Posted by: David Harley | September 18, 2018

Tech support scams: curse of the Evil Cursor, and Technet ads removed

[Also posted to AVIEN]

Jérôme Segura for Malwarebytes: Partnerstroka: Large tech support scam operation features latest browser locker – “We have been monitoring a particular tech support scam campaign for some time which, like several others, relies on malvertising to redirect users to the well-known browser lockers (browlocks) pages. … we were still able to isolate incidents pertaining to this group which we have been tracking under the name Partnerstrokam …. and noticed that the fake alert pages contained what seemed to be a new browlock technique designed specifically for Google Chrome.”

Summary/commentary from Zeljka Zorz for Help Net: Tech support scammers leverage “evil cursor” technique to “lock” Chrome


John E. Dunn for Sophos: Microsoft purges 3,000 tech support scams hiding on TechNet – “Microsoft has taken down thousands of ads for tech support scams that had infested the company’s TechNet support domain in a sly attempt to boost their search ranking….Microsoft’s site was home to around 3,000 of these ads, mostly associated with the gallery.technet.microsoft.com downloads section.

The ads covered a wide range of fraudulent support issues, from virtual currency sites to Google Wallet and Instagram. Johnston told ZDNet…”

David Harley

Advertisements
Posted by: David Harley | August 28, 2018

Green Card scams & Tech Support scams

William Tsing for Malwarebytes: Green card scams: preying on the desperate – Green card scams are far from new. Though in fact this site does actually indicate in the small print that its usefulness to someone wanting to improve their chances of getting a green card via the diversity visa lottery is going to be very limited indeed. But Tsing makes the interesting point that the scam site looks more authentic than the real site because it provides more information, and compares it to “what we see with legitimate tech support and tech support scammers. An official entity does a poor job communicating with its constituency, and that creates a vacuum that scammers are all too eager to fill.” Seems an entirely valid point.

I talked about the issue of inadequate tech support in an article for ESET – Tech support scams and the call of the void – The importance of providing the best possible after-sales service to customers. That article was sparked off by a useful article on the Security Boulevard site by Christopher Burgess on When Scammers Fill the Tech Support Void.

David Harley

Posted by: David Harley | July 27, 2018

Not looking phishy, and not hitting the panic button

An excellent article has just been published by my ESET colleague Lysa Myers. Companies actually compound the phishing problem when they send poorly thought-out messages that are indistinguishable from phishing messages, both to their own staff and to customers (some banks are particularly culpable here). As a result, recipients of such messages are conditioned into accepting without suspicion messages that don’t conform to good practice, and are more susceptible to being taken in by phishing messages. Hook, line, and sinker: How to avoid looking ‘phish-y’  In addition, Lysa points out an issue I hadn’t really considered: “An increasingly common scenario is phishy-looking emails sent by Software as a Service (SaaS) apps like those for fax or shipping services, human resource or accounting portals, collaboration tools, newsletters or even party planners.”

Another colleague (and long-time friend), Bruce P. Burrell, expands on the story I referred to briefly here – Sextortion and leaked passwords – with this article: I saw what you did…or did I? – “It might seem legit but there are several reasons why you should not always hit the panic button when someone claims to have your email password.” Not just a rehash of the news story, but the precursor to what I expect to be a very useful second article with advice from a seasoned security researcher.

It’s worth remembering that phishers and scammers love panicking you into acting incautiously.

David Harley

Posted by: David Harley | July 22, 2018

Microsoft Office 365 as phishing target

HelpNet Security: Microsoft tops list of brands impersonated by phishers. Summarizes an article by Vade Secure’s Phishers’ Favorites Top 25 List. Trailing quite a long way behind are PayPal, Facebook, Netflix etc. Vade reckon that Microsoft is such a favourite because it can be so profitable to get into a Microsoft Office 365 account.

David Harley

Posted by: David Harley | July 15, 2018

Sextortion and leaked passwords

Here’s an interesting article by Brian Krebs: Sextortion Scam Uses Recipient’s Hacked Passwords

The scammer claims to have made a video of the intended victim watching porn, and threatens to send it to their friends unless payment is made. Not particularly novel: the twist with this one is that it “references a real password previously tied to the recipient’s email address.” Krebs suggests that the scammer is using a script to extract passwords and usernames from a known data breach from at least ten years ago.

The giveaway is that very few people are likely to be using the same password now – and it’s unlikely that there are that many people receiving the email who might think that such a video could have been made. Still, it seems that some people have actually paid up, and it’s possible that a more convincing attack might be made sending a more recent password to a given email address, and perhaps using a different type of leverage.

Commentary from Sophos here.

(Further commentary here: Sextortion & leaked passwords revisited

David Harley

Posted by: David Harley | June 16, 2018

Phishing and BEC

A couple of links to interesting scam stories: one on a current phishing scam, one on a major operation successfully disrupting BEC (Business Email Compromise) scams across the world.

David Harley

Posted by: David Harley | June 8, 2018

ESET: more on World Cup scams

Tomáš Foltýn for ESET: You have NOT won! A look at fake FIFA World Cup-themed lotteries and giveaways

“With the 2018 FIFA World Cup in Russia just days away, fraudsters are increasingly using all things soccer as bait to reel in unsuspecting fans so that they get more than they bargained for”

David Harley

Posted by: David Harley | June 1, 2018

ESET on World Cup scams, and Snopes on a Starbucks hoax

Tomáš Foltýn for ESET: World Cup scams: how to avoid an own goal – “Whether travelling to enjoy the matches in person, or watching from home, fans should be on the lookout for foul play” (I always enjoy Tomáš’s wordplay.)

Snopes: Is Starbucks Installing ‘Shatter-Proof Windows’? – “An image circulating online falsely promised “free coffee for a year” to anyone who could damage the company’s new windows.” Put away that bazooka…

David Harley

Posted by: David Harley | May 28, 2018

The £9000 call to the TSB hotline

ESET: Scammers raid man’s bank account while he waits on hold to fraud hotline – “Criminals have set their sights on customers of a bank that has been struggling with a switchover to a new computer platform”.

Based on this report from the BBC: TSB left man on hold as his wedding savings were stolen – “A TSB customer has described how he watched thousands of pounds in wedding savings being stolen from his internet account as he waited on hold for the bank’s fraud department.”

David Harley

Posted by: David Harley | May 20, 2018

HoweyCoins: fake offer, real education

US Securities and Exchange Commission: The SEC Has an Opportunity You Won’t Want to Miss: Act Now! – “The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators.” Commentary from Sophos: Don’t invest! The ICO scam that doesn’t want your money

And, returning to a more common scam topic on this site…

Malwarebytes: Fake Malwarebytes helpline scammer caught in the act – Given how much work Malwarebytes have done on these scams, not good targeting on the scammer’s part.

David Harley

Older Posts »

Categories