The FBI has issued warnings about online-shopping scams and phishing attackers who try to steal online credentials using big brands. Consumers should be cautious of deals that seem to be too good to be true in social media channels, in email, or on websites. Also, malicious actors can try to steal consumers’ sensitive data through online surveys. FBI strongly recommends consumers to buy goods on https websites and check whether there is the company’s domain in its email address.
The FBI also recommends consumers to buy goods online using credit cards dedicated only for online purchases. When using online accounts, users should never save payment information. Consumers should never use public W-Fi for online purchases and check whether they interact with a reliable seller. In case a consumer becomes a victim of fraud or scam, he/she needs to report the incident to the FBI.
Malicious actors make huge money by promoting fake cryptocurrency giveaways on social media channels. Social media users should be aware of scams involving popular cryptocurrencies such as Bitcoin, Ethereum, Dogecoin, Cardano, Ripple, Shiba Inu, etc. To legitimate fake giveaways, scammers are actively using footage from public figures known in the world of crypto. Scammers exploit such famous crypto leaders as Michael Saylor, chairman and CEO of MicroStrategy, Vitalik Buterin, Ethereum co-founder, Elon Musk, CEO of Tesla and SpaceX, and other public figures.
The most profitable malicious activity is Bitcoin scams bringing malicious actors $1.6 mln per scam that is followed by Ethereum scams bringing scammers on average $80K per scam. Malicious actors realize that users are likely to trust influential individuals. That is why they actively produce fake videos featuring known crypto leaders. The main objective of these scam campaigns is to trick users to go to external websites offering them to double their cryptocurrencies.
Ukrainian investigators have arrested the prolific mobile hacking group that used to target victims through Apple and Samsung phishing sites. Five members of the so-called “Phoenix” group were arrested. Hackers were tricking users to open their phishing sites and download apps there. Victims were unwittingly giving hackers remote access to their devices. As a result, hackers could withdraw funds from citizens’ accounts and sell information about their private lives to third parties. The cost of unauthorized access to the account of a mobile phone owner was $200.
Also, the members of the gang were making money by unlocking stolen and lost Apple gadgets. After that, they were selling these devices through the network of stores in Kyiv and Kharkiv. The gang was active for more than 2 years and hundreds of individuals have fallen victim to the “Phoenix” group.
Google’s cybersecurity action team has issued a report containing details of the mining hack. The report spots threats against Google cloud service – remote storage allowing customers to store data and files off-site. The report also contains advice on how to tackle these threats. The list of other threats identified by the team in “threat horizon” includes attempts made by Russian hackers to gain users’ passwords by warning that government-backed attackers are targeting them; the use of heavy encryption in ransomware attacks; North Korean hackers impersonating Samsung job recruiters.
Google has reported 50 hacks of its cloud service that have taken place recently. Among these hacks, more than 80% were used to perform cryptocurrency mining. It’s a cloud resource-intensive for-profit activity. In most cases, the crypto mining software was downloaded within 22 seconds after the compromise of the account. Attackers succeeded in their malicious activities due to poor customer security and vulnerable third-party software.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.