Forwarded from BlackBox (Security) Archiv
β οΈ Scam Alert: You've Been Selected for 'Like of the Year 2020' Cash Prizes
Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information.
According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious "Like of the Year 2020" contest.
The development is a reminder that rewards-based social engineering campaigns continue to be an effective means to scam users, not to mention the leveraging the collected data to their financial advantage.
Under the "Like of the Year" scheme, users were invited to win a large cash prize, telling them they've been randomly selected after liking a post on social media platforms such as VKontakte.
The invites were sent via an email blast by hacking the mail servers of a fiscal data operator, which refers to a legal entity created to aggregate, store and process fiscal data to serve the Federal Tax Service of Russia.
ππΌ Read more:
https://thehackernews.com/2020/02/like-of-the-year-scam.html
https://www.group-ib.ru/media/like-2020/
#scam #phishing #alert #DeleteFacebook
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Cybersecurity researchers have discovered a large-scale ongoing fraud scheme that lures unsuspecting Russian Internet users with promises of financial rewards to steal their payment card information.
According to researchers at Group-IB, the multi-stage phishing attack exploited the credibility of Russian Internet portal Rambler to trick users into participating in a fictitious "Like of the Year 2020" contest.
The development is a reminder that rewards-based social engineering campaigns continue to be an effective means to scam users, not to mention the leveraging the collected data to their financial advantage.
Under the "Like of the Year" scheme, users were invited to win a large cash prize, telling them they've been randomly selected after liking a post on social media platforms such as VKontakte.
The invites were sent via an email blast by hacking the mail servers of a fiscal data operator, which refers to a legal entity created to aggregate, store and process fiscal data to serve the Federal Tax Service of Russia.
ππΌ Read more:
https://thehackernews.com/2020/02/like-of-the-year-scam.html
https://www.group-ib.ru/media/like-2020/
#scam #phishing #alert #DeleteFacebook
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Fake news on Covid-19 government initatives boost phishing in Brazil
About one in eight Internet users have accessed a website with malicious content during the first months of the pandemic, research suggests.
The spread of fake news relating to government initiatives around Covid-19 placed Brazil on a list of countries most affected by phishing attacks, according to new research on spam and phishing published by security firm Kaspersky.
According to the report, about one in eight Internet users in Brazil (12.9%) accessed, between April and June 2020, at least one link that led to websites with malicious content. This is well above the global average, of 8,26% within the same period of time.
https://www.zdnet.com/article/fake-news-on-covid-19-government-initatives-boost-phishing-in-brazil/
#Brazil #fake #news #phishing
About one in eight Internet users have accessed a website with malicious content during the first months of the pandemic, research suggests.
The spread of fake news relating to government initiatives around Covid-19 placed Brazil on a list of countries most affected by phishing attacks, according to new research on spam and phishing published by security firm Kaspersky.
According to the report, about one in eight Internet users in Brazil (12.9%) accessed, between April and June 2020, at least one link that led to websites with malicious content. This is well above the global average, of 8,26% within the same period of time.
https://www.zdnet.com/article/fake-news-on-covid-19-government-initatives-boost-phishing-in-brazil/
#Brazil #fake #news #phishing
Forwarded from BlackBox (Security) Archiv
US charges two Russians for stealing $16.8m via cryptocurrency phishing sites
The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini.
The US Department of Justice has filed charges today against two Russian nationals for orchestrating a multi-year phishing operation against the users of three cryptocurrency exchanges.
The two suspects stand accused of creating website clones for the Poloniex, Binance, and Gemini cryptocurrency exchanges, luring users on these fake sites, and collecting their account credentials. These phishing operations began around June 2017.
US officials said the Russian duo β made up of Danil Potekhin (aka cronuswar) and Dmitrii Karasavidi; residents of Voronezh and Moscow, respectively β used the stolen credentials to access victim accounts and steal their Bitcoin (BTC) and Ether (ETH) crypto-assets.
In total, US officials estimated the victims in the hundreds. Court documents cite 313 defrauded Poloniex users, 142 Binance victims, and 42 users at Gemini.
Losses were estimated at $16,876,000.
π ππΌ (pdf)
https://assets.documentcloud.org/documents/7211805/Potekhin-Superseding-Indictment.pdf
π ππΌ https://www.zdnet.com/article/us-charges-two-russians-for-stealing-16-8m-via-cryptocurrency-phishing-sites
#Potekhin #cryptocurrency #phishing #russia #usa
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini.
The US Department of Justice has filed charges today against two Russian nationals for orchestrating a multi-year phishing operation against the users of three cryptocurrency exchanges.
The two suspects stand accused of creating website clones for the Poloniex, Binance, and Gemini cryptocurrency exchanges, luring users on these fake sites, and collecting their account credentials. These phishing operations began around June 2017.
US officials said the Russian duo β made up of Danil Potekhin (aka cronuswar) and Dmitrii Karasavidi; residents of Voronezh and Moscow, respectively β used the stolen credentials to access victim accounts and steal their Bitcoin (BTC) and Ether (ETH) crypto-assets.
In total, US officials estimated the victims in the hundreds. Court documents cite 313 defrauded Poloniex users, 142 Binance victims, and 42 users at Gemini.
Losses were estimated at $16,876,000.
π ππΌ (pdf)
https://assets.documentcloud.org/documents/7211805/Potekhin-Superseding-Indictment.pdf
π ππΌ https://www.zdnet.com/article/us-charges-two-russians-for-stealing-16-8m-via-cryptocurrency-phishing-sites
#Potekhin #cryptocurrency #phishing #russia #usa
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
The company email promised bonuses. It was a hoax β and Tribune Publishing employees are furious.
The company apologized for the email intended to test its cyberdefenses
Employees of the Tribune Publishing Company were momentarily thrilled Wednesday after they received a company email announcing that they were each getting a bonus of up to $10,000, to βthank you for your ongoing commitment to excellence.β
To see how big their bonus would be, they just had to click on a link that β¦ well, thatβs when they learned they had failed the test. And there was no bonus at all.
The entire charade was Tribuneβs effort to test its collective defenses against Internet scams that tempt email recipients to click on a link that has the effect of interfering with computer systems or getting them to volunteer personal data. To bolster caution, many companies have taken to sending out these kinds of tests to their employees and taking note of how many fall for a scam.
https://www.washingtonpost.com/media/2020/09/23/tribune-bonus-email-phishing-hoax/
#US #Chicago #email #phishing
The company apologized for the email intended to test its cyberdefenses
Employees of the Tribune Publishing Company were momentarily thrilled Wednesday after they received a company email announcing that they were each getting a bonus of up to $10,000, to βthank you for your ongoing commitment to excellence.β
To see how big their bonus would be, they just had to click on a link that β¦ well, thatβs when they learned they had failed the test. And there was no bonus at all.
The entire charade was Tribuneβs effort to test its collective defenses against Internet scams that tempt email recipients to click on a link that has the effect of interfering with computer systems or getting them to volunteer personal data. To bolster caution, many companies have taken to sending out these kinds of tests to their employees and taking note of how many fall for a scam.
https://www.washingtonpost.com/media/2020/09/23/tribune-bonus-email-phishing-hoax/
#US #Chicago #email #phishing