Telephone fraud
Bank card fraud
2024
Hackers steal data from Russian companies under the pretext of conducting "information security lessons"
Experts from the Center for External Digital Threats of Solar AURA the GC "" Solar revealed fake electronic mailing on the Russian behalf of departments with a warning about conducting "lessons" INFORMATION SECURITY for employees of Russian companies. However, instead of real information security specialists, attackers contact employees and convince them to transfer confidential data information about the company. About this "Solar" reported on July 17, 2024.
Fake letters on behalf of departments are received by the heads of Russian companies. The attachment contains an electronic document on the form of a non-existent department, which allegedly notifies of plans to conduct consulting conversations with company employees on information security and personal data protection.
According to the "document," the content of the conversations is confidential and not subject to disclosure, and the head of the organization that received the letter should warn subordinates about the upcoming call.
After that, the "trained" employees of the company receive calls, but not from information security specialists, but from intruders. They persuade employees to transfer confidential information, including to enter the company's information infrastructure. Obviously, two scenarios are possible further: the data obtained is sold on the black market or directly used to carry out an attack.
Earlier, we reported on a scheme when allegedly the general director writes to employees in a Telegram account and warns about an upcoming call from the FSB, but in this case the head of the company himself becomes a "weak link." If he believes the information outlined in the letter and personally warns employees about a future conversation, then the chances of success for attackers will increase significantly. It is safe to say that we are witnessing a new round in the development of social engineering, which is becoming more sophisticated every time and causes less suspicion among the victims, "explained Igor Sergienko, director of the Solar AURA Solar Group Center for Monitoring External Digital Threats. |
To protect against social engineering, Solar AURA experts recommend following the following rules:
1. Do not dictate one-time codes or passwords over the phone or forward them to anyone.
2. Do not provide personal information on suspicious and unofficial websites, as well as in conversations with strangers.
3. If you receive a letter from the organization on behalf of state authorities without an electronic signature, you should contact the workflow department of this body to clarify the reliability of the information.
4. Use anti-virus ON for additional protection against malware phishing and attacks.
How cybercriminals use combined attacks on users of dating and financial services
According to Interpol, the popularity of the so-called pig butchering schemes, or "pig cutting," has sharply increased. These are combined attacks in which cybercriminals enjoy the trust of victims under romantic or financial pretexts and gradually empty the wallets of individuals or lead to financial crimes. This was reported on March 22, 2024 by Angara Security.
As Lada Antipova, Angara SOC incident response expert, noted, this scheme appeared recently and to some extent became a continuation of BEC attacks (business email compromise). The term "slaughtering pigs" comes from the Chinese expression, which literally means "roast."
The bottom line is that fraudsters are trying to "fatten the pig": they will prepare the victim as much as possible, gain trust in order to extract the maximum amount of money later. The "slaughter" is that once the scammers get to the point where they feel they can't achieve more and the limit is reached, they'll take "that pig to slaughter" and go off the radar.
Now we often hear in the news about ransomware and affected organizations from them, and it seems that this is somewhere there and does not concern you in any way. In the same case, an attacker literally at one moment may be on the other side of the screen from you, - said Lada Antipova. |
Pig butchering schemes are not related to the delivery and installation of malicious software, making them even more difficult to detect. Moreover, attackers, building romantic or friendly relationships, usually spend a lot of time on this, can even send allegedly personal photos, including of an intimate nature, in order to exclude any suspicions from the victim. Sometimes attackers can use artificial intelligence technologies not only for correspondence, but also for generating video clips in order to remove suspicions when communicating in instant messengers and on video conferencing platforms .
In a previously published study, Angara Security experts noted that since 2024, cases of fraudulent schemes have been recorded in Russia, in which social engineering and deepfake techniques are used in combination. Also, since 2023, the activity of unknown persons has grown, which form the databases of audio and video data for training neural networks, which are used to improve the tactics of phishing attacks on individuals and businesses.
Fraudsters in Russia began to create fake accounts of CEOs of companies to steal customer funds
Fraudsters in Russia began to create fake accounts of CEOs of companies to steal customer funds. About the emergence of a new type of cyber sphere in relation to corporate users in "Sberbank" told on January 23, 2024.
The bank warned that the criminals are creating a fake account of the allegedly head of the company in instant messengers. For greater reliability, they can upload photos from available sources to a fake profile: take it from the company's website, for example, or use the avatar of this account.
From a fake account, attackers begin correspondence with the company's accountant and instruct to transfer funds from the organization's account to the details indicated in the message. After that, the company's money goes to the accounts of drops - people who cash out and transfer funds stolen by fraudsters.
According to the deputy chairman of the board of Sberbank Stanislav Kuznetsov, cyber fraudsters are less likely to deceive legal entities than individuals, but the stolen amounts in these cases are much larger. Now there is a new way of fraud through the creation of a fake account of a company leader in instant messengers. Kuznetsov assured that Sber is successfully identifying such schemes, and the bank's fraud monitoring is supplemented by knowledge of this type of fraud.
I want to once again ask our corporate clients to be more vigilant, attentive and ask themselves questions when receiving such messages: why suddenly the manager has a new phone and an account in the messenger, why the data is hidden in it, why the director turned to you strangely. Any changes should be alerted, especially if they concern financially responsible employees of the company. In order not to be a victim of criminals, it is better to personally contact the head and clarify all questions with him by phone or during an in-person meeting, - added the deputy chairman of the board of Sberbank[1] |
2023
Fraudsters have found a way to bypass two-factor authentication on Public services
Despite the fact that from October 2023, mandatory two-factor authentication was introduced on the Public services, fraudsters still found loopholes. In particular, they begin to actively distribute messages - both through SMS and through e-mail - that the user's account on Public services allegedly turns out to be hacked or blocked. The reason is suspicious activity. At the same time, the attackers indicate the phone number from which the call from the "support service" should subsequently come to restore access to their account. In some cases, victims are encouraged to contact support on their own. This was announced on November 6, 2023 by the press service of the deputy of the State Duma of the Russian Federation Anton Nemkin.
If fraudsters manage to contact the user, then they are asked to send a code from an SMS message, which is necessary for "user identification." But in fact, such a code turns out to be a two-factor authentication code. Having obtained it, the State Public services account are in the hands of the attacker, with the help of which, among other things, you can issue loans.
An attacker can gain access to the Public services account only if the user himself transfers all the information necessary for logging in: login and password, information about the second security factor of the account, or if his data is compromised. Portal employees never call or send SMS without a citizen's request, the press service of the Ministry of Digital Development said. |
After the introduction of two-factor authentication, it became much more difficult to gain access to Public services, said Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technology and Communications.
If earlier attackers actively used phishing mailings or integrated password matching methods, then they have to be flexible and go to tricks. Which once again confirms the trend of the spread of social engineering methods in fraudulent practices, the deputy believes. |
Fraudsters fake telegram accounts of CEOs of the largest Russian companies
BI.ZONE has identified massive attacks on representatives of large Russian businesses and government organizations based on social engineering methods. Attackers contact employees of companies using fake Telegram accounts. Accounts contain F.I.O. and photos of top managers. BI.Zone announced this on September 18, 2023.
The interlocutor is represented by the general director of the organization in which the potential victim works. In this case, the attacker turns to the employee, using his name and patronymic to arouse trust.
During the conversation, the fraudster warns of an imminent call from the Ministry of Industry and Trade of Russia. He asks not to inform anyone about the conversation, and after it - to report on how everything went.
After that, the victim receives a call from an unknown number, during which she can be asked for various confidential information and forced to make financial transactions in favor of fraudsters. Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, BI.ZONE:
Attackers continue to improve social engineering methods. In this scheme, fraudsters use the trust of employees in the top manager of the company and the fear of facing the consequences of refusing to fulfill the requirements. Employees of government organizations and the consumer business segment have already been attacked. However, attacks can affect representatives of other industries, since the scheme is universal. |
In order not to become a victim of fraud, you should remember the rules of digital hygiene. Do not trust calls and messages from unfamiliar numbers, even if the interlocutor appears to be the name of a familiar person. In such situations, it is important to take special care: not to disclose information and not to perform the actions that are asked. In a number of cases, attackers conduct preliminary reconnaissance and use information about the victim to build her confidence.
Fraudsters create fake accounts of employees of the Ministry of Industry and Trade to deceive companies
Fraudsters create fake accounts of employees of the Ministry of Industry and Trade to deceive companies. The press service of the department warned about this on July 3, 2023. Read more here.
Internet scammers launched a scheme to re-deceive citizens
Sites appear en masse on the Web offering citizens to quickly and fully return the stolen money. In May 2023, the Solar AURA External Digital Threat Monitoring Center of RTK-Solar recorded more than 200 such resources. The scheme is designed to re-deceive people who have previously suffered from fake cryptocurrency brokers or other Internet scammers. RTK-Solar announced this on June 1, 2023.
In reality, it is extremely difficult to return the stolen money, even if fraudsters are found and brought to justice. Fake sites offer a refund of the full amount within a couple of weeks with a probability of more than 80%, - say RTK-Solar specialists. For greater plausibility, attackers pass off their online resources as pages of the media or international financial and legal companies, as well as use images of popular media people.
The current wave of fraud is closely linked to fake investment and cryptocurrency platforms, whose sites appear in the amount of 5 to 50 per day. Often, the website of the money return company shares one platform with a fake exchange, on which a person has already been deceived.
There are restrictions for potential victims: the stolen amount must be at least $500-1000, while the money must be stolen from a bank account or card no more than 3-5 years ago. The scheme of work is similar to the scenarios of false brokers: the victim leaves his data on the site, after which a "personal manager" comes into play, who, using social engineering, fishes out additional information and forces the person to perform the necessary actions (from providing a bank card to issuing a loan).
A person who has previously become a victim of scammers is an easier target. Faced with official procedures, he is looking for an opportunity to get his money back faster and easier and will readily provide bank card data, "said Alexander Vurasko, an expert at the Solar AURA Center for Monitoring External Digital Threats at RTK-Solar. - The only and most correct way of protection in this case is to show prudence and, first of all, contact law enforcement agencies. It is important to understand that if the attackers are not found or they will be outside the Russian legal field, no organization will be able to help return the stolen goods. |
Fraudsters intimidate victims with an attempt to transfer funds to extremist organizations
Post Bank has revealed another scheme of financial fraud using "transfer of funds to terrorist and extremist organizations." Under the guise of law enforcement officers, fraudsters call citizens and report that an attempt has been made to write off money from a bank account to terrorist or extremist organizations banned in the Russian Federation. Victims are threatened with criminal liability and offered to "save" funds by transferring them to the so-called "safe" account. In fact, the money goes to the attackers. The bank announced this on May 12, 2023.
Attackers expect to scare victims, because financing extremist and terrorist activities in the Russian Federation is criminally punishable. In accordance with Article 282.3 of the Criminal Code of the Russian Federation, the provision or collection of funds for the work of such organizations is punishable by a fine or imprisonment. Fraudsters expect that under pain of being accused of illegal actions, victims will unquestioningly do everything that they will be told.
The Post Bank added that such a scheme poses a danger to citizens of different ages, but the most vulnerable are elderly people who are less likely to use bank remote services and are more susceptible to manipulation and deception by fraudsters
To protect against such fraud, Post Bank experts advise first of all to make sure that no one has received unauthorized access to their personal bank account, check the transaction history in the application and call the bank to clarify this information. As a rule, in fact, there is no translation, and fraudsters are only trying to scare the victim. When receiving suspicious calls from police or bank officers, you do not need to continue the conversation and try to remain calm and in no case transfer money from the account - real bank or police officers will never ask for this. The Bank recommends that citizens in any such situations remain vigilant and not provide personal and financial data to unauthorized persons, under whatever pretext or method (phone call, website, email) they try to find out.
2022
Fraudsters exploit the topic of mobilization
September 26, 2022, "Dr.Web" reported that attackers are actively using the topic of mobilization to deceive users on the Internet. The fraudulent scheme involves standard social engineering techniques.
Doctor Web Internet analysts have discovered fraudulent messages in which users are informed about the presence of their data in conscript lists and imminent receipt of a summons through State Public services. It is noteworthy that fraudsters turn to the recipient by name and patronymic, which indicates work on the databases available to fraudsters. The user is then invited to anonymously transfer the funds to the sender's bitcoin wallet in order to "play it safe" and avoid the call "to the second stage of primary mobilization." The sender of the letter warns that he will not get in touch, but will be able to help if the money goes to his crypto wallet.
The fraudulent scheme described above is a classic example of the use of social engineering and topical topics to deceive gullible users. In the near future, it is possible to predict the increasingly intensive use of mobilization topics as a fertile ground for the growth of Internet fraud. Attackers already offer services for selling medical certificates and deleting user data from "mobilization lists," using mainly sites, instant messengers and e-mail.
In addition, allegedly "merged" databases with data of citizens to be mobilized are actively distributed on the network. Attackers can use such techniques to spread malware. The same applies to sites offering the user to check their data on the allegedly closed bases of military commissariats. In this way, criminals collect personal data of users for use in subsequent phishing campaigns and fraudulent schemes.
Fraudsters actively use current events and socially significant topics for dishonest earnings. The current situation is no exception. It is recommended not to panic, use only trusted sources of information and not trust unfamiliar personalities and messages from unknown recipients.
Separately, it should be noted that according to Russian legislation, the distribution of subpoenas through state Public services is not provided. To reduce the risk of falling for the bait of scammers, you should remain calm and trust only confirmed information.
Scammers trick customers into setting up SMS forwarding to access their online bank
Another scenario of telephone fraud using social engineering methods was recorded. Under the guise of employees of mobile operators, fraudsters force the client to configure SMS forwarding in order to then gain access to the online bank. This was reported to TAdviser by VTB representatives on June 28, 2022.
According to the information collected by the bank, fraudsters call customers under the guise of a support service for cellular operators and allegedly report hacking a subscriber's personal account or phone. To "prevent" the spread of personal data, attackers are asked to dial a special USSD command on the phone, consisting of a combination of numbers and characters, which is entered when calling, and a phone number. Thus, the subscriber independently changes the settings of his SIM card and sets the forwarding of SMS and calls to the fraudster's number.
Then the subscriber can call again and inform about the elimination of the problem with hacking, and in reality, attackers receive codes from messages and can steal money from bank accounts by gaining access to the bank's personal account.
Installing a number identifier on a smartphone will help protect against such fraud, which will distinguish a real call from a fraudulent one or not answer calls from unfamiliar numbers. In addition, it is recommended to be vigilant and at the slightest doubt stop the conversation, which seems suspicious.
VTB believes that customers of Russian banks need additional protection, and calls for stricter regulatory restrictions and control of calls from virtual replacement numbers. To more effectively combat telephone fraudsters, according to the bank, it is necessary to ensure the identification of the final owner of the number, so that, if necessary, law enforcement agencies have the opportunity to present monetary claims to a specific individual or legal entity.
2021
Types of online scams related to the COVID-19 pandemic
On July 27, 2021, the company, Group-IB one of the developers of solutions for detecting and preventing, cyber attacks detecting fraud, investigating high-tech crimes and protecting intellectual property on the network, analyzed the main types of online fraud associated with the pandemic. COVID-19 As to data of early July 2021, anti-rating was led by the sale of fake certificates of, in vaccination second place - fake results and, in PCR-tests antibody tests third - were recently canceled for QR codes visiting restaurants and cafes.
The most common type of fraud has become offers to sell vaccination certificates - they are massively published on shadow forums, Telegram channels and social networks.
As a rule, attackers sell a certificate with the inclusion of the customer in the register of vaccinated against coronavirus, promising that vaccination information will be displayed on the state portal.
The cost of a certificate with entry into the register of vaccinated people varies from 3,000 to 30,000 rubles and is produced for about 3 weeks. Certificates are simpler - without entering into the register - cost from 1,000 to 4,900 rubles and it is made on average in one day. They promise to send the finished "certificate" to the buyer by courier or registered mail.
Sellers of "fake" certificates claim that they cooperate with private state medical and institutions that make all the necessary records and seals, as well as enter data into the system of "vaccination" so that later information is displayed on the state portal.
Also on the network you can find proposals for entering information on vaccination on the state portal without purchasing the certificate itself. Group-IB experts have discovered several telegram channels for the provision of such a service costing from 1,100 to 4,999 rubles.
Digital Risk Protection Group-IB experts warn Runet users that most of these ads are outright fraud. The risk is that, having paid for the service, the victim will not receive a certificate, but at the same time will transfer his personal data to the hands of swindlers (a series and passport number with full name and date of birth, SNILS or even a login and password from the state portal), which can be used in further fraudulent schemes, for example, to obtain a loan. In addition to the very amount of payment for help, the user can also lose all money from his bank account, leaving the card details to the attacker on the phishing site.
In second place in terms of the number of detected ads on the network are offers to sell ready-made PCR tests and antibody tests. As with the sale of vaccination certificates, most of the offers are distributed on shadow forums and Telegram channels, although similar ads can be found on regular sites and social networks.
Most of them sell ready-made PCR tests with a negative result, but there are also single offers to buy a test with a positive result, indicating that a person is allegedly diagnosed with a coronavirus infection. They offer to buy a certificate both on the form of a private and state medical institution. The cost of such a document is from 500 to 4,000 rubles. For an additional fee, the client is promised to make records of the test result database in medical institutions.
From June 28, 2021, to visit restaurants and cafes, Muscovites, according to the decree of the mayor of Moscow, it was necessary to have a special QR code, which is generated through the state portal. The initiative did not last a month and was canceled on July 19. However, during this time, the scammers managed to earn extra money from fans of catering establishments. DRP Group-IB specialists discovered dozens of telegram channels and several publications on the shadow forum with offers to purchase a fake QR code.
The cost of buying a fake QR code ranged from 999 to 3,000 rubles. Such a QR code is sent to a fake website of the state portal with data on the buyer and information about the alleged presence of a coronavirus vaccination certificate.
It is curious that fraudsters "go to a meeting" even for those who do not want to be vaccinated for some reason, and offer to purchase a medical device. Dozens of similar offers have been found on the network, most of which are distributed on Telegram and sites. The cost of the "document" is from 800 to 3,000 rubles, the delivery of the medical diversion is promised on the day of order.
A pandemic, vaccination and tough quarantine measures have become fertile ground for online scammers to create schemes - they skillfully manipulate victims using their fears, prejudices, and sometimes outright ignorance, - notes Andrei Busargin, Deputy General Director of Group-IB for Digital Risk Protection. - In the spring and summer of 2020, during quarantine measures, DRP Group-IB specialists revealed a fraudulent scheme to sell fake passes. Then about 200 proposals were discovered and blocked. As of July 2021, there are at least 5 fraudulent schemes in Runet that exploit the covid agenda, and hundreds of ads, Internet resources, channels and groups in social networks where ads about illegal services are published. |
Experts from Group-IB Digital Risk Protection recalled that the forgery of official documents, their acquisition, as well as the use of deliberately forged documents, including vaccination certificates, QR codes for visiting catering establishments and mass events, refers to a criminal offense - Art. 327 of the Criminal Code of the Russian Federation.
Playing on feelings: how cyber fraudsters apply social engineering
In June 2021 phishing attacks , she spoke about. Anna Mikhailova Such attacks are the main mechanism for fraudulent financial operations. They are very successful, because they are based on the peculiarities of human decision-making. The secret lies in the properties of human psychology that attackers use. Read more here.
Why social engineering remains the main weapon of cybercriminals
On March 23, 2021, Fortinet told why social engineering remains the main weapon of cybercriminals.
According to Amir Lahani, Senior Information Security Strategist, FortiGuard Labs, Fortinet, although 2020 has already passed, many of last year's cyber fraud problems will continue until at least mid-2021. Cybercriminals will focus on maximizing their profits, using traditional cost-benefit analysis to choose the best attack vector. Emotions related to the pandemic are likely to heat up, and remote work will continue as companies accept the "new reality." For cybercriminals, these trends only increase the return on investment in malware and fraudulent programs. To protect themselves and their sensitive data from these attack methods, businesses must remain vigilant.
Overall, social engineering attacks are a highly efficient and inexpensive technique, according to expert Fortinet. Conceptually, cybercriminals pursue goals similar to those of legal business - they seek to maximize profits while reducing operating costs. And thanks to the many variants of malware distributed as a service, "as-a-Service" (software as a service), available on the Dark Web, social engineering attacks are ideal for achieving these goals.
Successful attacks, which are based on social engineering methods, are directed against basic emotional reactions of people, such as "fight or run." When a person is overwhelmed with feelings such as fear or sympathy, he can often make rash decisions. At the beginning of the pandemic, cybercriminals used these emotions to carry out successful phishing attacks.
People were desperate for information, but without realizing it, they let their digital guards down: this led to an increase in the profits of cybercriminals. As countries begin to offer more vaccination opportunities, those same emotions will make social engineering scams even more lucrative. With such a desire to return to "normal" life, people are becoming more gullible. This desire makes social engineering attacks focusing on the topic of vaccination more profitable. Only after vaccination information becomes more specific and accessible will the threat actors see the viability of these fraudulent activities diminish in terms of cost-benefit ratios, explained Amir Lahani, Senior Information Security Strategist, FortiGuard Labs. |
Fortinet estimates that in terms of business IT security, the beginning of 2021 still has a good chance of being similar to the beginning of last year. For example, last year's FortiGuard Labs Global Threat Landscape Report found that various web phishing scams were firmly at the top of the list of malicious methodologies, and only in July did these hikes leave the top five most popular. Thus, in the early months of the pandemic, cybercriminals focused mainly on social engineering attacks.
Remote and hybrid work does spear phishing (a method in which cybercriminals use targeted techniques to deceive the victim and make her believe that she received a legitimate letter from a well-known person asking her to provide her information) and whale phishing (a form of phishing aimed at senior management at certain companies to gain access to their credentials to data and/or bank information) are especially attractive to cybercriminals. While business compromise mails is the standard vector of attacks, the distributed workforce model increases the effectiveness of these types of attacks, said Fortinet expert.
As a rule, such attack methods offer cybercriminals a high reward model. By hitting more visible goals in the organization, they can get a better result by spending less resources. So, instead of hitting 1,000 victims with less reward, cybercriminals prefer to target high-priority individuals with blackmail and extortion, knowing that they can leave with greater benefit.
A successful attack such as whale phishing or spear phishing gives cybercriminals the ability to passively monitor important transactions. The top-down approach allows attackers to redirect funds or payments, which, in terms of the cost model, is a cheap and highly profitable vector of attack. As long as people work remotely, corporate email will continue to benefit cybercriminals. This is because the impossibility of a person's physical presence by nature increases the likelihood of successful digital fraud.
Year after year, cybercriminals reflect on how to take advantage of the holidays. People love the holidays and expect letters with discounts or special offers. These methods of attack are likely to develop in the same way as always. However, organizations and individuals must remember that attackers often take a multi-vector approach to attacks, rarely using a single vector, as covering a larger area of the digital surface increases profitability.
As people self-isolate, cybercrimes are becoming more personal. Combined with typical social engineering scams for via email, cybercriminals target social media accounts, particularly internet dating apps. Attackers benefit from people's desire for emotional connection at a physically disconnected time. By running email campaigns combined with romantic dating app scams, attackers get the coveted jackpot.
At the same time, cybercriminals are constantly looking for easy money - trying to find the most vulnerable, highly profitable target. In 2021, none of the targets meet that goal better than the vaccine supply chain.
The vaccine supply chain is not only made up of researchers creating vaccines. In fact, mass distribution requires a complex, interconnected set of suppliers. Attacking any of these elements can lead to significant disruptions in vaccine production and distribution. Governments, private companies and citizens need to ensure that the distribution of vaccines proceeds as smoothly as possible so that they can work towards economic recovery. Breaking down a weak link in the supply chain can lead to higher value and lower ROI, "Fortinet explained. |
Security researchers such as the FortiGuard Labs team are focused on studying how cybercriminal ecosystems work in order to understand how to nullify malicious activities. While cybercriminals look at attacks in terms of cost, security researchers use a disruption model.
The cybercrime supply chain, like the traditional corporate one, consists of an interconnected set of third-party third parties, only in this case on the Dark Web. It includes developers, manufacturers and distributors of criminal software. One single glitch in this criminal supply chain can reduce the number of attacks, slowing down cybercriminals.
Cybercriminals' targets include blackmail, exploitation and making a profit. With this in mind, the security services must respond accordingly. But while understanding cybercriminals "intentions is crucial, it's only half the battle. In addition to knowing what is happening around them, companies must also protect themselves from fraud with solutions that disrupt criminals and defeat intruders in their own game, concluded Amir Lahani, Senior Information Security Strategist, FortiGuard Labs. |
2020
New Telegram channel fraud scheme
November 25, 2020 Roskachestvo talked about a new fraud scheme in. Telegram It consists in the fact that attackers turn to channel administrators in the messenger under the guise of negotiations about advertising. Then they offer to download an archive file with a "presentation" of the product whose advertising they want to pay for. The archive contains, virus which transfers data and account management. to hackers More. here
Fortinet: How cybercriminals apply social engineering during a pandemic
On April 30, 2020, the company Fortinet announced that due to the current situation caused by people coronavirus around the world experience feelings of anxiety and uncertainty, and criminals do not disdain to use this. They information e-mail messages perceive this provision as an opportunity to steal money or personally by creating fraudulent schemes using social engineering techniques, distributing them over, through text and phone calls.
Over the past few weeks, attempts to lure unsuspecting victims to infected websites, provoke clicking harmful on links or provide personal information by phone have increased. And all this happens in the context of a pandemic. Many attackers try to impersonate representatives of legitimate organizations, such as Ministry of Health or, World Health Organization (WHO) providing inaccurate information and even promises of access to vaccines - all this for money, of course.
Moreover, no one is immune from such attacks - from administrative employees, contractors and interns to top managers. Even business partners can be used to gain confidential information and access networks. Even the children of those who connect to the work network through the home network for April 2020 may be potential goals. It's an ongoing bombardment, every minute of every day, 24/7/365.
Fraudsters prefer the path of least resistance. They hack the psychology of attack objects (which rarely understand who actually contacts them), and also rely on publicly available data to create victim profiles. Cybercriminals are experts in the art of masking, manipulating, influencing and creating decoys to deceive people, in order to push them to disclose sensitive data and/or provide access to networks and/or objects.
When it comes to deterrence, understanding the basic attack vectors used by attackers is key. Fortinet highlights the following options for social engineering attacks.
Digital attacks:
- Phishing/Spearphishing - email-based attacks aimed at a specific person or the entire organization as a whole, in order to encourage people to click on malicious links or provide their credentials/other personal information.
- Cheating on social media - Attackers create fake profiles to befriend victims by posing as a current or former employee, recruiter or someone with similar interests, especially LinkedIn. Their goal is to trick the victim into providing sensitive information/downloading malware to their device.
- Requests under the pretext - cybercriminals focus on preparing a good pretext or plausible story to convince the victim of the need to provide certain information.
- WaterHolding is an attack strategy in which attackers collect information about visits to legitimate websites among a target group of persons in a particular organization, industry or region. They then look for vulnerabilities on these resources and infect them with malware. Eventually, people on the task force will visit these websites and then become infected.
Phone attacks:
- Smishing is an attack using text messages, allegedly from a reliable sender. It is used for the victim to download a virus or other malicious program into his device.
- Vishing is an attack in which an attacker calls a mobile phone, pretending to be a representative of any legitimate organization, for example, a bank, in order to "fish out" confidential information (bank card details, etc.). Here, the tactic is to fake the caller ID. This allows you to furnish everything as if the call came from a reliable source.
95% of all disorders safety are explained by the human factor. That is why it is crucial that users become the first line of defense, and for this it is necessary to somewhat deepen knowledge in the field. cyber security
Fortinet experts recommend the following measures to protect personal and business information:
- Be suspicious of any email or text message that requests sensitive information or financial transactions.
- Move the cursor and view all hyperlinks before clicking to make sure they lead to legitimate resources.
- Use multi-factor authentication to gain secure access to critical systems and databases.
- Make sure that all current updates are installed on the security tools of the browser, mobile devices and computer.
- Never use the same passwords for multiple accounts and devices. The uniqueness and complexity of the password is paramount to protect against additional risk.
Remember to use cyber distancing from attackers. Keep cyber distance, avoiding suspicious requests and contacts.