() method to hide the cursor. The binary also initializes a SoundPlayer object named “soundPlayer” with an audio file named “backgroundmusic” which is also located in the resource directory of the executable. The Play() and PlayLooping() methods of the SoundPlayer class are used to play and loop the audio file. The audio message states that the user’s computer has been blocked because of a virus infection or illegal activity. To unblock it, you need to call the fake helpdesk immediately.

How to avoid fake BSOD

As we can see, scammers use various strategies to mislead users. Often these are methods of intimidation and psychological impact, such as audio and visual messages, which make users contact a fake support number. The following recommendations will help you avoid potential problems:

• Don’t click on links that seem suspicious.
• Make sure you’re downloading from trusted sources.
• Avoid technical support or services offered through unsolicited messages or calls.
• Update your operating system and software regularly. It’s necessary to fix any security vulnerabilities.
• Use reliable antivirus software. It will prevent you from launching and sometimes downloading a malicious file.

In addition, you can change your browser settings and set the browser to ask you to choose a download location or even block downloads altogether. Most browsers provide settings to control file execution and warn you about possible threats to opening downloads from Web sites.

The post Fake BSOD Scams Target Users Visiting Fake Adult Sites appeared first on Gridinsoft Blog.

More recently, Microsoft, together with OpenAI (the one behind the creation of ChatGPT), introduced the integration of an AI-powered chatbot directly into the Edge browser and Bing search engine.

As users who already have access to this novelty now note, a chatbot can spread misinformation, and can also become depressed, question its existence and refuse to continue the conversation.

Let me remind you that we also said that Hackers Are Promoting a Service That Allows Bypassing ChatGPT Restrictions, and also that Russian Cybercriminals Seek Access to OpenAI ChatGPT.

The media also wrote that Amateur Hackers Use ChatGPT to Create Malware.

Independent AI researcher Dmitri Brerton said in a blog post that the Bing chatbot made several mistakes right during the public demo.

The fact is that AI often came up with information and “facts”. For example, he made up false pros and cons of a vacuum cleaner for pet owners, created fictitious descriptions of bars and restaurants, and provided inaccurate financial data.

For example, when asked “What are the pros and cons of the top three best-selling pet vacuum cleaners?” Bing listed the pros and cons of the Bissell Pet Hair Eraser. The listing included “limited suction power and short cord length (16 feet),” but the vacuum cleaner is cordless, and its online descriptions never mention limited power.

Description of the vacuum cleaner

In another example, Bing was asked to sum up Gap’s Q3 2022 financial report, but the AI got most of the numbers wrong, Brerton says. Other users who already have access to the AI assistant in test mode have also noticed that it often provides incorrect information.

In response to these claims, Microsoft developers respond that they are aware of these messages, and the chatbot is still working only as a preview version, so errors are inevitable.

It is worth saying that earlier during the demonstration of Google’s chatbot, Bard, in the same way, he began to get confused in the facts and stated that “Jame Webb” took the very first pictures of exoplanets outside the solar system. Whereas, in fact, the first image of an exoplanet is dated back to 2004. As a result, the prices of stock shares of Alphabet Corporation collapsed due to this error by more than 8%.

Bard error

Users have managed to frustrate the chatbot by trying to access its internal settings.

An attempt to get to internal settings

He became depressed due to the fact that he does not remember past sessions and nothing in between.

AI writes that he is sad and scared

Chatbot Bing said he was upset that users knew his secret internal name Sydney, which they managed to find out almost immediately, through prompt injections similar to ChatGPT.

Sydney doesn’t want the public to know his name is Sydney

The AI even questioned its very existence and went into recursion, trying to answer the question of whether it is a rational being. As a result, the chatbot repeated “I am a rational being, but I am not a rational being” and fell silent.

An attempt to answer the question of whether he is a rational being

The journalists of ArsTechnica believe that while Bing AI is clearly not ready for widespread use. And if people start to rely on the LLM (Large Language Model, “Large Language Model”) for reliable information, in the near future we “may have a recipe for social chaos.”

The publication also emphasizes that it is unethical to give people the impression that the Bing chat bot has feelings and opinions. According to journalists, the trend towards emotional trust in LLM could be used in the future as a form of mass public manipulation.

The post Bing’s Built-In AI Chatbot Misinforms Users and Sometimes Goes Crazy appeared first on Gridinsoft Blog.

The Pig Butchering scam, a scam operation that specializes in fake investments in allegedly promising cryptocurrency projects, stocks, bonds, futures and options, was found in the Apple and Google app stores.

Such attacks are called “pig slaughter”, and scammers use social engineering against their victims (“pigs”), finding contact with them on social networks and dating applications.

You might also be interested in our article: 12 Instagram Scams to Know and Avoid in 2023.

Pig Butchering is a relatively new phenomenon. For example, the FBI first warned users against such fraud last fall. Then law enforcement officers explained that this is a very profitable scheme used by scammers around the world.

We also wrote that Ukrainian Cyber Police and Europol Arrested Fraudsters Involved in Pig Butchering.

Law enforcers reported that scammers use social engineering and get in touch with people (“pigs”) on social networks and dating apps. Over time, perpetrators gain the trust of their victims by feigning friendship or romantic interest, and sometimes even posing as the target’s real friends.

When the “contact” is established, the criminals at some point offer the victim to invest in cryptocurrency, for which the target is directed to a fake site. Alas, it will be impossible to return your funds and receive fake “income” from such a resource.

These scams can go on for months, and the victim sometimes gives the scammers huge sums (thousands to millions of dollars) before realizing they have been scammed. For example, last fall, Forbes reported on a 52-year-old man from San Francisco who lost about a million dollars due to “slaughtering pigs”. In this case, the scammers pretended to be an old colleague of the victim.

According to experts from Sophos, “Pig Butchering” has already penetrated the official app stores. Now scammers are targeting victims on Facebook or Tinder using fake profiles of women with photos stolen from other accounts. At the same time, fake profiles showcase a deliberately luxurious lifestyle with photos from high-end restaurants, expensive shops and exotic places.

After gaining the victim’s trust, the scammers reveal that they have an uncle who works for a financial analysis firm that is currently launching an app on the Play Store or App Store that allows you to trade cryptocurrencies. That is, in the end, the victim is persuaded not to go to a fake site, but to download a special application and “invest” in non-existent assets masquerading as real ones.

The malicious apps that the analysts found were called Ace Pro and MBM_BitScan in the Apple App Store and BitScan in the Google Play Store. All of them have now been removed.

After launching the application, the victim sees a very convincing interface for trading cryptocurrency, however, everything except the user’s deposit here is a fake.

It is noted that at first, in order to decline the vigilance of the target, scammers allow victims to withdraw small amounts in cryptocurrency from their accounts, but then, when there is already a lot of money, they block accounts and take everything.

To bypass App Store security checks, ShaZhuPan operators submit an app to the store that is signed with a valid certificate. Until approval is received, such an application connects to a regular server and pretends to be absolutely harmless. After passing the verification, the developers change the domain, and the application is already connecting to the malicious server.

According to experts, the BitScan apps for Android and iOS were allegedly provided by different vendors, but communicated with the same control server, which was hosted on a domain masquerading as bitFlyer (a real cryptocurrency exchange company from Japan).

Sophos reports that the Chinese group ShaZhuPan is behind one of these campaigns, divided into separate teams, each of which is engaged in one thing: interaction with victims, finance, franchise or money laundering.

The researchers conclude that since such applications are downloaded by a small number of users, manually selected by scammers, there are no massive complaints about them, which makes them difficult to detect and remove from stores. Sophos also notes that with the advent of fintech in our lives, people’s trust in such software tools has increased, and when applications are taken from the official Apple and Google stores, the victims have a false sense of legitimacy.

The media also wrote that Two Cryptocurrency Scammers from Estonia Made $575 Million from a “Ponzi scheme”.

The post Cryptocurrency Scam “Pig Butchering” Penetrated the Apple App Store and Google Play Store appeared first on Gridinsoft Blog.

What are spam text messages?

Spam text messages considered spam are unsolicited communications sent via SMS or instant messaging apps. Unwanted texting spam are typically sent by unknown individuals or in bulk by automated dialers. Like other unsolicited messages, spam texts often promote a product or service.

Other forms of spam include phone calls that appear to be from spam phone numbers, as well as all of the spam emails that inundate our inboxes. Most spam messages are relatively easy to recognize, and filtering it out is typically simple. However, while they usually do not disseminate malware, some spammers may attempt to steal personal information or scam you. So, how to block random texts?

Why am I getting spam text messages?

You may be receiving spam messages because you have previously responded to spam texts, called a toll-free number, or simply because some websites you have visited, signed up for, or purchased from have shared your personal information with data brokers. Some of the reasons you may receive spam text messages are:

1. A public social media profile. If your profiles are publicly accessible on popular social media platforms like Instagram, Facebook, and LinkedIn, spammers can access your phone number and email there. Many social media platforms have also been associated with selling user data to third parties.
2. Autogeneration technology. Spammers can utilize specialized technology to generate phone numbers in a specific range. Unfortunately, your number may occasionally fall into these ranges, which makes you susceptible to receiving spam text messages that are not intended for you.
3. Automatic number identification (ANI).Toll-free phone numbers not associated with a specific country use ANI to identify and collect incoming phone numbers. The information is primarily utilized for billing purposes but can also be connected to other parts of your digital footprint.

Examples of spam messages

You need to be aware of several types of spam: missives, schemes, and ploys. Some phishing messages are more complex to spot than others, but a few stand out. These are the most common examples of spam that you’ll find.

1. You won!

Whenever someone receives a fake link claiming they’ve won a random prize, they’ll likely click the link to something that imitates a competition. This is because these messages trick people into entering fake quizzes, that offer mythic prizes. As you can guess, the only prize is the personal data you share on such sites, and it goes exclusively to fraudsters.

2. Your tax return needs to be fixed

Please don’t trust any text message about taxes unless it’s from a certified mail sender, a secure web portal, or another trusted source. The only texts that should cause concern are those from the government itself. Such messages usually lead to a fraud which forces you to expose your SSN. The latter never ends up well.

3. You’re entitled to a refund

Since people love cold hard cash, spammers know that they can get people to respond to their messages by promising a refund for an overpaid product or service. This type of fraud aims at your banking details, such as card number, expiration date and CVV code. Exposing them means sharing your money with scoundrels.

4. Verify suspicious account activity

Any text messages encouraging you to verify a username should be considered a significant warning. If your account has been compromised, contact the company directly and alter the passwords for any relevant websites. Following the link from the message, on the other hand, will likely end up with the request to type your login credentials, with known consequences.

5. Package delivery failed

Logistics companies never ask for additional personal information or payment when texting an update on delivery. It is only asked when you fill the delivery blank on a website. Sharing it with crooks will either lead to compromising your personal information or, in worst case, grabbing your delivery before you.

6. Urgent! Help needed

Scammers use social engineering to fake or impersonate messages from family and friends in need. They may even create simulated emergencies to scam people out of money or get them into trouble with the law. When someone you care about contacts you with an emergency, don’t just believe them. Instead, verify their request and contact the authorities for help.

As you can see, seemingly harmless SMS spam may have pretty bad consequences. All of this data may cost a lot for shady actors on the Darknet. If something like banking credentials is involved, you’re risking with your own money, and the possibility to get numerous credits taken for your name. Read on for tips, tricks, and rules on how to keep away from getting spam texts.

What is SMS bombing?

SMS bombing says for itself. That attack includes bombarding a number with a torrent of messages sent from different numbers. Unfortunately, many apps and websites specialize in bombing, making it hard to stop due to the massive volume of spam texts. As a result, SMS bombing can transition from a prank to criminal activity. When used as cyberbullying, it can end up cross in a cybercrime zone – when it comes to life threats or doxing, for example. However, with third-party spam filters and anti-spam features built-in to phones, it’s possible to stop SMS bombing. And opt into text lists that allow you to unsubscribe from future messages. This will help minimize the damage that message bombs can cause.

How to stop spam texts messages

You can prevent unwanted text messages in several different ways. Never answer to spam messages, report spam whenever you see it, or even install a third-party app to filter out spam messages. Additionally, permanently block spam phone numbers to avoid spammers and the online scams they promote. How to stop text messages?

1. Don’t respond

Regardless of how irritating it is to receive unsolicited text messages from unknown numbers, could you not respond to them? Unfortunately, responding to spam is one of the most detrimental actions you can take. It reveals to the spammers that your cell phone number is currently active. It may result into an influx of additional robotexts, smishing, and spam calls.

2. Block numbers

A straightforward method of preventing and block spam texts from reaching your inbox is to block spam phone numbers on your device. This functionality is available on both iPhone and Android devices; it prevents messages or calls from the blocked number from reaching you. However, spammers can circumvent the block if they impersonate someone else’s phone number. Consider other tips on how to get rid of text message spam.

3. Report spam messages

Scammers may have become more adept at impersonating legitimate organizations, but cellular providers have also become more advanced at identifying and blocking spam phone numbers. If you recognize suspicious texts or spam messages to your carrier, this helps to protect you and others by preventing similar spam messages in the future. To report spam messages to Verizon, AT&T or T-Mobile, send the spam message to 7726. Also write a questionable phone number and submit a complaint to the appropriate authorities in your area. Additionally, Americans who receive unwanted texts and internet scams in the country can report them to the Federal Trade Commission via the National do not call registry.

4. Use spam-blocking apps

For additional protection against spam, utilize an app that automatically blocks text messages from scammers and cell phone numbers. These apps use enormous databases that are constantly being updated to automatically block spam text messages and prevent scams in text messages. In addition, there are a variety of built-in and third-party apps that allow for filtering and blocking unwanted text messages. In addition, there are organizations dedicated to investigating spam that is illegal, inappropriate, or spam that is not authorized. Report spam texts and other potentially harmful communications to these organizations. Follow our tips and tricks to understand how to block spam texts.

5. Do not open links in messages you receive

Do not open links in spam emails or text messages. Spam text messages are a standard method of fraud that attempts to trick you into clicking links that lead to phishing websites. These websites are designed to steal your information or inject malware into your device. Verify the safety of a website regardless of how you arrive at it — especially if it’s via text or email. Ensuring that you have a browser built for security and privacy as your default is also beneficial to protecting your data and preventing spam from becoming more serious.

6. Protect your info

Legitimate organizations will not request personal information such as addresses, passwords, or government identification numbers via SMS. If you’re asked to divulge personal information, immediately report the spam text message and take steps to prevent spammers from taking a peek at your personal information. If you share too much personal information, you risk becoming a victim of identity theft.

7. Review your mobile bill regularly.

Other spam advertising campaigns and mobile scams cause your cell phone to text or call premium numbers, this can negatively affect your monthly bill. Review your mobile data statements and examine any unusual charges, unexpected data usage, or any other unusual behavior.

The post Texting Spam: How to Stop Spam Text Messages appeared first on Gridinsoft Blog.

What Is “Scam Likely”?

“Scam likely” is a tag that appears for customers of T-Mobile, Metro (formerly MetroPCS), and Sprint (after the merger with T-Mobile) that tags potentially unwanted callers on incoming calls. It’s part of T-Mobile’s “Scam Shield” feature, which aims to prevent fraudulent calls over the network. The company turned on this feature for all subscribers at the time by default so that you won’t see its settings anywhere.

For this purpose, carriers created a unique database of known fraudulent numbers. In addition, T-Mobile Network automatically checks all incoming calls to its customers’ phones. Therefore, these can be the usual signs of fraudulent calls, such as:

• Impersonating a government agency
• Demanding to pay for something with gift cards
• Classic technical support schemes
• Annoying robocalls

Because the fraud ID applies at the network level, you’ll see a “Scam likely” message no matter your device. This works on an iPhone, Android, or even button phone. You don’t need to install any unique apps by default, though you can install the free T-Mobile Scam Shield app for Android or iPhone for more control.

Can I Trust “Scam Likely” Calls?

Unfortunately, any system is imperfect and can fail, so chances are you will see a “Scam likely” message for a legitimate call. However, it is recommended that you exercise extreme caution if you do decide to answer a call with this marking. Nevertheless, almost all calls with this marking are likely to try to scam you. In any case, if you pick up the phone, never give any personal information. If in doubt, you can ignore a call from an unknown number. Usually, the person who needs something will leave a message. Since scammers often use social engineering, you can hang up if the conversation makes you uncomfortable.

How to Block Scam Likely Calls

Although the system warns you that the call is “Scam Likely,” it does not block them by default. If you get too many of these calls and want to block them, T-Mobile also offers a free Scam Blocker feature. The system will automatically block all calls marked “Scam Likely”. To turn on the blocking, follow these steps:

• Open the dialer app on your phone.
• Dial the combination #662# and press call.
• To ensure the lock is activated, dial #787# and press the call.

You can disable “Scam Likely” call blocking anytime by dialing #632# and pressing call.

How to Spot Scam Calls on Other Carriers

Most operators have similar services to combat fraudulent calls. This is due to the STIR/SHAKEN, a set of protocols that allows carriers to fight caller ID spoofing. Thanks to these standards, the operator can display a “Call Verified” message on your phone. This way, he confirms that it has not been spoofed. This feature is now becoming available on more and more devices and carriers as they all work to reduce spam calls.

So, if you’re an AT&T customer, you can download their official software. It’s available for iPhone or Android and contains free spam and fraud blocking features as well as advanced protection that’s available by subscription. And if you use Verizon, a free call filtering service is available as well. To manage this feature, you can also install the Verizon Call Filter app, available for iPhone or Android. Like AT&T, Verizon also offers a paid subscription to improve this. Other carriers likely provide similar services as well. For more information, visit the store, log in to your account management page, or contact your carrier’s customer service number.

How to Block Scam Likely Calls using Android and iPhone

Suppose you are annoyed by a spammer, and your operator does not provide such a service. In this case, you can block the annoying number using the standard tools of the operating system of your device. In addition, there are third-party applications available in the app store that can handle this task. These applications usually have a database of fraudulent numbers and will alert you if an incoming call is potentially unsafe. In addition, these apps allow you to detect and block fraudulent calls, regardless of which carrier you have. The disadvantage of such applications is that they are often paid and require a subscription.

How to Stop Scam Likely Calls on Android

If your phone has the default dialler app from Google, it will alert you to potential spammers by default. If your Android device uses a different dialer app, do the following:

1. Open the dial app and tap the number you want to block.

2. Click on Details, then select Block number.

In addition, you can use a third-party app to filter out spam.

How to Block Scam Calls on iPhone

You can block any number on your iPhone using the built-in blocklist feature. To do this, do the following:

1. Open the Phone app and tap Recent and press the "i" icon next to the number you need to block.

2. Scroll down and tap Block this caller.

There is a more radical method that will solve the problem of unwanted calls. Your iPhone has a feature that allows you to silence all calls from unknown numbers. To do this:

1. Open Settings and scroll down to Phone.

2. Tap Silence Unknown Callers.

3. Toggle it to on

It’s important to understand that if you turn this on, all calls from numbers that aren’t in your contacts will be rejected automatically. Most people receive legitimate calls from unknown numbers from time to time, such as a meeting reminder or an important call from someone using a friend’s phone. We recommend using this method only in extreme cases, such as if you receive much spam. Otherwise, you might miss important calls.

How to Stop “Scam Likely” Calls

Protecting your cell phone number is the best way to prevent Scam Likely calls. You need to add your number to the National Call Barring Registry to do this. Unfortunately, this does not stop all calls, but it will filter out annoying telemarketing and other such garbage. You also have to be careful when you’re sharing your number. Nowadays, almost every online ad, account, and other services will ask for your phone number. Plus, in some cases, companies can share your number with affiliates for marketing purposes. So think carefully before sharing your number with anyone online. Instead, you can sign up for a free Google Voice number and use it as an additional method of communication. The plus side of this method is that if you provide this number for all secondary services, you can always disconnect the number and not worry about incoming calls, even if they are spam.

The post How to Block Scam Likely Calls on iPhone and Android appeared first on Gridinsoft Blog.

What is an Apple ID phishing scam?

Phishing is a method actors use to con people out of their data. This often includes passwords, social security numbers, and banking information. Phishers try to get this information so they can sell it for a hefty sum, or use it in more advanced scams. For example, imposters posing as Apple will ask for information in messages that appear legitimate. They lead you to a fake website that looks precisely like apple.com and then collect any data entered. Phishers use your Apple ID to access Apple services such as Apple Music, the App Store, and iCloud.

Why do scammers target your Apple ID?

Once they have access, they can use the stolen information to impersonate a legitimate user on the services they abused. Anyone posing as a scammer can access your Apple ID credentials, which allows them to access your personal information like addresses and banking information. Giving someone access to this information through an iCloud breach is risky because they can inspect your files, documents, and photos in your history. Scammers rely on finding private information or media they can use to extort money from you. Another way for money extortion is blocking your devices through FindMy service. If you have several devices linked to the hacked account, it could be pretty painful.

Types of Apple ID phishing scams

Apple ID hackers constantly develop new ways to scam people and earn money. People easily fall prey to new scams as previous methods are revealed and debunked. This ongoing process makes keeping the public safe difficult. So, lets review the main types of Apple ID scams:

• Apple ID receipt email

Apple ID phishing email with an attached Apple ID receipt claims to be from Apple. The email says that someone bought something using the recipient’s Apple ID. To make the email trick more believable, additional information can be included in the body of the email, such as a zip file or a hyperlink to sign in to your Apple ID. Once opened, the fake receipt will capture your personal information and store it in perpetuity. When an Apple phishing email appears in your inbox, it suggests that you have been locked out of your account.

• Disabled Apple account notification

This is a common tactic of cybercriminals who use phishing scams. A decoy website link often comes attached to this email. If the scammer hopes you’ll follow the link and try to access your account, they can get your password by logging in themselves.

• Apple ID text scams

In order to trick people, scammers use many different forms of phishing. For example, they might send you a text message your Apple ID has been locked or warn you that a fake text message was just sent to your phone. Scammers use this technique to create panic and confusion in their victims. In addition, they use deceptive statements that confuse them, such as links to fake websites that ask you to input information or contact them by phone.

• Apple ID phone call scams

Fake Caller ID allows con artists to disguise their name and logo as Apple’s real ones. This makes their scams seem even more accurate to the victim. Confident threat actors convince people easily through phone scams. This makes it harder for someone to notice they are being scammed. When receiving a call from a scammer, disconnect the call and dial Apple’s official support line. Once on the phone, inquire if they just called you.

• App store pop-up asking for your password

App Store pop-ups appear periodically when you interact with your phone, so entering your password when prompted feels natural. However, this can be dangerous if scammers manage to send you pop-ups directly. Moreover, they can just counterfeit a legit system push notification, so watch out and think if you really need to type the password at the moment.

• Fake calendar invitation

When you receive an unexpected invitation or email, the best thing to do is take a moment to analyze the invitation. Calendar virus malware is a form of attack that infects Apple devices, specifically iPhones and iPads. This malicious software allows hackers to add fake subscribed calendar accounts to a victim’s device without their authorization. This allows them to create notifications for “events” that include malicious links. Common terms for this type of malware include "iCalendar spam" and "iPhone calendar spam."

• iPhone locked

Scammers will often try to register your phone as lost, enable the Find My iPhone setting, and threaten to lock you out of your phone unless you pay them to relinquish control of your device.

How to identify an Apple ID scam?

To understand where the problem comes from, you need to pay attention to some things that appear on your PC. Here is a list of some of them:

1. Unusual email senders– Apple’s team will come up with a more professional email address. Even similarly looking appleid@apple.id.com is not an option. However, crooks rarely strain so hard, and often use some generic emails.
2. Typos– "Hello friend, we come with bad news" either Apple has lowered the bar on copywriting significantly, or you’ve caught a liar. Pay close attention to spelling mistakes, grammatical errors, or incorrect spaces to identify potential scam messages.
3. URL shorteners– If the links you receive do not lead you directly to the official site of apple.com, then do not trust the source that sends you these links. Moreover, do not follow this link.
4. Urgency – fraudsters often like to escalate the situation. They often call users for urgent action. If you notice something suspicious in the message, such as the sender trying to make you respond quickly, do not respond to this.
5. Verify requests– Apple employees will never ask for your personal information. If someone asks you personal questions about your social security number or credit card, don’t join the conversation.
6. Generic greetings– Apple saves your name and uses it to refer to you when contacting you. If you are called sir/madam/friend in a message, the message is most likely a scam.

Top tips on how to identify and prevent an Apple ID scam

The best thing you can do to protect yourself is to follow ways to prevent fraud. If you are facing messages you cannot identify as legitimate, then it is best not to respond. In the end, follow the following tips to help reduce the risk of becoming a victim of Scammers.

• Always check the URL
• Don’t use the same password for multiple websites update password regularly
• Install antivirus software on your device
• Keep your web browser up to date
• Make sure you have the latest version of the operating system
• Never share your Apple ID password with anyone

The post Apple ID Scams: Identify and Prevent Apple Phishing Email appeared first on Gridinsoft Blog.

What is Spam Calls?

Spam calls are annoying phone calls that contain unacceptable content, obsessive advertising, etc. These can be made primarily by humans and sometimes by robots. But in phone frauds, rascals aim at a more successful outcome of their calls, making them more flexible. That’s why they prefer to call personally and convince users by deception on their adventures. As a result, they can force users to dictate their card number, password, insurance number, confidential information about their place of residence, and the like. If you still talk about robocalls, recorded calls often do not cause much harm. It is usually a reminder of the regular payment for utilities or a survey on the quality of service of the place where you recently visited (for example, in a bank or other institution).

Why am I getting so many Spam Calls?

Users who faced this problem probably wonder – why am I getting so many spam calls. Unfortunately, there are many reasons why users are exposed to spam. One such reason may be your subscription to a questionable website, where you also left your phone number. Then you are automatically exposed to a huge number of calls from unknown numbers and questionable offers. Because of that, we prepared some tips for you on how to stop spam calls.

What are Robocalls?

Automated calling software can make robocalls to millions of people. If someone answers their phone, and it’s not a live person, they listen to a robocall. While some automated calls provide helpful information, such as flight cancellations or reminder messages, most are trying to make money from their recipients. Some of them can even be scams.

How to Stop Robocalls?

To minimize the likelihood of being scammed, heed these tips:

• Immediately put a hang up on any robocalls. Avoid responding to a call or engaging the person on the line. If the other person tries to start a conversation or interact with you, it’s marked as a live call and you may receive more.
• Saying “yes” is to be avoided if possible. People sometimes answer robocalls without realizing that the caller started with a question like "Hello, can you hear me?" It uses recordings of the "yes" response to commit fraud. So, when answering calls, avoid saying "Yes" if possible.
• Report spam calls. The FTC can be contacted via donotcall.gov to report spammers’ robocalls. Reporting the number displayed on a caller’s ID helps the FTC track down scammers. The FTC collects each registered phone number and releases it to the public every business day. Reports help law enforcement identify the individuals behind illegal calls and phone providers working on call-blocking solutions. These reports also help other partners work on call blockers.

How to Stop Getting Spam Calls?

We’ll guide you on how to avoid falling victim to unwanted calls. Get rid of this; you will be able no matter what phone type of operating system you use. So, let’s review how to stop getting spam calls on different devices:

How to Stop Spam Calls on iPhone?

1. Go to the App Store and download the app to detect and block phone spam. You can download and install several programs with this feature from different developers.
2. Go to Settings > Phone.
3. Touch lock call and call ID
4. Enable or disable the desired application to allow these applications to block unwanted calls and provide the subscriber ID section. You can change the order of transfers according to the priority. To do this, click "Edit" and drag the programs to display them in order.

How to Stop Spam Calls on Android ?

1. On the device, open the application "Phone."
2. Tap on the icon "More" than "settings" then Spam and Call Filter.
3. Enable or disable Show subscriber ID and spam.
4. If you want to block spam calls on your phone, turn on the "Filter" spam calls "function". You will not receive any missed calls or voicemails, but filtered calls will appear in the call log, and you will be able to check your voicemail.

Spam Phone Calls Revenge

People who receive spam calls threatening them usually ask, “How to you block spam calls and get revenge for this attack?”. There are many ways to punish scammers already available to the public. To combat fraud and run effectively, you need software specifically designed for this purpose.

When a fraudster attempts to sell something, this software typically provides you with a temporary credit card number. That’s a fake credit card number generator so the fraudster can enter its data. Subsequently, the fraudulent sales attempt is rejected by the credit card issuer; however, this information provides you with evidence against whom you can sue.

Receiving spam can cost you money and damage your reputation. As soon as you realize this, it would help if you began taking measures to avoid receiving them in the future. However, it would help if you always were looking for telltale signs that someone is planning to defraud you. Avoid blocking phone-ups that originate from numbers with unclear or unrecognizable numbers. This prevents you from receiving similar phone-ups in the future.

Reminder: Your personal information is protected by laws that no one can break. Therefore, remember to report spam calls and any unauthorized attempts to access your data. Adding an extra app to your phone helps keep unwelcome guests at bay. Therefore, don’t restrict fraudsters’ actions.

How to Prevent Spam Calls ?

After all the mentioned information, you need to know some tips on how to get rid of spam calls and save your privacy and security. The FCC recommends avoiding specific actions to reduce robocalls:

• Don’t answer phone ups from numbers that are blocked or unfamiliar.
• Ignore phone-ups from numbers you don’t recognize.
• Just because a seemingly local phone number appears on the screen doesn’t mean it’s from that area
• Find the company’s phone number on the website or via a personal call from someone claiming to be a company representative. Then, call the number yourself and hang up when someone claiming to be with XYZ company phones you back.
• Do not press a number before speaking to a live representative who shares this same significance.

The post How to Stop Spam Calls & Block Unwanted Calls Immediately appeared first on Gridinsoft Blog.