phishing - Pwim.Net

Microsoft Takes Down COVID-19 Cyber Criminals to Eliminate "Business Email Compromise" Attacks

Scammers have been taking advantage of the confusion caused by COVID-19 pandemic and the subsequent worldwide economic crisis in order to retrieve sensitive information and phish personal data from Microsoft users.

It was reported by Corporate Vice President of Microsoft, Tom Burt, that Microsoft users from at least 62 countries around the world have been defrauded by cyber criminals phishing for sensitive data. The online hackers operated by sending COVID-19 labeled files to a victim’s email account, which were purposely marketed in a way that incited users to click on the malware. Following that, malicious web applications were then able to access the victims’ Microsoft Office 365 account.

This is known as a form of Business Email Compromise (BEC) attack. It has become increasingly sophisticated and complex to prevent, as new software is constantly developing, and scammers have upgraded to more creative phishing schemes.

Luckily, following a court order issued by the US District Court for the Eastern District of Virginia, Microsoft has finally been able to seize control of the key domains in the cyber criminals’ infrastructure, in an effort of putting an end to cyberattacks targeting their multinational tech company.

FBI Internet Crime Reports

With cybercrime on the rise, the FBI’s 2019 Internet Crime Report indicated that BEC attacks figured among the most costly complaints, resulting in over $1.7 billion of financial damages. FBI also reported that from 2016-2019, businesses lost approximately $26 billion dollars due to fraudulent emails.

According to Safepost, the use of decentralized technology in emails have yet to be fully utilized and a blockchain-based solution would solve the majority of problems that traditional email providers faced. A decentralized email solution would entail that messages would be stored in shared ledgers. In other words, no single authority would be able to dictate how your data was used.

Monero Used in Cybercrime

With phishing attacks being increasingly common in the crypto world, virtual currencies, such as Zcash and Monero (XMR), are more and more favoured by scammers because of their privacy features. XMR stands at the top of the list for the most private cryptocurrencies on the market. Because it operates on blockchain technology and its network is obfuscated, Monero is a popular choice employed by cybercriminals in carrying out illicit cyber scams.

Cardano Addresses Fake ADA Giveaway Claims on YouTube

Cardano CEO Charles Hoskinson has once again come forward to address the issue of cryptocurrency scams targeting his ADA empire and has been quick to refute any associations phishers made with the Cardano Foundation.

Phishing for Money

Recently, there have been cases where ads run by scammers on YouTube promoted fake ADA giveaways. A way cyber fraudsters operated was to reproduce the speeches of important crypto figures such as Vitalik Buterin, Charles Hoskinson, and Changpeng Zhao (respectively the co-creator of Ethereum, the CEO founder of Cardano, and the CEO of Binance Exchange). In the video, there was also an airdrop or a cashback link that was promoted. Scammers often would then link their own wallet address in order to collect the funds.

On July 12, Hoskinson tweeted that it has come to his attention that a scam floating around YouTube was using his conference keynote to promote a giveaway. He emphasized that it was indeed a scam, and to whoever came across it to report the fraudulent link to YouTube. Speaking on behalf of Cardano Foundation, he also added that his firm will take legal action if needed be, against the cyber phishers. The upload has since been removed by YouTube regulators.

How to Not Fall Prey to Money Launderers

In an official blog post by Cardano Foundation, the blockchain company addressed the issue of online scamming and fraudulent individuals who associated themselves with Cardano. This dilemma seems to be on the rise recently. The crypto company explained to their audience how to track fraudulent claims, and added that they would never ask someone to send one own’s funds to them. They also advised ADA investors to be careful:

“We strongly urge you not to send your ADA to any third-party entities which claim to have partnerships with Cardano or officials from the entities within the Cardano ecosystem.”

Cardano Foundation on the Rise

It appears as though Cardano has been hit with a lot of scams since their recent success with their altcoin ADA. The cryptocurrency skyrocketed this July, surprising crypto market experts. It is the highest price level the ADA has seen since its fluctuation in 2019. Currently, ADA is experiencing a 200% year-to-date gain, making it the biggest news on crypto markets. Cardano’s ADA cryptocurrency has been one of the top-performing tokens this year and has become the sixth-largest crypto according to CoinMarketCap.

Ransomware Attacks Target English Football League, Data Withheld for $3.8 Million Bitcoin

The UK National Cyber Security Centre (NCSC) has issued a warning saying that football teams are at increased risk of phishing campaigns and ransomware attacks. On July 23, the agency published a 28-page report titled (The Cyber Threat to Sports Organizations) stating that ransomware is a significant threat for sports organizations.

The National Cyber Security Centre is a UK government institution that offers support and advice for the private and public sectors on how to avoid computer security threats. The institution is based in London and started its operations in 2016.

Football Teams Have Become Perfect Targets

According to the NCSC’s report, the English Football League (EFL) club has recently become a victim of cyber-attack. The hackers encrypted all security and corporate systems of the club and demanded a ransom of 400 Bitcoins value of $3.8 million in order to release the decryption key.

Since the owners of the club refused to pay the stated amount, the hackers took revenge to further encrypt the club’s end-user devices.

It is not clear what kind of attack vector used. However, the NCSC said that the initial infection was a result of either a phishing email or accessing the club’s CCTV system remotely and installing ransomware on the system.

Since all systems at the stadium were connected to one network, the infection of the attack spread quickly. It is estimated that the club lost several hundred thousand British pounds. Many servers were also affected, thus leaving the club unable to use their corporate email.

The stadium’s turnstiles and CCTV were non-operational, an incident that nearly resulted in a cancellation and postponement of fixtures.

Paul Chichester, NCSC director of operations, stated that football clubs might not view cybercrimes as a significant threat. But it remains a serious issue for the UK’s broader cybersecurity goals.

As per the report, football clubs are on a target and, therefore, they have to take this issue seriously. The report further mentioned that hackers recently attacked a prominent Premier League club. The hackers used fake emails to steal over one million pounds before someone at the club, detecting suspicious transactions, and taking action.

Hackers are casting a wider net in hopes of infecting as many individual machines as possible. According to NCSC’s warning, over 70% of UK sports organizations have experienced cybersecurity breaches in 2020. The watchdog, therefore, recommends that football clubs must allocate resources, money, and part of their time towards protecting their data to prevent such hacks.

Fears of More Hostage Situations

Sports organizations are some of the major institutions known as financially profitable and thus are becoming valuable targets for ransomware attacks. Attacks begin with an innocent email. When someone clicks the link the email, hackers quickly take over. It works like that. Computers at organizations are locked, and the only way for workers to get back their system is to pay the attackers thousands of dollars’ worth of Bitcoin.

There is no guarantee that hackers won’t do it again. Besides hospitals, local government offices, and schools, many attacks have targeted sports organizations this year. To make the matter worse, several organizations choose not to report such incidents as they want to avoid news coverage and resorting to sending payouts to attackers.

Twitter Says Bitcoin Hack Originated From Phone Phishing Attack

On Thursday, Twitter provided an update addressing the massive Bitcoin hack that overtook its platform earlier this month.

Did Hackers Funnel BTC Funds Via Phone?

The social networking company said that “the hackers behind the high-profile online break-in at Twitter Inc. talked their way onto the company’s network using the telephone.” Though they cared to disclose this new update, further details on how the digital heist was conducted were not provided.

The company had previously said that that the Bitcoin (BTC) scam artists were able to seize control of so many high-profile verified accounts on their network because of insider information that leaked out. Twitter had previously issued a report, that read:

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”

Twitter Gets An Earful From Law Enforcement

Because of this huge security breach, which consequently led to at least 130 Twitter accounts being compromised, Twitter has received backlash by the US Securities Exchange and Commission (SEC), and the incident is being investigated by the Federal Bureau of Investigation.

Senator of Missouri Josh Hawley also addressed the Twitter security breach, writing to Twitter CEO Jack Dorsey and demanding more information about the hack. He asked whether the company had had stricter access control measures implemented in the past, and if so, why these regulations had not been carried out.

Twitter spoke up on Thursday regarding the digital Bitcoin and said:

“We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”

Because of the Twitter hack, the verified accounts of high-profile figures ranging from tech moguls such as Elon Musk, Jeff Bezos and Bill Gates to political figures Barack Obama and Joe Biden, to name a few, were compromised. The hack was driven by Bitcoin artists looking to funnel digital funds to their digital wallet. Bitcoin hackers took to the social media profile of the seized verified accounts and generated repetitive tweets from celebrities, high-profile tech moguls and coin exchanges that promised platform users a doubling of their BTC profits if the latter sent $1000 in Bitcoin.

The cryptocurrency stunt was successful, as the Bitcoin scam generated more than $100,000 worth of BTC.

Twitter Stocks Drop

Since the massive hack attack, Twitter’s market value has taken a colossal hit. The shares of the social media company dropped by more than 4%, plummeting with a wipe-out of $1.3 billion in market value.

Since the incident, CEO of Twitter Jack Dorsey has come forward and apologized for the security breach, as concerns worldwide have escalated and his and his firm’s reputation has been at stake. On Thursday, his company took to its social Twitter account and said:

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”

Bitcoin Sex Scam Claims Another Victim and Generates $115,000 BTC

As Bitcoin is surging in popularity and value, fraudulent cybercrimes revolving around the cryptocurrency are also on the rise.

Recently, a Bitcoin sex scam that has been running since 2015 accumulated fraudulent funds of approximately $115,000 before being detected. In order to line their Bitcoin crypto wallets, Bitcoin cyber scammers operated by falsely declaring to victims through sextortion emails that they had exclusive footage of them performing sexual acts and touching their private parts.

The scammers backed their claims by including personal information and slipping a password often used by the victim in the email, making the latter believe their ruse. They also threatened to release the private footage of the victims fondling themselves if Bitcoin funds were not transferred to a designated wallet address.

The most recent victim to fall prey to the cyber sextortion act transferred 0.15 Bitcoin to the scammer, which translates to $1,744.

The scam was detected by Scam Alert, a bot run by Whale Alert made to detect suspicious cryptocurrency transfers. The sextortion scam had managed to fraud 203 victims before being tracked by Scam Alert.

Sadly, cyber scams revolving around Bitcoin (BTC) are on the surge. Though sextortion claims are often false, it has claimed many victims. According to data from Chainalysis, cyber scams revolving around Bitcoin are on the surge and not to be taken lightly, with roughly 900,000 BTC being held by criminals and dark web markets. Of that amount, 585,000 BTC are held by illegal darknet markets and 99,000 BTC are generated from cyber scams.

Just earlier last month, Spanish authorities arrested several criminals that were behind illicit crypto-driven child porn activities. Several users of the TOR network offered viewers access to child pornography in exchange for Bitcoin payments.

Within the Kiru criminal ring, one of the cybersex offenders was detained for abusing his stepdaughter sexually to generate pornographic content for an illegal child porn website.

Lazarus Group Hacks for Crypto via LinkedIn Blockchain Job Posting

A hacking operation that is allegedly backed by North Korea has been reported to be targeting blockchain and cryptocurrency employees through LinkedIn.

Malware Infiltrates LinkedIn

The group of cyber hackers, Lazarus, has been growing their online presence through their huge cyber-attack operations. Since 2017, Lazarus ransomware group has accumulated over $571 million in stolen cryptocurrencies.

According to a report by Finnish cybersecurity firm F-Secure, the latest cyber-attack from Lazarus was conducted through the professional employment-oriented digital platform LinkedIn. Lazarus hackers targeted a blockchain and crypto industry employee through a phishing message. The digital text was presented as a legitimate blockchain job offer and an MS Word document with the title “BlockVerify Group Job Description” was enclosed. Embedded in the MS Word document was a malicious macro code, which automatically launched when the file was open.

Hacking for Crypto

After further investigation, the cybersecurity threat intelligence team behind F-Secure revealed that the names, authors, and document details found in the “BlockVerify Group Job Description” document posted on LinkedIn shared the same publicly available code from VirusTotal, a huge malware and online URL scanning service. Data from VirusTotal confirmed F-Secure’s suspicions of foul play, as findings revealed that the malicious macro code was originally created in 2019. 37 antivirus systems have already reported it since then.

The goal of releasing the malware was to gain login credentials to gain entry into the victim’s network. Through that crucial step, Lazarus could then invade the network digitally and steal cryptocurrency funds.

Furthermore, F-Secure disclosed that the Lazarus Group also shared similar interests as that of the government of North Korea. According to F-Secure cybersecurity experts, the cyber operations set in place by the Democratic People’s Republic of Korea will also very likely target organizations and companies that are not necessarily working within the realm of the crypto industry.

North Korea Has an Army of Hackers

It has been uncovered recently in a tactical report revealed presented by the US army that the North Korean government had more than 6,000 hackers dispersed throughout the world working for them. Countries that had North-Korea based hackers include Belarus, China, India Malaysia, and Russia, to name a few.

The US has long been active in trying to put an end to North Korea’s widespread cryptocurrency-driven cybercrime campaigns and is still actively working on strategically obliterating the illicit online activities.

Bitcoin Twitter Hack Investigation Reveals Second Teen Mastermind

US authorities revealed that there may have been another person that played a prominent role in the massive Bitcoin hack that overtook Twitter on July 15, and froze the accounts of many celebrities and tech moguls.

Twitter Bitcoin scam orchestrated by minors

New evidence came in light, as the alleged fourth culprit involved in the massive Bitcoin-driven Twitter hack caught the attention of law officials, due to the illicit activities he has kept up, notably voice phishing attacks. The fourth person is said to be a 16-year-old teenager residing in Massachusetts with his parents. Along with the “mastermind” behind the July 15 Twitter hack – who surprised many when official documents revealed he was merely 17-year-old – the Massachusetts native is alleged to have played an equal, if not an even more significant, part in the Bitcoin heist that overtook the verified accounts of tech moguls and big-name figures, such as Elon Musk, Barack Obama, Joe Biden, Kanye West, and more.

On Tuesday, federal law agents searched the teenager’s home and upon investigation, the federal agents decided not to try the youth. Even if he was to be arrested, the case would be handed over to Massachusetts authorities, who would have greater judicial power, as the hacker is a minor.

Twitter Bitcoin hack

The teenager is alleged to have played a crucial part in the Twitter scam of July 15, which resulted in a temporary freeze of the social media platform, as Twitter support attempted to fix the breach. The scammers issued the same message across all verified Twitter accounts, saying that “all Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send $2,000. Only doing this for 30 minutes.” The Bitcoin (BTC) heist generated more than $100,000 worth of BTC.

The 16-year-old teenager appeared to have been planning the Bitcoin hack along with his 17-year-old accomplice since May. He was alleged to have communicated via encrypted messaging platforms such as Signal and Wire, making it harder for investigators to track him. The Massachusetts native’s main role in the Twitter scam was to call its employees and pose as a contractor in order to extract login credentials and sensitive information that would enable his hacker team and him to access the inner admin panel of the company systems.

The youth has been reported to not only be involved in the Bitcoin hack that overtook Twitter but also in other cryptocurrency scams targeting various firms. From the age of 13, the boy has tampered in cybercrime, using pornographic names to buy websites with the goal of eventually reselling them. According to messages found on an online forum, the Massachusetts minor also attempted to sell a username in exchange for $3,000 in Bitcoin at a point in time. In another instance, he lost around $200,000 on a BTC gambling site.

The 16-year-old came in contact with the leader of the Twitter hack online in May. Together, they began extorting login credentials from employees and selling valuable Twitter usernames on the web, under the alias “Kirk.” The Bitcoin scammers operated by using SIM swaps to conduct their cyber-attacks, which consists of a hacking technique that is often used to steal cryptocurrency and seize social media accounts. Federal agents and investigators who were part of the search warrant on Tuesday disclosed that the 16-year-old came from a broken home. His father had declared bankruptcy on two separate occasions and his mother had allegedly been fired after falsifying her credentials.

As for the ringleader of the Bitcoin Twitter hack that compromised accounts of coin exchanges, tech celebrities, and politicians alike, the 17-year-old has pleaded not guilty but has not made bail to get out of jail. Bail is currently set at $725,000.

Russian Cybercriminals Sanctioned by DoJ for Crypto Laundering Scam Generating More than $16.8M

The US Department of Justice (DoJ) has sanctioned two Russian nationals for their cybercrimes, where millions in cryptocurrency were accumulated through scamming and phishing schemes.

Russian Nationals Charged for Crypto Theft

Danil Potekhin and Dimitrii Karasavidi have been flagged by the DoJ and have been sanctioned for their involvement in a sophisticated phishing campaign that generated cryptocurrency profits for them. On September 16, US lawmakers – US Department of Justice, US Department of Homeland Security, and the US Department of Treasury’s Office of Foreign Assets Control (OFAC) – said that Potekhin along with Karasavidi stole at least $16.8 million in cryptocurrency. The virtual funds originated from three separate digital currency exchanges, and the crypto laundering was said to have begun in 2017. Two of the three crypto exchanges that were hit were reported to be from the United States.

Addressing the multimillion cryptocurrency crime, Secretary of the US Department of Treasury, Steven Mnuchin, spoke up and said:

”The individuals who administered this scheme defrauded American citizens, business, and others by deceiving them and stealing virtual currency from their accounts.”

Using a technique called spoofing, which is basically the creation of web domains resembling that of legitimate crypto exchanges, Potekhin impersonated the digital asset entities. Through the cyber tactic, Potekhin managed to steal the private information of online users, acquiring their login credentials, and accessing crypto exchange customers’ real accounts. He then used the private data to transfer crypto assets in and out of various accounts. Following Potekhin’s identity theft job, Karasavidi then followed up and laundered the proceeds into a crypto account under his name.

The two Russian nationals also employed pump and dump schemes in order to acquire altcoin profits in exchanges where the virtual currencies recorded low market capitalization.

US Treasury On Cybercrime

In order to put this case to rest, the US Department of Treasury coordinated with the OFAC, the United States Secret Service, and the DoJ in order to prevent the cybercriminals from continuing their fraudulent scam. On behalf of his department, US Secretary of the Treasury Mnuchin said:

“The Treasury Department will continue to use their authorities to target cybercriminals and remains committed to the safe and secure use of emerging technologies in the financial sector.”

Cybercrime On The Rise

The two Russian nationals were detected and flagged by US law enforcers, as they were reported to have “left a trail of evidence” despite using complicated and sophisticated schemes to go around digital exchanges’ internal admin controls. The official report released by the US government read:

“Today’s action demonstrates the important role that a robust anti-money laundering and countering the financing of terrorism (AML/CFT) regime plays in deterring cybercrimes.”

Recently, the DoJ made a move on a Californian man for his involvement in an illicit cryptocurrency mining scheme that generated at least $722 million. The man was said to have played an active role in perpetuating BitClub Network, a crypto Ponzi scheme.

Ledger Hacker Dumps Hardware Wallet Users’ Personal Info on Public Server

Ledger, the leading cold wallet providing company, appears to be reaping the consequences of an earlier hack that saw its e-commerce database compromised.

Earlier in June, Ledger’s e-commerce and marketing database was hacked, and as a result, millions of clients’ confidential information secured on the company’s servers were compromised. Confidential information, such as phone numbers, email addresses, and physical addresses were stolen, and it appears that the hacker has now exposed it all on an online data-sharing platform dubbed Raidforum.

The dump that recently occurred has served to anger many Ledger customers, who threaten to pursue the company in a legal class-action lawsuit. Although no cryptocurrencies were reported to be stolen in the process, as the storage was offline, the exposure of such a large-scale database could still pose severe risks to Ledger customers, according to cybersecurity expert Alon Gal. He said that this could potentially trigger cyber and physical harassments and explained:

“This leak holds major risk to the people affected by it! Individuals who purchased a Ledger tend to have a high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments in a larger scale than experienced before.”

Ledger has since apologized for the breach and advised customers against phishing attacks that may potentially occur in the near future. Its team said it was investigating the incident to confirm whether the leaked client information was from the earlier hack in June, but clues seem to point towards the indication that it was.

With the confidential information in its possession, the hacker (or hackers) may potentially impersonate Ledger executives through emails in an attempt to extract cryptocurrency funds. Ledger advised:

“STAY VIGILANT OF ONGOING PHISHING SCAMS! Never share the 24 words of your recovery phrase with anyone, even if they are pretending to be a representative of Ledger. Ledger will never ask you for them. Ledger will never contact you via text messages or phone call.”

OpenSea Freezes Stolen Bored Apes, Sees Backlash for Lack of Decentralization

Following an apparent phishing attack, OpenSea has frozen 16 Bored Ape and Mutant Ape nonfungible tokens (NFT) owned by New York-based art curator and NFT collector Todd Kramer a.k.a. Toddkramer.eth.

Kramer reported on Twitter that his collection of Bored Ape Yacht Club NFTs worth $1.9 million was “hacked” and stolen.

According to several reports, one Clonex, seven Mutant Ape Yacht Club, and eight Bored Ape Yacht Club NFTs currently valued at about 615 ETH ($2.28 million) were stolen and are now not able to be traded on OpenSea.

Kramer announced on Twitter that he had clicked on a link that appeared to be an NFT decentralized application, but it turned out to be a phishing attack and 16 of his NFTs were stolen after the hackers gained access to his hot wallet. “I been hacked, all my apes gone,” he Tweeted.

A hot wallet is a type of cryptocurrency software wallet that is connected to the internet — most commonly MetaMask — whenever the device it is installed on is connected.

NFTs are cryptographically unique digital tokens that prove ownership of physical or digital content such as art, GIFs or music file. Bored Ape Yacht Club is one of the most popular PFP (profile picture) collections, a series of cartoon ape images with randomly-generated attributes.

Some people have argued that appealing to a third party to freeze NFTs went against the core idea of decentralization, one of the cherished aspects of the crypto industry.

Among many others voicing out their criticism towards the lack of decentralization, famed software engineer Grady Booch chimed saying, “silly me. And here I thought that the code is the law and that one of the very ideas of cryptocurrencies was the elimination of any possibility of centralized intervention.”

Predeccosers of Kramer’s in the phishing scam came on Dec 26, when NFT collector bergpay.eth said he suffered a similar fate when 5 Jungle Freaks and 2 Sandbox NFTs were stolen from his Ethereum wallet and his ENS domain was transferred to a new address.

According to a report by Decrypt, in the wider crypto space, phishing is a growing problem, with cybersecurity company PhishLabs reporting a tenfold increase in such attacks on crypto exchanges in the first half of 2021 compared to a year earlier.

With the rise of popularity and monetary value in NFTs, hackers have begun to sense this opportunity to make big money.

Among top phishing attacks this year, tens of thousands of dollars worth of NFTs were reported stolen from the Nifty Gateway marketplace by cyber thieves in March, while in August, pseudonymous developer Stazie lost 16 CryptoPunks NFTs to a phishing attack involving a malicious pop-up.