Category Archives: News

The Evolving Face of Spam: Analyzing New Techniques and Trends

The Evolving Face of Spam: Analyzing New Techniques and Trends

In the ever-expanding digital landscape, the battle against spam continues to intensify. While advancements in internet security have made significant strides in mitigating this menace, spammers are adapting their techniques and exploiting emerging trends to stay one step ahead. This article delves into the evolving face of spam, highlighting the new techniques and trends being employed by cybercriminals to infiltrate our inboxes and compromise online security.

Artificial Intelligence and Machine Learning-Powered Spam:

One of the most significant developments in spam techniques involves the use of artificial intelligence (AI) and machine learning (ML). Spammers have harnessed these technologies to create more sophisticated and convincing messages. By leveraging AI and ML algorithms, they can generate spam emails that mimic the writing style and language of legitimate senders. This makes it increasingly challenging for users and even spam filters to differentiate between genuine emails and malicious spam.

Social Engineering and Phishing Attacks:

Social Engineering and Phishing Attacks

Social engineering has long been a favored technique for cybercriminals, and it continues to evolve as they exploit human vulnerabilities. Phishing attacks, a subset of social engineering, have become alarmingly sophisticated. Attackers now employ carefully crafted emails and messages that appear to be from reputable sources, tricking unsuspecting users into revealing sensitive information or clicking on malicious links. These attacks often employ psychological tactics to invoke a sense of urgency or fear, compelling users to act without considering the consequences.

Mobile and Text Message Spam:

As mobile devices become ubiquitous, spammers are capitalizing on this trend by targeting users through text messages. Mobile spam has witnessed a surge in recent years, with SMS-based scams and unsolicited messages becoming prevalent. From fake prize notifications to fraudulent banking alerts, spammers are exploiting the immediacy and personal nature of text messaging to deceive users. Moreover, the rise of mobile applications has opened new avenues for spam, with malicious apps disguising themselves as legitimate services, leading to unwanted advertisements or compromising personal data.

Image-Based Spam:

Traditionally, spam emails relied heavily on textual content to convey their malicious intent. However, a new trend has emerged where spam messages contain embedded images. These images bypass text-based filters and aim to trick users into interacting with them. Image-based spam often includes clickable elements or hidden URLs that redirect users to malicious websites or initiate downloads. By evading conventional filters, this technique poses a significant challenge to email security solutions.

Conclusion:

Spam remains an ongoing threat in the digital realm, and cybercriminals continuously adapt their techniques to exploit emerging trends and technologies. The evolving face of spam encompasses AI-powered messages that mimic genuine communication, sophisticated social engineering and phishing attacks, mobile and text message spam, and image-based spam that circumvents traditional filters. As individuals, it is crucial to stay vigilant and exercise caution while interacting with online content. Additionally, organizations must invest in robust security measures and regularly update their defenses to combat the ever-changing landscape of spam. By staying informed and adopting proactive security practices, we can collectively work towards a safer and more secure digital ecosystem.

Inside the Mind of a Spammer: Insights from Cybersecurity Experts

Inside the Mind of a Spammer: Insights from Cybersecurity Experts

Spam is a major problem for businesses and individuals alike. In 2022, the average person received 122 spam emails per day, according to a report by the Radicati Group. And the cost of spam is estimated to be in the billions of dollars each year.

So who are the people behind the spam? And what motivates them to send millions of unwanted emails every day?

To get some insights, I spoke with several cybersecurity experts. Here’s what they had to say:

What motivates spammers?

Spammers are motivated by a variety of factors, including:

  • Money: Spammers can make a lot of money by sending spam emails. For example, a single spam email that leads to a successful click-through can earn the spammer anywhere from a few cents to a few dollars.
  • Power: Spammers enjoy the feeling of power that comes from being able to control other people’s computers. They also enjoy the challenge of outsmarting security systems.
  • Anonymity: Spammers can operate anonymously, which makes it difficult to track them down and prosecute them.

How do spammers send spam?

How do spammers send spam?

How do spammers send spam?

Spammers use a variety of methods to send spam, including:

  • Botnets: Botnets are networks of infected computers that are controlled by a single attacker. Spammers use botnets to send spam emails at high volumes.
  • Social engineering: Spammers use social engineering techniques to trick people into opening spam emails. For example, they may send emails that appear to be from legitimate companies or organizations.
  • Malware: Spammers may also use malware to infect people’s computers. Once a computer is infected, the malware can be used to send spam emails without the user’s knowledge.

How can you protect yourself from spam?

There are a number of things you can do to protect yourself from spam, including:

  • Use a spam filter: A spam filter can help to reduce the amount of spam that you receive.
  • Be careful about what information you share online: Spammers can use information that you share online to target you with spam emails.
  • Don’t open spam emails: Even if you’re curious about what’s in a spam email, it’s best to not open it. Opening a spam email can infect your computer with malware.
  • Report spam: If you receive a spam email, you can report it to the Federal Trade Commission (FTC).

Conclusion

Spam is a major problem, but there are a number of things you can do to protect yourself. By following the tips above, you can reduce the amount of spam that you receive and keep your computer safe from malware.

The Rising Threat: Examining the Global Surge in Spam Attacks

The Rising Threat: Examining the Global Surge in Spam Attacks

In today’s interconnected world, where communication primarily takes place through digital channels, the prevalence of spam attacks has become a pressing concern for individuals, businesses, and governments alike. These unsolicited and often malicious messages flood our inboxes, posing a significant threat to our online security. This article delves into the escalating global surge in spam attacks, explores their impact on cybersecurity, and provides insights into the measures individuals and organizations can take to safeguard against this rising threat.

The Proliferation of Spam Attacks:

Spam attacks have witnessed a remarkable surge in recent years, largely fueled by advancements in technology and the increasing sophistication of cybercriminals. What was once mere annoyance has now transformed into a major threat to online security. The global nature of these attacks further amplifies the challenges faced by individuals and businesses alike, as perpetrators can operate from anywhere in the world.

The Evolution of Spam:

Gone are the days of crude and easily identifiable spam emails. Today, spammers have adapted their tactics to evade traditional filters and employ more sophisticated techniques. They utilize social engineering, machine learning, and automation tools to craft convincing messages that lure recipients into clicking on malicious links, downloading malware, or divulging sensitive information.

The Financial Motive:

Financial gain remains a primary motivation behind spam attacks. Cybercriminals exploit the vast scale of spam campaigns to target a multitude of potential victims simultaneously. By employing tactics such as phishing, identity theft, and the distribution of malware, they seek to extract financial information, login credentials, or install ransomware for monetary extortion.

The Rise of Spear Phishing:

Spear phishing, a highly targeted form of phishing, has emerged as a preferred tactic for cybercriminals. Unlike traditional phishing attacks that cast a wide net, spear phishing involves customized messages that are tailored to deceive specific individuals or organizations. Attackers gather personal information through various sources, enabling them to craft highly personalized messages that appear legitimate. Such attacks often lead to severe data breaches and financial losses for both individuals and organizations.

Implications for Cybersecurity:

Implications for Cybersecurity:

The escalating surge in spam attacks poses significant implications for cybersecurity on multiple levels. Individuals are increasingly exposed to identity theft, financial fraud, and privacy breaches. For businesses, the ramifications can be devastating, ranging from reputational damage to significant financial losses and legal liabilities. Moreover, governments face the challenge of protecting critical infrastructure and sensitive data from spam attacks that can potentially disrupt essential services and compromise national security.

Protecting Against Spam Attacks:

As the threat landscape evolves, individuals and organizations must adopt proactive measures to protect themselves against spam attacks. Here are some crucial steps to enhance online security:

Educate and Raise Awareness: Individuals should be educated about the risks associated with spam attacks, emphasizing the importance of scrutinizing emails, avoiding clicking on suspicious links, and reporting phishing attempts to relevant authorities.

Implement Robust Email Filters: Individuals and organizations must employ advanced spam filters that can identify and block malicious emails effectively. These filters should be regularly updated to keep up with emerging spam tactics.

Strengthen Cyber Hygiene: Practicing good cyber hygiene is essential. This includes regularly updating software and operating systems, using strong and unique passwords, enabling multi-factor authentication, and being cautious while sharing personal information online.

Invest in Security Solutions: Deploying comprehensive security solutions, such as antivirus software, firewalls, and intrusion detection systems, can significantly enhance protection against spam attacks.

Conclusion:

The global surge in spam attacks presents a grave threat to internet security, affecting individuals, businesses, and governments worldwide. With cybercriminals employing increasingly sophisticated techniques, it is crucial for individuals and organizations to remain vigilant and take proactive steps to protect themselves. By staying informed, implementing robust security measures, and fostering a culture of cybersecurity, we can collectively mitigate the risks posed by spam attacks and safeguard our online world.

Elon Musk

Crypto spam bots go quiet as Musk guarantees towards prosecute scammers

Some individuals in the crypto Twitter area are actually currently stating a decrease in the variety of fraud bots after Elon Musk’s newest modifications towards the social networks system.

Elon Musk’s newest barrage in his battle versus crypto spam bots on Twitter shows up towards have actually created a genuine effect, along with the crypto neighborhood stating a large decrease in the variety of bots reacting to their messages.

In a Dec. 11 message, the Twitter CEO hinted that “bots remain in for a shock tomorrow” as well as later on discussed that they’ve discovered a handful of individuals responsible for a a great deal of bot/troll profiles as well as the system will certainly be actually shutting down IP addresses of “understood poor stars.”

He after that subsequented through discussing that while scammers may attempt various other techniques towards prevent the IP deal with obstruct, Twitter will certainly be actually “shutting all of them down as quickly as they appear.”

Shibetoshi Nakamoto, the pseudonym of Billy Markus, co-creator of meme coin Dogecoin, informed Musk in a Dec. 11 message, “I created an examination message as well as rather than viewing fifty bot responds I just viewed one a lot development, extremely buzz.”

Various other individuals likewise mosted likely to examination Musk’s newest modifications. PlanB, a Bitcoin expert as well as investor, published a graph towards view the number of bots will respond. During the time of composing, no reactions coming from bots possessed appeared in the remarks.

Ethereum founder Vitalik Buterin likewise kept in mind that while “Twitter *seems* to become partially much a lot better towards utilize recently,” he could not inform if certainly there certainly possessed been actually a decrease in bots because of Musk.

twitter elon musk

“No concept ways to different apart things Elon performed vs crypto-winter vs my mind picturing modifications that may not be really certainly there certainly,” he stated.

Some have actually stated that the bot reactions still appear on messages, however are actually extremely rapidly eliminated due to the system.

Associated: ‘Twitter will certainly perform great deals of stupid things’ in the happening months: Elon Musk

Twitter spam as well as fraud bots have actually been actually a afflict on the system as well as were actually viewed through Musk as among his leading concerns for Twitter after taking the reins in Oct.

In his newest message, Musk likewise hinted that the system will certainly be actually intending towards get lawsuit versus scammers on Twitter later on, however really did not deal any type of extra information.

“Twitter will certainly likewise be actually transferring to prosecute scammers anywhere on Planet,” he stated.

Phone Scams

Nearly 45 million received scam calls in three months

Almost 45 million people in the UK were targeted by scam text messages or phone calls over the summer, according to telecoms regulator Ofcom.

About half reported getting a scam call or text at least once a week.

A survey of 2,000 adults in September found that almost a million people had been misled by a message or a call which they received.

Text scams are most common among 16 to 34-year-olds, with two-thirds receiving one between June and August.

The elderly are more often targeted using their landlines, with 61% of those over 75 receiving a scam phone call, but all ages are at risk.

UK residents who believe they have been targeted, or are the victim of a scam, can report a text message by forwarding it to 7726 – the numbers on the keypad that have the letters for spam on them.

However, Ofcom found that 79% of mobile phone users were unaware of that service.

Scam calls should be reported to Action Fraud.

Lindsey Fussell, Ofcom’s networks and communications group director, urged the public not to reply to messages which do not seem quite right.

“Criminals who defraud people using phone and text scams can cause huge distress and financial harm to their victims, and their tactics are becoming increasingly sophisticated,” she said.

“Stay alert to any unsolicited contact. Put the phone down if you have any suspicion that it is a scam call, and don’t click on any links in text messages you’re unsure about.”

Online casino scam

These online casino emails never pay what they promise

Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails.

Many of the larger online casinos utilize an affiliate program that allows other websites or influencers to promote their products and earn a commission for anyone who signs up for an account.

To refer users, the affiliates will create specially crafted URLs that contain an affiliates ID or drops a cookie that allows the casino to give them credit when a referral registers a new account.

This week, BleepingComputer was told about an online spam campaign conducted by affiliates of online casinos that are bombarding users with misleading emails stating they won the ‘Grand Prize,’ that a large cash payout is ready, or that the recipient needs to confirm their account.

After being told about the campaign, we took a look at the spam folder for one of our emails accounts and saw that we too are heavily targeted with this spam campaign, as shown below.

List of spam emails

While Gmail has done an excellent job marking these types of emails as spam, other free email services may not do as good of a job, and the spam could make it into the general mailbox.

For example, below are two affiliate spam emails for Raging Bull Casino and Royal Ace Casino. You can see that they promise a payout of $3,500 or a betting strategy will be shared after confirming their online account.

Royal Ace phishing

When clicking on the links, the user is redirected through another site that drops an affiliate cookie and then redirects them to the casino.

As you can see below, the redirection to Raging Bull Casino includes the affiliate ID (affid) in the URL so that the affiliate can get credit for the signup.

Raging Bull Affiliate

As you can imagine, when you sign up for the account expecting a nice payout waiting for you, there is no payout waiting for you. Instead, the only one making money is the affiliate who sent you the email.

BleepingComputer has reached out to the online casinos listed in the article and their affiliate managers, if available, but did not receive a response.

If you receive these types of emails, simply mark them as spam so that your email provider’s spam filters will be trained to recognize them in the future.

corona virus

Victims of coronavirus scams leave UK victims seriously out of pocket

Victims of scams related to the coronavirus outbreak lost nearly €1 million in February, according to the UK’s fraud and cybercrime centre.

In a warning to the public, Action Fraud UK said fraudsters conned people out of more than £800,000 (€918,000) in the month, using the COVID-19 crisis to concoct phishing email scams.

It said since the start of February, 21 cases of fraud have been identified where coronavirus was mentioned.

Ten were reported by victims who were trying to buy facemasks from fraudulent sellers, with one victim losing more than £15,000 on a purchase of masks which was never delivered.

Others were victims of coronavirus-themed phishing emails, where people are tricked into opening malicious attachments or divulging login information.

Some fraudsters have been pretending to be from research organisations associated with the Center for Disease Control and Prevention (CDC) and the World Health Organisation (WHO).

WHO has itself warned people of malicious emails appearing to be from the organisation.

“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency,” it says on its website, warning the emails ask for information such as usernames and passwords, or include malicious links or attachments.

How to steer clear of online scams

  • Don’t click on links or attachments in suspicious emails, says Action Fraud
  • Don’t reveal any personal or financial details during unsolicited messages or calls
  • WHO says you can verify the sender by checking the email address – an official WHO email will be sent only from an address ending in @who.int
  • Don’t feel under pressure to reveal any information – cybercriminals use emergencies such as coronavirus to scare people into making rash decisions
  • The WHO also advises, if you think you may have given personal information mistakenly to a scammer, change your credentials immediately
Football Fraud

Belgium football transfer: Two arrested in fraud inquiry

Two people have been detained in an inquiry in Belgium into alleged fraud involving the transfer of football players, prosecutors say.

One, players’ agent Christophe Henrotay, was held in Monaco. The other is said to be an associate in Belgium.

They were detained during raids on Tuesday and Wednesday.

Prosecutors said the arrests stem from an ongoing inquiry into the £13m (€18m) transfer of striker Aleksandar Mitrovic from Anderlecht to Newcastle United in 2015.

“The facts involve notably money-laundering operations and private corruption in the context of football player transfers,” they said on Wednesday.

A search was also carried out in London, where a Metropolitan Police spokesman said they were assisting the Belgian investigation.

It is understood that Newcastle believe they are not directly connected to the inquiry.

In April, Anderlecht premises were searched. No-one was detained at the time.

A separate inquiry into suspected fraud involving transfers during the 2017-2018 season led to raids on premises linked to Anderlecht, Club Bruges and Standard Liège last October.

CAPTCHA Phishing Scam

CAPTCHA Phishing Scam Targets Android Users

A CAPTCHA phishing scam has been detected which is being used to trick users into downloading a malicious file that intercepts multi-factor authentication codes on a user’s smartphone. With the codes, hackers can perform a more extensive attack and gain access to a much wider range of resources such as email and bank accounts.

When a visitor lands on the phishing page, a check is performed to determine what device is being used. If the user is on an Android device, a malicious APK file is downloaded to their device. Any other platform will receive a zip file containing malware.

A fake version of the familiar Google reCAPTCHA is displayed on the phishing page. It closely resembles the legitimate version, although it does not support sound and the images do not change when they are clicked. The fake reCAPTCHA is housed on a PHP webpage and any clicks on the images are submitted to the PHP page, which triggers the download of the malicious file. This campaign appears to be focused on mobile users.

On an Android device, the malicious APK intercepts PIN codes from two-factor authentication messages, which allow the attackers to gain access to the user’s bank account. With these PIN codes, an email account can also be compromised, which would allow further accounts to be compromised by requesting password resets.

A successful attack could see several accounts used by an individual subjected to unauthorized access. Businesses are also attacked in a similar manner. Successful attacks on businesses could give the attackers access to huge volumes of sensitive company data and even infrastructure resources.

This method of delivering malware is nothing new and has been around since 2009. A CAPTCHA phishing campaign was detected in February 2018 attempting to download a malicious file, and a similar campaign was run in 2016.

A method of attack is adopted for a while then dropped. While it is possible to prepare the workforce for phishing attacks such as this through training, security awareness training alone is not enough as tactics frequently change, and new methods of attack are frequently developed.

As this attack shows, two-factor authentication is far from infallible. In addition to this method of obtaining 2FA codes, the SS7 protocol used to send SMS messages has flaws that can be exploited to intercept messages.

Security awareness training and 2FA are important, but what is required on top of these protections is a powerful anti-spam and anti-phishing solution. Such a solution will block phishing emails at the gateway and make sure they are not delivered to inboxes.

It is important to choose a solution that provides protection against impersonation attacks. Many phishing campaigns spoof a familiar brand or known individual. A solution that incorporates Domain-based Message Authentication, Reporting & Conformance (DMARC) will help to ensure that the sender of the message is genuine, by performing checks to make sure that the sender of the message is authorized to send messages from that domain.

Most anti-phishing solutions incorporate an anti-virus component that scans all incoming attachments for malware and malicious code, but cybercriminals are using sophisticated methods to evade detection by AV solutions. Files may include malicious code that is hard to detect. A sandbox is therefore required to execute suspicious attachments in a safe environment where they can be monitored for malicious activity. By testing attachments in the sandbox, malicious files can be identified and more genuine emails and attachments will arrive in inboxes.

Football Fraud

Middlesbrough FC fake football trial scam warning

Fraudsters are targeting young footballers across the world offering them fake trials in return for money.

Middlesbrough Football Club said it had been contacted by would-be professionals saying they had been offered trials by the club.

Club spokesman Paul Dews said in one case $150 (£116) was demanded but no cash was handed over.

A number of other clubs have been targeted and Middlesbrough has informed the Football Association (FA).

Mr Dews said the club had received at least 15 queries – from within the UK, Africa and the Caribbean – asking if the offers were genuine.

“We understand we are one of a number of clubs whose name is being used in this manner and have reported this to both the police and the FA, who we are currently assisting in their investigations,” he said.

Impersonating football agents

The FA said there had been a “number of reported scams/schemes in different areas of the country”.

Young players are promised trials and they or their family are asked for payment in advance to cover “insurance and travel”, it said.

Once the money is sent no more is heard.

The FA said it had alerted clubs and local police, and issued a warning to players and parents.

In the latest scam fraudsters had been impersonating football agents but did not appear to have received any money so far, Middlesbrough said.

Mr Dews said “any invitations for players to join on trial would always be made directly from the club and not from any third parties”.