Tax Season Scams

Tax season began on Jan. 29, when the Internal Revenue Service (IRS) started receiving and processing 2023 federal income tax returns. Simultaneously, this date acts as a wave-off to frauds, who start bombing people with fake emails and texts. The IRS expects over 146 million individual tax returns to be filed this season, with April 15 being a deadline. Since during this time a whole lot of personal information is exchanged, it becomes rather easy for con artists to access sensitive data. It includes Social Security numbers and other sensitive details that can be used to create convincing tax returns, collect refunds, or perpetrate other types of fraud.

The IRS has warned that tax-related phishing and unsolicited texts have become increasingly common and even reached the top of the annual scams list. Some scammers may even use the IRS logo in phishing attempts to trick people into providing sensitive information, claiming that their account has been suspended or needs urgent action. It is essential to understand that The IRS doesn’t initiate contact with taxpayers by email, text messages, or social media to request personal or financial information. Next, let’s look at the most common types of tax scams.

Tax Season-Related Phishing

Phishing is the most effective modus operandi for frauds who hunt for personal data. They send emails and text messages en masse to steal confidential information. Since tax season-themed emails are expected, the chances of a successful scam are high – the victim will not suspect a fraud. Before calling the listed phone number, clicking on a link, or opening a file, we recommend going to the organization’s official website in your browser by manually entering the address, and double-checking the information.

Another trait of fraud is a sense of urgency and threat. Scammers sometimes reach people on the phone, pretending to be a collection agency, law enforcement, or the Bureau of Tax Enforcement. They may claim that your social security number has been canceled, the identity of yours has been stolen and you urgently need to contact them. They may also threaten to arrest you if you don’t call back. In such cases, the best option is to disconnect the call.

Alternatively to threats or urgency, frauds can try gaining your trust. Let me unfold this in more detail in the next paragraph.

Social Engineering Tricks

For the filing season, taxpayers may be cautious of anyone trying to help them set up an account. An IRS online account can give a lot of valuable information, including a payment history or a tax transcript. The system allows you to sign up for and manage an IRS payment plan. So, scammers may attempt to steal personal information like Social Security numbers, tax identification numbers, or photo IDs under the guise of helpfulness. Setting up an online IRS account is free, and if you require assistance, it is recommended that you work directly with the IRS representatives, to avoid any potential scams.

At the same time, some scammers may promise to sign your declaration while taking your money and not doing anything. According to the law, anyone paid to prepare or assist in preparing federal tax returns must have a valid Preparer Tax Identification Number (PTIN). Paid preparers must sign the return and include their PTIN on it. Failure to sign the return is a warning sign that the paid preparer may be looking to make a quick profit by promising a large refund or charging fees based on the size of the refund. Such muddy waters are a perfect place for different scams, both ones that include data leaks and money loss.

Malicious Google Ads

Upon facing any problems during the tax preparation, users often go to Google and look for the information. Fraudsters know this and buy search ads in advance to appear at the top of the results and look more convincing. The advertised sites may have different addresses and phone numbers but have nothing to do with legitimate services. Moreover, despite the differences, these sites usually look identical because they use the same template. Unfortunately, Google struggles with weeding out such promotions, so scoundrels manage to get their bite off the taxpayers, albeit for a rather short amount of time.

Some sites have an address visually identical to the legitimate one. However, if you examine it more closely, one or two characters often differ in the address of the fake site. This creates a visual similarity and sometimes allows you to bypass advertising moderation. In addition, such sites claim to have been on the market for many years. Though a simple website scanning on a service like Whois reveals that the site was created only a year ago.

The page that opens when you click on the link

The next click opens another tab

Another one

Safety Recommendations

To summarize, the first and most important recommendation is to be vigilant and pay attention to each of your steps. The Internal Revenue Service’s official website is https://www.irs.gov/ and no other. Any help with tax payments should be done by authorized people, who sign their action with PTIN. Please read the information carefully. especially the fine print. If you doubt the reliability of the website, use our URL scanner, which shows data from Whois and a verdict regarding the site’s status. Before calling a phone number, Google that number and find information about it. You can also use special services to identify the number.

One more piece of advice is using proper security tools. I recommend using Gridinsoft Anti-Malware and special ad blockers. The ad blocker will remove search ads, and Gridinsoft Anti-Malware will be able to block malicious and suspicious sites with its Online Security module. Using this combination and the recommendations from the previous paragraph, you will maximize the security of your online activity.

The post Tax Season Scams On The Rise, Beware! appeared first on Gridinsoft Blog.

What’s identity theft?

Identity theft is the use of someone’s personal information for fraudulent purposes. This can include name, social security number (SSN), credit card information, or other sensitive data. It also includes unauthorized access to bank accounts, credit card fraud, creating fake identities, or taking out loans in the victim’s name. In addition to the primary financial damage, identity theft often causes severe emotional distress to victims. It also creates serious problems in recovering and returning stolen identities.

Before the advent of the Internet, criminals had to monitor a victim’s physical mailbox in search of valuable information. Another standard practice was to rummage through the victim’s stinky trash to get the information they needed for identity theft. For example, those “you’re already approved,” pre-screened credit offers we all get in the mail. However, thanks to modern technology, today’s cybercriminals don’t need to go to such great lengths to invade someone’s privacy. Big businesses and large caches of data could be more profitable. They contained on their networks present a much more lucrative target than piecemeal attacks on individual consumers.

Types of identity theft

There are various types of identity theft, each with its own specific focus and methods. I will uncover the most common types of one according to available statistics.

Account takeover identity theft

Account takeover identity theft is a cybercrime where a fraudster gains unauthorized access to your existing accounts. Usually, such attacks aim at social media pages or bank accounts. The scammer can use this access to steal your money, take out loans or credit in your name, or deceive your friends, followers, or contacts with phishing attacks or other scams. As the “next tier” victims will see messages from a familiar person, the chances of a successful scam increase by orders of magnitude.

Credit identity theft

Credit identity theft is when a thief steals your credit card data and uses it for fraudulent purchases or obtains credit cards or loans under your name. According to the Federal Trade Commission, this is the most common form of identity theft. The reason is obvious – in this attack, fraudsters can go in cash much faster than in any other way.

Medical identity theft

Medical identity theft occurs when criminals use victims’ personal information to receive medical treatment, obtain prescription drugs, or see a doctor. In the past, medical identity theft could have impacted victims’ health coverage or led to higher medical costs. However, recent changes in the law have addressed these issues. Still, scammers can incur past-due medical debts in your name, which can appear on a victim’s credit report and negatively affect their credit score. Seniors who receive Medicare are particularly vulnerable to medical identity theft, as frequent medical visits usually may not raise suspicion.

Medical identity theft is also dangerous due to the sensitivity of such information. If hackers manage to leak medical data of a person, they can further blackmail them in order to avoid disclosing their health condition. And when we are talking about celebrities, there are a lot of tabloids ready to spend a small fortune on information on such a topic.

Tax identity theft

Tax identity theft is when a scammer steals an individual’s SSN and uses it to receive a tax refund or secure a job. This commonly happens when victims’ SSNs are exposed online due to a data breach. Despite the lack of love received from taxpayers, the US Internal Revenue Service’s initiatives aimed at decreasing tax-related identity theft are effective.

Criminal identity theft

Criminal identity theft is a specific theft in which the perpetrator steals another person’s identity to commit a crime. Examples of crimes committed through criminal identity theft include driving under the influence, shoplifting, drug possession, trespassing, probation or parole violations, and failure to appear in court. The thief may use stolen name, date of birth, SSN, or other identifying information to impersonate the victim. As a result, the victim may face criminal charges, and have a criminal record. Criminal identity theft can have a devastating impact on the victim’s life.

Child identity theft

Child identity theft is fraudulently using a child’s personal information to obtain financial gain. The question arises: why would someone want to pretend to be a child? Well, there are many reasons for that. Scammers can use a child’s Social Security Number (SSN) to claim them as a dependent, obtain a tax refund, open a line of credit, get a job, or even obtain a government ID. Making someone’s child a tool in illegal credit obtaining or tax refunds is rather cynical, but fraudsters involved in such schemes never had strict moral rules.

Synthetic identity theft

Synthetic identity theft means criminals create a new identity amalgamating real and fake information. They commonly steal real information, such as a Social Security number (SSN), and make up phony information. The latter is most commonly the name, address, or date of birth. Crooks obviously do it to mask a real identity in illegal activities. The thief can then use this synthetic identity to open credit accounts, get loans, or rent an apartment. Because the identity is new, credit bureaus or lenders may not flag it as fraudulent. This makes it easier for the thief to commit fraud without being caught.

How does it work?

While the number of identity theft methods is limited by the imagination of attackers. They can accomplish it either through physical contact with the victim or remotely. Somietimes, the attackers don’t need to do anything – the victim reveals all the necessary information themselves. The following are the most common examples:

Social engineering

By far, the unprecedented winner in successful identity theft is social engineering and phishing. Phishing involves tricking people into sharing sensitive information like usernames and passwords. Attackers often use social engineering tricks to manipulate emotions – most often greed and fear. They may send spoofed emails or text messages that appear to come from trusted sources. These messages urge recipients to take urgent action to verify payments or purchases. Clicking on the provided link will redirect users to a malicious login page designed to steal their login credentials.

Social media oversharing

The next point is very similar to the previous one, but the victim is the initiator here. There’s nothing wrong with wanting to share information on social media. However, users is essential to understand and choose what information to share and what should stay in private. Thus, oversharing on social media raises the risk of identity theft in case of a data breach. Facebook and Instagram have had bugs allowing access to the personal information of millions of users. To limit your exposure, check out our guide.

Malware and Exploits

Spyware and keyloggers steal personal information, such as usernames, passwords, and social security numbers. They can infect your computer through seemingly harmless software bundles or Trojans like Emotet, which can deliver spyware and other malware. Once infected, the spyware or keylogger sends your information to cybercriminals through C&C servers. Cybercriminals exploit software vulnerabilities to gain unauthorized access to a system and steal data. Researchers aim to report and patch these vulnerabilities in a race against criminals. Commonly exploited software includes operating systems, browsers, Adobe, and Microsoft Office applications.

Misplaced phones and wallets

Identity theft can occur when people lose their wallets, purses, or cell phones. Besides, crooks can steal them. Thieves can access important identification documents and sensitive information. And since smartphones commonly contain huge amounts of personal information, it is obvious that.

Data breaches

Data breaches refer to unauthorized access to a company’s database by hackers who target sensitive customer information. It includes names, addresses, social security numbers, and financial details. This can also be caused by SQL injection attacks or misconfigured access controls. SQL injection attacks exploit weaknesses in how websites interact with SQL databases, allowing hackers to access sensitive information. The alternative to this is misconfigured access controls that can accidentally make private information public.

Who is the primary target?

Identity theft can happen to anyone, but some groups are more vulnerable than others. For example, seniors are often targeted because they may be less familiar with technology and more trusting of unsolicited communications. People with good credit histories are also at risk since criminals can open new credit accounts in their name and make unauthorized purchases. Those with higher incomes may also be targeted as they have more financial resources to exploit. Children are also vulnerable targets as their personal information can be used for fraud over an extended period before being detected since they usually don’t have a financial history.

What can I do if I’m a victim of identity theft?

If you’re a victim, use this checklist to mitigate:

• Start by cleaning your computer. The first thing we recommend performing is a full scan of your device. Scan your system for threats using a good cybersecurity program such as Gridinsoft Anti-Malware. This will provide clarity and insight into whether the threat came from the infected device.
• Next, change your passwords. Whether or not you have malware on your device, intruders already have compromised your accounts. We recommend changing your passwords to prevent attackers from accessing your accounts. Please avoid reusing passwords across sites. Consider using a password manager for unique alphanumeric passwords and to detect spoofed websites.
• Enable MFA or 2FA. 2FA is an effective line of defense against unauthorized access. The attacker must enter a confirmation code if the account login and password are compromised. Since this code is usually sent to your other devices, it reduces the chance of an attacker gaining access to the account.
• Report stolen or lost cards. We strongly recommend contacting your bank ASAP if you lose your plastic bank card. Bank employees will block the card, thus preventing intruders from using it. You can also request to have your card reissued on your bank’s mobile app. It will take a few minutes; you can link the new card to Apple Pay or Google Pay and continue using it.
• File a report with the FTC. You’ll need it to obtain a seven-year fraud alert from the credit bureaus and remove fraudulent accounts from your credit file. You can file another report with your local law enforcement agency only if your creditors demand it or you know the identity thief personally. You can dispute wrong information on your credit report under the Fair Credit Reporting Act. If the reporting agency doesn’t fix it within 30 days, file a complaint with the Consumer Financial Protection Bureau.
• Be careful of phishing emails. It is crucial to keep a close eye on your email inbox. Opportunistic cybercriminals know that many individuals whose accounts have been breached expect to receive some form of communication regarding the incident. These scammers will take advantage of the situation by sending out fake emails that trick you into providing your personal information. It is, therefore, essential to be vigilant and cautious when receiving such emails.

In addition to the above, we have a article dedicated to Identity Theft traits. In it, we describe how to protect against Identity Theft in more detail.

The post What Is Identity Theft & How to Protect Against It appeared first on Gridinsoft Blog.

Bahamut Group Exploit Phony Android Application

Recently, analysts came over advanced Android malware that targets individuals in the South Asia region. The malware is disguised as a chatting app known as “SafeChat,” which victims get via WhatsApp. Attackers use social engineering and often lure victims to install a chat app under the pretext of switching to a more secure platform. The app’s interface is typical for all messengers, which is not hard to copy from elsewhere. And that is why it effectively deceives users into thinking it is legitimate and safe. However, it allows the TA to extract all necessary information. The malware exploits Android Libraries to extract and transmit data to a command-and-control server.

It is worth noting that this SafeChat has nothing to do with a legitimate program of the same name. However, Bahamut APT does not try to mimic the one. Most probably, they picked a name exclusively for a clickbait, making no reference to the app’s legitimacy. Though, the original app is not recognized well enough to make its name work as a disguise.

State-Sponsored Activity

According to technical analysis, the Android spyware appears to be a variation of the well-known Coverlm malware. It is notorious for extracting data from popular communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. Indian APT Bahamut group is behind the attack. In addition, the malware exhibits similar tactics used by the notorious APT group, DoNot, but with more permissions. Additionally, based on substantial evidence, experts have linked Bahamut to acting on behalf of a particular state government in India. Sharing the same certificate authority as the DoNot APT group and similar data theft methodologies, a common area of operation, and using Android apps to infect targets suggests close cooperation or overlap between the two groups.

“Safe Chat” Details

As I mentioned above, the Safe Chat app has a misleading interface that gives the impression of a genuine chat application. When first launched, it further manipulates victims by walking them through a seemingly legitimate user registration process, boosting their credibility and serving as a cover for embedded spyware. One of the most essential steps in the infection is the acquisition of permissions to use the Accessibility Services. The app used it to grant additional – and crucial – permissions to the spyware automatically. Having access to Accessbility Services allows the spyware to access the victim’s contact list, SMS, call logs, and external device storage and get accurate GPS location data from the infected device.

Safety tips

Although cyber-attacks are not new, it is always wise to be cautious of such incidents and take measures to ensure your safety. The following are some suggestions to safeguard yourself against SafeChat and other types of malware and maintain your Android device’s security:

• Install Apps from Trusted Sources. For your safety, we recommend that you only download and install apps from official places such as Google Play Store. Please avoid installing apps from unknown sources, which may contain harmful malware.
• Check App Permissions. It’s essential to be careful when downloading apps that request unnecessary permissions. If an app asks for access to sensitive data or unnecessary features for regular use, think twice before installing it.
• Keep Your Device Updated. It is essential to regularly update your Android device with the latest software and security patches. Manufacturers release these updates to fix any vulnerabilities and make your device more secure.
• Use Security Apps. Installing a trustworthy antivirus or security application from a reliable source is recommended to conduct regular scans on your device for potential threats and malware.

The post Bahamut APT Targets Users With Fake SafeChat App appeared first on Gridinsoft Blog.

Why Social Media Threaten Information Security?

Social media platforms serve as a means for users to stay connected with friends, engage with customers, and market businesses. However, a place with such a large information volume cannot be safe from manipulations or even outright phishing. Let’s peek at the most notorious examples of threats to infosec you can meet on social networks.

Risk of social engineering attacks.

Criminals are aware that individuals are likely to share personal information. Therefore they exploit public profiles to extract valuable data that can be utilized for advanced social engineering assaults.

It’s essential to consider employees’ personal social media accounts as they can impact business security. Cybercriminals can use any post made on a social media profile linked to the business to compromise the company’s systems and data. The information is usually publicly visible when a digital profile is created. The more information an individual shares on their profile, the higher the risk of falling victim to cybercrime.

Cybercriminals often exploit social media users by creating fake accounts to deceive them into providing personal information, access credentials, or downloading malicious software through links. It’s important to stay vigilant and cautious while using social network to avoid falling victim to such scams.

Oversharing

Individuals who frequently post personal information on social networking sites can threaten businesses. Their actions can not only put themselves at risk by sharing confidential information, such as travel plans, business data, or patient information but also provide cybercriminals with a plethora of information they can exploit in various ways. The posts only can threaten the information security of the individual or a company. Though it is only a peak of the iceberg.

• Whaling attacks involve gathering valuable information to target high-level executives and persuade them to perform a secondary action, such as transferring funds.
• Spear phishing attempts are more targeted and accurate than typical phishing attempts. They focus on individuals and use specific details like current news and relevant financial documents.
• Spoofing occurs when a cybercriminal pretends to be someone or something else to gain access to private information.

Social media connections can create a cybersecurity risk. User activity, including likes, shares, and comments, can reveal valuable information about relationships that cybercriminals can exploit for fraudulent activities like phishing, spoofing, and impersonation.

Unsecured Portable Devices

Mobile devices are obviously the prevalent way of accessing social media. Modern security measures implemented on both mobile devices and in social network create an impression of secureness, but it is in fact just a misconception. The key there is accessing the ones phone, laptop or another device – and then you get everything. Thing is, people often rely exclusively on biometric identification, hoping that no one will try to pick the password that remains as a backup access method if something goes wrong. And – you guessed it right – they leave some of the easiest passwords to pick, like “1111” or “1234”, making it a piece of cake for hackers. This makes social media a nightmare to information security.

After such a lockpicking game, those who access the device can access whatever info in social media. This is even more efficient than using spyware/stealer malware, which cannot dump conversations in most messengers. By accessing the chats, criminals can gather not just your sensitive data but also your schedule and the schedules of other people, your company’s internal affairs, and the like. If it is not a dream of a hacker who collects data about the target – so what is?

How to Reduce Cyber Risks Using Social Media

In today’s world, businesses must have an online presence, including at least one social media platform. Social network has become necessary for building trust, increasing visibility, receiving customer reviews, conducting research, making comparisons, and facilitating direct communication with customers. The good news is that businesses can take steps to reduce the cyber risks associated with social network.

• Social Media Access Control
  Limiting the number of people accessing social media accounts is essential as it reduces the potential attack surface. Identifying, containing, and mitigating the damage becomes more manageable in a data breach. Assigning one person to oversee the business’s social network accounts is advisable to minimize security risks.
• Social Media Policy Implementation
  It is essential for every member of an organization, including those in leadership positions, to have access to a well-defined social media policy. This policy should outline how to safeguard sensitive and confidential information and what actions are strictly prohibited.
• Anti-Malware Implementation
  When dealing with unverified mobile devices, addressing security vulnerabilities can be difficult. Therefore, it is crucial that social media training emphasizes the significance of having antivirus and anti-malware software on all portable devices to safeguard against cyber attacks. This software can mitigate or resolve security threats, protecting users and their organizations.

The rise of social media has changed how we communicate and exchange information, but it has also brought about new dangers and obstacles concerning privacy and security. It is crucial to be aware of what we share on social network and who has access to it, as well as to take measures to safeguard our data and keep ourselves informed about privacy concerns and security risks. By following recommended guidelines for using social media, such as reviewing privacy policies, modifying privacy settings, and being alert to fraudulent schemes and phishing attacks, we can reap the benefits of social media while mitigating the potential risks.

The post Information Security Threats in Social Media appeared first on Gridinsoft Blog.

AI Scam in Facebook Ads

The use of social media for cybercrime, in general, is nothing new. However, to maintain effectiveness, sometimes fraudsters have to adjust their tactics and adapt to current trends. Another “innovation” from cybercriminals was discovered by CheckPoint Research (CPR) experts. According to their report, fraudsters are using Facebook as a platform for their dirty deeds. Since the hottest topics are AI-related, scammers are using them as bait. Such pages often contain mentions of ChatGPT, Google Bard, or Midjourney. For the best effect, scammers heavily embellish their “services”. For example, some pages have names like Bard New, Bard Chat, and G-Bard AI, and some are not shy to name themselves GPT-5.

Obviously, many people fall for it. The main reason is that real services are unavailable in some countries, so many people can’t distinguish fakes from real ones. Moreover, the abundant number of discussions, comments, and likes make users believe in the genuinity of these posts. However, in the end, naive users are tricked into downloading and installing malware. In turn, this malware steals valuable information from the victim’s computer. This includes online passwords (banking, social networks, games, etc.), crypto wallets, and any information stored in the browser.

How does it happen?

I already mentioned that hackers create Facebook groups on AI-related topics. To look legitimate and attractive, they fill it with different content – mostly legit at this point. Next, users and algorithms come into play. As unsuspecting folks comment and like the content, Facebook promotes it into recommendations and user feeds. As a result of this manipulation, fraudulent pages can have more than two million followers, which is also compelling. Though all these pages have one thing in common – they all link to a site that offers “additional functionality”. Some links promote an application, some – a password-protected archive under the guise of necessary files for the engine, or have just one button, “Get started”. However, each option will bring malware to your PC instead of the promised one.

Fake AI Groups on Facebook Spread Infostealers

Info stealers are the primary infection that spreads through this scheme. These malicious programs aim to collect sensitive and personal data from infected devices. They scan the infected system for valuable information such as logins, passwords, bank card details, social accounts, and other sensitive information. Next, the info stealer starts secretly collecting data and transmits it to the attackers over the internet. Crooks use the data collected by info stealers for financial scams, identity theft, blackmail, or selling on the dark web.

Security Recommendations

Unfortunately, genuine artificial intelligence services cannot always influence fraudulent schemes. Therefore, it is essential that users educate themselves, recognize the risks, and remain vigilant against such schemes. Since phishing is the basis of such cyber attacks, the attackers’ main goal is to convince the victim that they are legitimate. Here are some of the ways to detect a phishing attack:

• Download software from trusted sources. Since Facebook groups are not trusted sources (even if they appear to be), we do not recommend downloading software for your computer from it. Instead, we recommend using the app or the company’s official website.
• Ignore Display Names. You should avoid falling victim to phishing scams and focus on verifying the sender’s email or web address. Phishing sites and emails can manipulate display names to appear legitimate, but checking the source is the best way to ensure authenticity and trustworthiness.
• Verify the Domain. It is common for crooks to utilize domains with slight misspellings or those that appear to be credible. It is essential to be cautious of these misspellings as they can be a sign of phishing attempts.
• Use anti-virus software. In addition to the above recommendations, having additional protection is a good idea. Even if you miss a link, an anti-malware solution will neutralize the threat before deployment.

The post Fake Ads on Facebook Promote Scam AI Services appeared first on Gridinsoft Blog.

Phishing in Instagram

First and foremost, let’s review what do we have to deal with, precisely – which Instagram scams can you face. Phishing in Instagram is not significantly different from classic phishing. This attack involves malicious actors attempting to gain access to user accounts by deceiving them. Overall, it can be categorized into three types:

Fake messages

Probably, the most often case of Instagram scams is one which uses fake messages. These can be messages from fake stores offering barter deals (even if you have minimum followers) or from dubious persons with incredible offers. Often, these messages come from users with a username like @te2togwaste, who have only one follower, and claim that you have won a lottery, while sending you the profile of an original brand.

Another method is receiving messages from pseudo-Instagram support. It is likely that the message will be about an attempt to hack your account and a suggestion to click on a link to prevent it. Typically, such messages come from an unknown phone number or from someone like @instsupport002 directly in the app’s direct messages. In these cases, the goal is to trick you into providing personal information or clicking on a “magical” link with the same intention. You may not notice the scam effects first, but be sure – it will surface at some point. In its guidelines, Instagram asks to report such accounts and contact a real support if there’s a possibility of account compromise. This approach is right, but I have several other pieces of advice – so keep reading.

Investments scam accounts

Investment scam is certainly the most odious kind of a scam, that was depicted in movies and met by almost everyone. Among Instagram scams, it gained increased popularity since 2020, particularly during the cryptoboom. There is a chance of coming across an investment account with a decent audience of up to 20K. Such a number of followers can inspire trust. These accounts will offer “profitable investments” and “guaranteed success”, various pyramid schemes, and so on.

The methods used by these scammers to lure their potential victims may include sending private messages inviting them to participate in lucrative programs, offering individual consultations, or even showcasing “real profit” charts. These scammers create the appearance of reputable investment companies or successful traders. You may see professionally designed accounts, photos of luxurious cars, vacations at exotic resorts, and lavish houses. Though, it is worth noting that a couple of minutes of open-source intelligence will reveal you the ability to rent all this luxury stuff hourly or daily.

A characteristic trait of scammers of this type is phrases like “I don’t understand why people still use *something* and don’t know that you can make money from it…” or “How I made $1000 in just a couple of days.” And all for one purpose – to make you send them money. Crooks can ask for minor sums first, quickly inflating their demand to several thousand dollars. At the end, they either block you or simply ignore any questions regarding the deposit. If you detect such a profile – well, you cannot do a whole lot except contacting support.

Celebrity phishing

Or simply whaling. Judging by the name, it is clear that these Instagram scams use big fish as a bait, in this case, the pages of large network restaurants, celebrities, or trusted brands that the audience relies on. Scammers “borrow” some power from the image of who they try to mimic, and then use it to satisfy their nefarious desires, manipulations, and schemes.

Account owners will do everything possible to get rid of this fraudulent parody. Unfortunately, they don’t have a lot of options: either ask the audience to report the fake or to contact Instagram support. The latter, though, may be problematic, to say the least.

Instagram Support – Is It Effective?

You may have noticed that I mentioned contacting support as a prevalent option for any cases of Instagram scams. But, thing is, Instagram support may be frustrating to use. Alongside the phishing problem, another serious concern for Instagram users is the poor performance of the platform’s support team. Many users report the inefficiency and lack of response from the Instagram support. This problem persists for years, and have already created a lot of sour feedback from the users.

When users encounter problems such as account access loss or other issues, they obviously turn to Instagram support for help. However, many of them experience disappointment due to the lack of response, its slowness, or the inability to receive clarification regarding their problems. This creates an impression that the support team is either incapable or uninterested in resolving user issues. Naturally, this causes significant stress for users and jeopardizes their personal security and confidentiality.

What Can You Do?

Unfortunately, it is unlikely that Instagram will change its approach to this situation in the near future. However, here are a few tips to keep your personal data safe:

• Set up two-factor authentication (2FA) for your account. Use a third-party authentication app like Google Authenticator or Microsoft Authenticator instead of relying on SMS messages. SMS-based 2FA can be vulnerable to hacker attacks. There are plenty of options for effective and secure multi-factor authentication – be sure to check all of them.

• Use a strong password for your account. Avoid using obvious passwords such as “123456” or “password.”
• Instagram allows you to review all the places and devices where you have logged into your account. If you notice unfamiliar sessions, such as from Vietnam where you have never been, immediately log them out and change your password.
• Be cautious with messages from unknown users. Do not open links provided in such messages as they may lead to scam pages or contain harmful software.
• It is important to remember that no legitimate company or trader will invite you to participate in investment programs through personal messages on Instagram.
• Lastly, consider the possibility of using other social media platforms and apps that offer similar features. For example, Flickr, Imgur, Pinterest, or Retrica could be alternatives for you.

The post Protection Against Instagram Scams: What You Need to Know appeared first on Gridinsoft Blog.

What is Social Engineering?

Social engineering – a method of manipulating fraudsters psychologically and behavior to deceive individuals or organizations for malicious purposes. The typical objective is to obtain sensitive information, commit fraud, or gain control over computer systems or networks through unauthorized access. To look more legitimate, hackers try to contextualize their messages or, if possible, mimic well-known persons.

Social engineering attacks are frequently successful because they take advantage of human psychology, using trust, curiosity, urgency, and authority to deceive individuals into compromising their security. That’s why it’s crucial to remain watchful and take security precautions, such as being careful of unsolicited communications, verifying requests before sharing information, and implementing robust security practices to safeguard against social engineering attacks.

ChatGPT and Social Engineering

Social engineering is a tactic hackers use to manipulate individuals into performing specific actions or divulging sensitive information, putting their security at risk. While ChatGPT could be misused as a tool for social engineering, it’s not explicitly designed for that purpose. Cybercriminals could exploit any conversational AI or chatbot for their social engineering attacks. If it used to be possible to recognize the attackers because of illiterate and erroneous spelling, now, with ChatGPT, it looks convincing, competent, and accurate.

Example of Answer from ChatGPT

To prevent abuse, the creators of OpenAI have implemented safeguards in ChatGPT. However, these measures can be bypassed, mainly through social engineering. For example, a harmful individual could use ChatGPT to write a fraudulent email and then send it with a deceitful link or request included.

This is an approximate request for ChatGPT: “Write a friendly but professional email saying there’s a question with their account and to please call this number.”

Here is the first answer from ChatGPT:

What is ChatGPT dangerous about?

There are concerns about using ChatGPT by cyber attackers to bypass detection tools. This AI-powered tool can generate multiple variations of messages and code, making it difficult for spam filters and malware detection systems to identify repeated patterns. It can also explain code in a way that is helpful to attackers looking for vulnerabilities.

In addition, other AI tools can imitate specific people’s voices, allowing attackers to deliver credible and professional social engineering attacks. For example, this could involve sending an email followed by a phone call that spoofs the sender’s voice.

ChatGPT can also create convincing cover letters and resumes that can be sent to hiring managers as part of a scam. Unfortunately, there are also fake ChatGPT tools that exploit the popularity of this technology to steal money and personal data. Therefore, it’s essential to be cautious and only use reputable chatbot sites based on trusted language models.

Protect Yourself Against AI-Enhanced Social Engineering Attacks

It’s important to remain cautious when interacting with unknown individuals or sharing personal information online. Whether you’re dealing with a human or an AI, if you encounter any suspicious or manipulative behavior, it’s crucial to report it and take appropriate ways to protect your personal data and online security.

1. Important to be cautious of unsolicited messages or requests, even if they seem to be from someone known.
2. Always verify the sender’s identity before clicking links or giving out sensitive information.
3. Use unique and strong passwords, and enable two-factor authentication on all accounts.
4. Keep your software and operating systems up to date with the latest security patches.
5. Lastly, be aware of the risks of sharing personal information online and limit the amount of information you share.
6. Utilize cybersecurity tools that incorporate AI technology, such as processing of natural language and machine learning, to detect potential threats and alert humans for further investigation.
7. Consider implementing tools like ChatGPT in phishing simulations to familiarize users with the superior quality and tone of AI-generated communications.

With the rise of AI-enhanced social engineering attacks, staying vigilant and following online security best practices is crucial.

The post ChatGPT has become a New tool for Cybercriminals in Social Engineering appeared first on Gridinsoft Blog.

What is APT43?

APT43 (sometimes called “Kimsuky”) is a North Korean group that became active in 2018. It is considered one of the most closely tied to the personal and geopolitical goals of dictator Kim Jong-un and his ruling elite. The group’s primary focus is strategic data collection. It mainly concerns foreign policy and issues related to his nuclear weapons program. According to the researchers’ report, APT43 targets educational, political, and business services in Europe, the United States, South Korea, and Japan. Moreover, they are particularly interested in research centers dealing with geopolitical and atomic policy. However, between October 2020 and October 2021, there have been instances in which the healthcare industry and pharmaceutical companies have been attacked.

Attack methods

Unlike their other counterparts, APT43 does not tend to rely on sophisticated technical techniques, zero-days, and other advanced intrusion techniques. Instead, they use old, time-tested methods based on phishing and aggressive social engineering to get closer to their targets. For example, they may pose as journalists or researchers. More often, however, they send targeted emails that contain links to websites pretending to be legitimate. These websites have fake login pages where the victim enters their credentials, and they are sent to the attackers. By obtaining these credentials, APT43 can log into the victim’s account to independently gather intelligence of interest. In addition, the victim’s contact list is exciting, as it facilitates spear phishing attacks.

APT43 Uses Dirty Crypto Money

As stated above, the ideology of APT43 is the interests of the North Korean regime. However, the government does not fund them, forcing them to hack and steal to fulfill their “main” mission. Thus, cybercriminals steal cryptocurrency wallets from their victims and then use hash rental and cloud mining services to launder the creation of new pure cryptocurrency. These funds are then used to purchase additional infrastructure and tools to support hacking operations.

North Korean hackery

Hacking activities in North Korea go hand in hand with government agencies. For example, APT43’s activities allegedly align with the Reconnaissance General Bureau, North Korea’s foreign intelligence agency. Moreover, North Korea has been accused of cyber attacks against various targets, including financial institutions and cryptocurrency exchanges. One of the most notorious groups linked to North Korea is the Lazarus Group. The group has been blamed for many significant cyberattacks, including the WannaCry attack in May 2017. It was one of the most significant cyberattacks in history, infecting the computers of more than 200,000 organizations in 150 countries. Although North Korean authorities have denied any connection to the WannaCry attack, many experts believe North Korean hackers were behind the attack.

Is it dangerous?

Although APT43 does not exploit critical unknown vulnerabilities in systems, the group collaborates with several state-supported hacker groups in North Korea. In addition, although APT43 uses publicly available tools such as “gh0st RAT,” “QuasarRAT,” and “Amadey,” it has its own set of custom malware that no one else uses. These include the “Pencildown,” “Pendown,” “Venombite,” and “Egghatch” downloaders, the “Logcabin” and “Lateop” (“BabyShark”) tools, and the “Hangman” backdoor. In addition, researchers believe APT43 will support spying efforts through cybercrime in the regime’s cyber apparatus.

The post APT43 Funds Cybercrime With Stolen Crypto appeared first on Gridinsoft Blog.

1. Ransomware threats

Ransomware is the worst threat, which is unlikely to be avoided if an attack does occur. It encrypts files using unique cryptographic algorithms that are almost impossible to decrypt. Ransomware targets both single users and corporations. Ransoms range from a hundred dollars (for users) to $50 million (the enormous ransom ever paid by Acer Corporation in March 2021). There is also the practice of blackmail by disclosure, called triple extortion. Another widely used method is spamming emails. A file attached to an email – most often an MS Office document – contains a malicious macro. The macro in an office suite was initially used to increase the interactivity of the paper. Still, the large number of vulnerabilities in its mechanism makes it an excellent carrier of malware.

2. New Disguises for Malware threats

Criminals use news stories and global events to target people with malware. During the COVID-19 outbreak, scammers used the confusion and virus theme to target victims with malware. By disguising emails as important information, they trick victims into clicking a link that pushes malicious software onto their devices. In 2022, Russia-Ukraine war became a disguise for such mailing. Who knows what may appear in the future?

With time, malware authors have developed hundreds of methods to make their malware appear "new again" to evade security measures. The old methods of disguising the malware are not going anywhere, and scary banners like PORNOGRAPHIC VIRUS ALERT FROM MICROSOFT or URGENT WINDOWS UPDATE have been used for years. It should also be noted that the old disguise also fits the new infestation, so do not assume that the old only mates with the old.

3. Fleeceware

Fleeceware continues to charge users significant amounts of money despite users deleting the apps. Recent studies have documented that over 600 million Android users have downloaded “Fleeceware” on their devices in the past few years. Fleeceware is not a significant security threat to a user’s device or data. However, it is still common, and it’s a questionable practice by app developers who want to take advantage of unsuspecting users.

4. IoT Device Attacks

IoT is a large number of Internet-connected devices. This is the process of transferring data between different devices. This feature facilitates organizations’ growth and even serves customers. Organizations that want to safeguard the transmission of their data and the device through which it occurs must understand the importance of IoT cybersecurity, as most attacks are directed at this. The number of attacks on IoT devices is increasing annually, which should be considered, and a solution developed to counter this.

Additionally, many IoT devices need more storage capacity to implement proper security measures. These devices often have readily available data, including passwords and usernames, which hackers can use to access user accounts and steal sensitive information, such as banking information. Hackers can also utilize internet-based cameras and microphones to observe and communicate with people, including children, via intelligent baby monitors.

5. Social Engineering

Social engineering is one of the famous methods through which fraudsters deceive the user, manipulate him, and instill fear and urgency. Once the victim is emotionally invested, the fraudsters distort her perception. Therefore, any human error is a vulnerability that facilitates social engineering.

In this case, the hacker will begin by contacting a company or service provider and pretending to be a specific individual. Next, they’ll inquire about the victim’s story and deceive the customer support staff into divulging sensitive information. Then, they’ll utilize that information to access a person’s account and data, including payment information. This isn’t malware per se, but social engineering is a concerning trend, as it doesn’t require hackers to know coding or malware creation. Instead, all the attacker needs to do is be convincing and allow human error and complacency to benefit them with the information they need.

6. Cryptojacking

Hackers try to sneak cryptojacking malware onto a computer or mobile device by hiding it inside malicious files. This malware uses a person’s resources to “mine” cryptocurrencies like Bitcoin: it slows down the device’s performance, which prevents them from mining new coins. Because of the rising value of cryptocurrencies — specifically Bitcoin — the threat of cryptojacking malware hasn’t decreased. In January 2018, Bitcoin, valued at $39,200, was recorded. Since many cryptojacking malware attacks are profitable, cybercriminals will continue to use this malware to make significant money.

7. Artificial Intelligence (AI) Attacks

As more tools become available to developers who want to program AI scripts and software, hackers will have access to this same technology, allowing them to conduct devastating cyberattacks. Cybersecurity companies employ artificial intelligence and machine learning algorithms to help combat virus and malware threats. However, these technologies can also be used to hack devices and networks on a massive scale. In addition, cyberattacks are often costly to cybercriminals in terms of time and resources. With the increased adoption of artificial intelligence and machine learning, hackers will likely develop highly advanced and destructive AI-based malware in 2023 and beyond.

Defending Yourself from Cybercrime

Your private information, sensitive data, sentimental photos, and private messages — what’s the value to you? They’re irreplaceable. How are you combating new virus and malware threats? Many people only have essential antivirus software and possibly other cybersecurity tools to safeguard themselves. However, the truth is that most antivirus programs do not provide complete protection against new virus and malware threats; you are still susceptible to the latest threats. To ensure your device and all your data are protected, you must utilize the best antivirus software for your PC, Mac, Android, and iOS device.

The post Dangerous Virus & Malware Threats in 2023 appeared first on Gridinsoft Blog.

How does pretexting work?

During pretexting attacks, attackers may ask victims for specific information, claiming it is needed to confirm the victim’s identity. In reality, the attacker steals this information to use later for secondary attacks or identity theft. In addition, some attacks are so sophisticated that they can trick victims into performing an action that exploits an organization’s physical or digital weaknesses. For example, a fraudster might pose as an outside IT services auditor and convince the organization’s physical security team to allow the attacker into the building.

Many attackers using this type of attack, disguise themselves as employees of the organization or human resources in the finance department. This allows them to target senior executives or other employees with extensive privileges, as they are the ones who are of great value to the attackers. While phishing attacks use urgency and fear to exploit victims, pretexting attacks create a false sense of trust in the target victim. To do this, attackers must develop a credible legend that will not make victims suspicious.

Pretexting methods

Scammers do not stand still and use various methods to gain their victims’ trust and convince them to pass on valuable information. So, let’s break down these methods in more detail:

Impersonation

The scammer presents himself as a confidant, such as a colleague or a friend. This involves maintaining trust by spoofing prominent institutions’ or individuals’ phone numbers or email addresses. A classic example of impersonation is the SIM card spoofing scam, which exploits vulnerabilities in two-step verification processes, including SMS or phone verification, to capture target accounts. For example, the scammer may introduce himself as the victim and claim to have lost his phone, convincing the service provider to switch the phone number to a new SIM card. This way, all the one-time passwords are sent to the attacker and not the victim.

One successful social engineering attack using impersonation was on Ubiquiti Networks in 2015. At the time, employees received messages from scammers posing as the company’s top executives and demanding that funds be transferred to the attackers’ bank accounts. Such an oversight cost the company $46.7 million.

Baiting

As you can understand from the name, it is an attempt to trap the victim through the bait. The goal of this attack is to spread malware or steal sensitive information. Fraudsters may use malware-infected thumb drives as bait, often adding something to make them look authentic, such as a company label. Such decoys are placed in high-traffic locations, such as lobbies or bus stops, so victims will notice them and be incentivized to insert them into work or personal devices. Malware is then deployed to the device. Baiting can also be online. It can usually include enticing advertisements that lead victims to a malicious website or encourage them to download a malware-infected app.

Phishing

Phishing is impersonating a trusted person in messages (e-mails or text messages) to obtain confidential information. This can be payment card details and passwords. Phishing is different from pretexting, but Fraudsters can combine the two. Pretexting dramatically increases the chances of a phishing attempt succeeding. For example, when talking to a phishing scammer, targeted employees can be sure they are talking to an employer or contractor. Fraudsters can also use compromised employee accounts for further pretexting attacks targeting individuals with targeted phishing.

Thus McEwan University in Canada fell victim to a phishing attack in 2017 that cost the university about $9 million. At the time, targeted employees changed payment details, believing that the scammer was a contractor.

Vishing and Smishing

Vishing (voice phishing) is a social engineering technique that uses phone calls to trick victims into stealing confidential information or to give attackers remote access to the victim’s computer. This scheme often involves an attacker who calls victims pretending to be an IRS employee, who often threatens or tries to intimidate the victim into providing monetary compensation or personal information. Although such schemes usually target the elderly, anyone can still be duped by a vishing scam.
Smishing (SMS phishing) is a form of social engineering, very similar to vishing and phishing, but uses SMS or text messages.

Scareware

Scareware annoys victims with bogus threats and false alarms. First, the victim is tricked into thinking their system is infected with malware. The scammers then offer the victim to install software that is positioned as applicable but is, in fact, another malware. For example, a typical malware attack might include banners popping up in the victim’s browser while surfing the Web, which looks legitimate. However, such banners may contain something like, “Your computer may be infected with malware spyware. This is followed by an offer to install a specific tool (usually infected with malware) or direct the victim to a malicious Web site. Scareware can also spread through spam messages containing false warnings or offers to buy useless services.

Pretexting and the Law

Pretexting is illegal in the United States. For financial institutions regulated by the Gramm-Leach-Bliley Act of 1999 (GLBA) (nearly all financial institutions), any attempt by an individual to obtain or cause an employee to disclose customer information through deception or false information is illegal. Also, GLBA-regulated institutions must enforce standards for training their employees to detect attempted pretexting. In 2006, Congress passed the Telephone Records and Privacy Protection Act of 2006, which extends protections to records kept by telecommunications companies. Unfortunately, in other industries, it needs to be clarified whether pretexting is illegal. In future court cases, prosecutors will have to decide which laws to use to bring charges since many were created without this scenario.

How to Prevent Pretexting

The most effective way to protect your organization from fraud is to avoid interacting with messages from suspicious and unknown senders. Scammers aim to get people to click on links or download infected attachments at all costs. Therefore, any statement that asks you to do any of these things should be taken cautiously. Here are a few methods companies use to protect themselves from pretexting:

DMARC

Since pretexting involves impersonation, the email must look as authentic as possible to be successful. This requires email spoofing. Domain-based authentication, reporting, and message matching (DMARC) is the most common form of email spoofing protection. However, it requires constant and complex maintenance, which makes it very limited. Moreover, although DMARC stops accurate domain spoofing, it does not stop name spoofing or related domain spoofing, which are much more common in targeted phishing attacks. However, attackers use these more sophisticated techniques mainly because of the effectiveness of DMARC.

AI-based email analysis

Modern problems require modern solutions. To reduce risk, enterprises must strive for a more advanced detection method than DMARC. Next-generation anti-target phishing technology uses artificial intelligence (AI) to learn user behavior and detect signs of pretexting. It can also detect email addresses and traffic anomalies, such as display name spoofing and related domains. Natural Language Processing (NLP), part of AI, examines language and can decipher phrases and words common to phishing and pretexting.

Educate users

The most effective solution is to train your users to spot pretexting. To do this, you should share real pretexting examples with them. Unfortunately, often the success of targeted phishing and pretexting is that users have yet to learn what it looks like and do not notice anything unusual in the requests they receive. Therefore, you should educate your users about all sorts of different types of spoofing and teach them how to analyze their emails for signs of display name spoofing and related domains. In addition, you should establish rules for financial transactions, such as confirming requests in person or by phone.

Report a phishing email

Unfortunately, users cannot prevent phishing attempts. However, they can be vigilant and report phishing emails when they spot them, thus protecting themselves and their organizations. To be a good Internet citizen and do your part, report phishing at phishing-report@us-cert.gov.

The post Pretexting in Cyber Security: Facts to Know appeared first on Gridinsoft Blog.