Tag Archives: email scams

Online casino scam

These online casino emails never pay what they promise

Leave a reply

Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails.

Many of the larger online casinos utilize an affiliate program that allows other websites or influencers to promote their products and earn a commission for anyone who signs up for an account.

To refer users, the affiliates will create specially crafted URLs that contain an affiliates ID or drops a cookie that allows the casino to give them credit when a referral registers a new account.

This week, BleepingComputer was told about an online spam campaign conducted by affiliates of online casinos that are bombarding users with misleading emails stating they won the ‘Grand Prize,’ that a large cash payout is ready, or that the recipient needs to confirm their account.

After being told about the campaign, we took a look at the spam folder for one of our emails accounts and saw that we too are heavily targeted with this spam campaign, as shown below.

List of spam emails

While Gmail has done an excellent job marking these types of emails as spam, other free email services may not do as good of a job, and the spam could make it into the general mailbox.

For example, below are two affiliate spam emails for Raging Bull Casino and Royal Ace Casino. You can see that they promise a payout of $3,500 or a betting strategy will be shared after confirming their online account.

Royal Ace phishing

When clicking on the links, the user is redirected through another site that drops an affiliate cookie and then redirects them to the casino.

As you can see below, the redirection to Raging Bull Casino includes the affiliate ID (affid) in the URL so that the affiliate can get credit for the signup.

Raging Bull Affiliate

As you can imagine, when you sign up for the account expecting a nice payout waiting for you, there is no payout waiting for you. Instead, the only one making money is the affiliate who sent you the email.

BleepingComputer has reached out to the online casinos listed in the article and their affiliate managers, if available, but did not receive a response.

If you receive these types of emails, simply mark them as spam so that your email provider’s spam filters will be trained to recognize them in the future.

How to report online scams

How to report online attempts to steal your money

Leave a reply

With scams spiking during lockdown, here are some of the ones to know about – and how to get support

Fresh warnings have been issued over a new scam that claims payment is required for a package to be delivered.

The latest con involves the victim receiving a text message from “Royal Mail”, claiming that a parcel is ready for delivery, but that an additional fee of £1.99 or £2.99 is required.

A link is shared for the recipient to click through and pay the alleged fee, only to be directed to a copycat website operated by fraudsters.

One victim revealed on social media in a tweet that went viral that such a con had left her “scammed out of every penny I had” after fraudsters telephoned her pretending to be her bank and asking her to move money around.

The Chartered Trading Standards Institute (CTSI) and Royal Mail have both warned that such messages are fraudulent, with the CTSI adding that such scams have surged over the past year.

“This delivery scam is yet another example of fraudsters attempting to make money out of the unsuspecting public,” said Katherine Hart from the CTSI.

“Due to the lockdowns, many millions of people rely on product deliveries, so scammers have focused their efforts on this theme.

“If you have any suspicions, contact Royal Mail to verify before you click any links or share details,” she added.

A spokesperson for Royal Mail said the service would only ever ask for payment by email or text message if a parcel had been sent to them from overseas and a customs payment was due.

“In such cases, we would also leave a grey card telling customers that there’s a Fee to Pay before we can release the item.”

But what other scams exist and what should you look out for? Here’s everything you need to know.

National Insurance

Action Fraud, the UK’s national reporting centre for fraud and cybercrime, is warning the public about a National Insurance scam after it received over 34,000 more calls last month compared with February 2020.

Victims have reported receiving an automated telephone call telling them their “National Insurance number has been compromised” and that they must “press one on their handset to be connected to the caller” in order to resolve the issue.

Once connected to the “caller”, victims are pressured into giving over their personal details in order to receive a new National Insurance number. In reality, they’ve been connected to a criminal who can now use their personal details to commit fraud.

Pauline Smith, head of Action Fraud, said: “We are asking the public to remain vigilant and be cautious of any automated calls they receive mentioning their National Insurance number becoming compromised.

“It’s important to remember if you’re contacted out the blue by someone asking for your personal or financial details, this could be a scam.

“Even confirming personal details, such as your email address, date of birth or mother’s maiden name, can be used by criminals to commit fraud. If you have any doubts about what is being asked of you, hang up the phone. No legitimate organisation will rush or pressure you.”

HMRC (tax scams)

With the end of the tax year approaching, scams relating to tax payments, bills and rebates are on the rise. Her Majesty’s Revenue & Customs (HMRC) received over 900,000 reports of HMRC scams in 2020, with more than half of these offering fake tax rebates.

Common scams include messages claiming you are owed a tax rebate, that you’ve missed an important deadline, or warning that you have an outstanding fee to pay. Scams exploiting the Covid-19 pandemic have also been reported, with people receiving texts stating that they are owed a “goodwill payment” due to the coronavirus. Others demand a £250 payment after individuals are accused of “breaching lockdown restrictions”.

HMRC has said that it will never send notifications by email about tax rebates or refunds and advise recipients not to open any attachments, click any links or share any personal or payment information. It adds that if you are unsure about the legitimacy of a message you receive by email, text message, WhatsApp, social media or telephone, you can forward the details to the National Cyber Security Council at phishing@hmrc.gov.uk.

Genuine emails from HMRC should all end in ‘gov.uk’ only. Any additional words, letters or numbers following this are likely to be fraudulent. Don’t click links contained in emails or messages claiming to be from HMRC – log in to your account, email or telephone them directly to be certain it’s safe.

You can also see examples of HMRC scams by following this government link.

Investment fraud

Fraud

Investment fraud occurs when you receive a cold call from someone claiming to offer you an opportunity to invest in a scheme, service or product that is actually worthless or doesn’t even exist. It’s also known as share sale fraud, hedge fund fraud, land banking fraud or bond fraud. The majority of investment frauds are run out of offices known as boiler rooms. Victims may also be offered “special discounts”, “insider info” or “exclusive” stock tips.

Boiler room operations often contact victims out of the blue and pressure them into making rushed decisions with no time to consider the nature of the investment. Callers often sound extremely knowledgeable and professional, and may produce polished-looking websites, certificates or brochures to “prove” their authenticity.

As well as never providing bank account details or sensitive information, never accept investment offers on the spot from cold callers. Instead, look at the Financial Conduct Authority’s ScamSmart warning list which acts as a barrier between unscrupulous scammers and you.

Sadly, boiler room operations tend to target people aged 65 and older, so it’s important to talk to older family members and vulnerable people to help them spot bogus callers.

Netflix

Action Fraud received over 400 reports in just one week from people reporting fake emails purporting to be from Netflix. The emails state that the recipient needs to “finish signing up” by clicking the link provided before they can use the online streaming service. Doing so, however, takes victims to phishing websites that steal your Netflix login, personal and financial information.

Netflix says that it will never ask you to enter personal information in a text or email. This includes credit or debit card numbers, bank account details and Netflix passwords. If you think your account has been compromised, Netflix advises you to contact it directly using the details on this page.

Romance fraud

Romance fraud occurs when a person you’ve met through an online dating website or app uses a fake profile to build a relationship and gain your trust before asking you for money or information to steal your identity.

Tell-tale signs include asking you lots of personal questions but disclosing very little about themselves; and exploiting your trust by inventing a reason to ask for your financial assistance, such as money to pay for a flight to visit you, or money for medical treatment for them or a family member. “Perfect” profile pictures can also be a giveaway and may have been stolen from a model or actor. Using the reverse image search tool on Google can help you find the original source of photos.

To avoid getting caught out by romance fraud, avoid revealing too many personal details when dating online, such as your date of birth or home address, which may result in your identity being stolen. Never send or receive money or share your bank details to someone you’ve met online, no matter how convincing their story is. And, if you’re online dating, choose a reputable site or app and use their messaging service, rather than switching to social media or texting, where messages can be deleted more easily.

According to Action Fraud, women are twice as likely to fall victim to romance fraud and investment fraud twice as men.

Paul Davis, retail fraud prevention director at Lloyds Bank, said: “Scammers do this for a living – they’re in it for the long game and will often spend a lot of time building up a ‘relationship’ and trust – they can invent convincing stories, waiting for the right moment to start tricking people into sending them money.

“If you’ve struck up a conversation or begun a relationship solely online and the discussion moves on to sending money, that’s the time to stop.”

Fraud recovery

As if being scammed once isn’t bad enough, data from the National Fraud Intelligence Bureau (NFIB) found that over £373 million was lost by repeat victims of fraud in the 2019/20 financial year, with the average victim losing £21,121. However, when someone reported at least one investment fraud, this figure jumped a staggering 300 per cent to £84,604.

A fraud recovery scam is when criminals contact victims pretending to be from their bank, a law enforcement agency, solicitors or “specialist recovery firm” claiming to be able to help them get their money back or compensation. Incredibly, this is often the same criminal targeting the victim again, or the victim’s personal details may have been sold on the dark web to other fraudsters. Scammers will usually ask for a fee for this “service” and may ask victims for their bank account details so they can “deposit” the recovered funds.

Mark Steward, executive director of enforcement and market oversight at the Financial Conduct Authority said: “Consumers should always be wary of cold calls and promises to recover funds lost to a scam, as these are often signs of an attempted recovery fraud taking place. If you’re under pressure to make a quick decision or a payment, there’s a very good chance you’re talking to a scammer.

“Be ScamSmart and check the FCA Register to make sure that the firm you are dealing with is authorised to perform the service they are providing for you, and use the contact details on the FCA Register.”

TV Licensing

While this particular scam was first identified by the NFIB in September 2018, scam emails purporting to be from TV Licensing resurfaced again in October 2020. Victims receive an email which states that there is a problem with their Direct Debit that needs addressing in order for them to continue watching TV legally at home.

Victims are then urged to click a link, which directs them to an authentic-looking website that prompts them to enter their home address and bank details, which are duly stolen by scammers.

TV Licensing say that in emails, it will include your name and part of your postcode, compared with scam emails which often just use your email address or “Dear customer”. All legitimate emails from TV Licensing come from donotreply@tvlicensing.co.uk (or donotreply@spp.tvlicensing.co.uk). If you think you’ve been a victim of a TV license scam, contact Action Fraud or email the government’s fraud service at report@phishing.gov.uk.

What can I do if I think I’ve been a victim of fraud?

If you think you’ve been a victim of fraud, you can contact Action Fraud for help and advice. You can also forward details of suspect scammer to the National Cyber Security Centre.

COVID-19 Phishing Emails

Beware of COVID-19 Phishing Emails

Leave a reply

Several new COVID-19 phishing email campaigns have been detected over the past few days that are exploiting fear about the novel coronavirus pandemic to deliver computer viruses and steal sensitive information.

People are naturally worried about getting infected with the real virus especially with the high fatality rate, so emails related to COVID-19 are likely to be opened.

Some of the phishing emails that have been intercepted are easy to identify as malicious. They are poorly written with spelling mistakes and grammatical errors, but some campaigns have been expertly crafted and are highly convincing and are likely to catch out many people.

The first COVID-19 phishing campaigns were detected in January and the number has steadily grown over the past few weeks. Many different threat groups are now using COVID-19 phishing lures to fool the unwary into disclosing credentials, visiting malicious links, or downloading malware.

The World Health Organization (WHO) has issued a warning after several phishing campaigns were detected that impersonated WHO. The emails claimed to provide essential information about cases in the local area along with advice on how to avoid infection. One of the most recently detected campaigns claimed to provide “Coronavirus Updates” with the emails containing a ZIP file attachment that appeared to be a PDF file – MYHEALTH.PDF. However, the file was actually an executable file – MYHEALTH.exe. If the file was opened, it triggered the download of GULoader, which in turn downloads Formbook malware from Google Drive. Another similar campaign included a Word attachment that downloaded the TrickBot Trojan, which is being used to deliver Ryuk ransomware as a secondary payload.

The Centers for Disease Control and prevention is also being impersonated. One campaign claims the novel coronavirus had become an airborne threat and warns of new cases in the local area. The emails appear to have been sent from a legitimate CDC email account – CDC-Covid19[@]cdc.gov. The emails include an attachment titled “Safety Precautions” which appears to be an Excel spreadsheet, but it actually a .exe executable file. Double clicking on the file attachment triggers the download of a banking Trojan.

Email and text-based phishing campaigns are targeting UK taxpayers and impersonate HM Revenue and Customs (HMRC). The emails include a legitimate HMRC logo and advise the recipients about a new COVID-19 tax refund program. According the emails, the refund program was set up in cooperation with National Insurance and National Health Services and allows taxpayers to claim back tax to help deal with the coronavirus pandemic. In order to receive the refund, the user is told they must supply their name, address, mother’s maiden name and their bank card number.

In the past few days, a web-based malware distribution campaign has been identified. Several websites are now displaying world maps and dashboards that allow people to track the spread of the virus and find out about the location of new cases. People are naturally concerned about cases in their local area, and the website maps are attracting a lot of visitors.

Shai Alfasi, a security researcher at Reason Labs, discovered several websites using fake versions of maps and dashboards. The websites prompt users to download an application that allows them to track infections in real-time. The application is an executable file that delivers the AZORult information stealer.

With COVID-19 infections increasing and showing no sign of slowing, COVID-19 phishing campaigns are likely to continue. Organizations should raise awareness of the threat of COVID-19 phishing attacks with their employees and ensure appropriate technical solutions are implemented to block web and email-based attacks.

CAPTCHA Phishing Scam

CAPTCHA Phishing Scam Targets Android Users

Leave a reply

A CAPTCHA phishing scam has been detected which is being used to trick users into downloading a malicious file that intercepts multi-factor authentication codes on a user’s smartphone. With the codes, hackers can perform a more extensive attack and gain access to a much wider range of resources such as email and bank accounts.

When a visitor lands on the phishing page, a check is performed to determine what device is being used. If the user is on an Android device, a malicious APK file is downloaded to their device. Any other platform will receive a zip file containing malware.

A fake version of the familiar Google reCAPTCHA is displayed on the phishing page. It closely resembles the legitimate version, although it does not support sound and the images do not change when they are clicked. The fake reCAPTCHA is housed on a PHP webpage and any clicks on the images are submitted to the PHP page, which triggers the download of the malicious file. This campaign appears to be focused on mobile users.

On an Android device, the malicious APK intercepts PIN codes from two-factor authentication messages, which allow the attackers to gain access to the user’s bank account. With these PIN codes, an email account can also be compromised, which would allow further accounts to be compromised by requesting password resets.

A successful attack could see several accounts used by an individual subjected to unauthorized access. Businesses are also attacked in a similar manner. Successful attacks on businesses could give the attackers access to huge volumes of sensitive company data and even infrastructure resources.

This method of delivering malware is nothing new and has been around since 2009. A CAPTCHA phishing campaign was detected in February 2018 attempting to download a malicious file, and a similar campaign was run in 2016.

A method of attack is adopted for a while then dropped. While it is possible to prepare the workforce for phishing attacks such as this through training, security awareness training alone is not enough as tactics frequently change, and new methods of attack are frequently developed.

As this attack shows, two-factor authentication is far from infallible. In addition to this method of obtaining 2FA codes, the SS7 protocol used to send SMS messages has flaws that can be exploited to intercept messages.

Security awareness training and 2FA are important, but what is required on top of these protections is a powerful anti-spam and anti-phishing solution. Such a solution will block phishing emails at the gateway and make sure they are not delivered to inboxes.

It is important to choose a solution that provides protection against impersonation attacks. Many phishing campaigns spoof a familiar brand or known individual. A solution that incorporates Domain-based Message Authentication, Reporting & Conformance (DMARC) will help to ensure that the sender of the message is genuine, by performing checks to make sure that the sender of the message is authorized to send messages from that domain.

Most anti-phishing solutions incorporate an anti-virus component that scans all incoming attachments for malware and malicious code, but cybercriminals are using sophisticated methods to evade detection by AV solutions. Files may include malicious code that is hard to detect. A sandbox is therefore required to execute suspicious attachments in a safe environment where they can be monitored for malicious activity. By testing attachments in the sandbox, malicious files can be identified and more genuine emails and attachments will arrive in inboxes.

What is phishing?

What is phishing?

Leave a reply

Phishing is a kind of scam that happens online, where criminals send emails which appear to have come from a legit company and request you to provide some sensitive information. They do this by including a web-link that supposedly directs you to the company’s website. Thereafter, you are asked to provide your personal information by filling an online form on the scammer’s ‘website’. Their ‘fake link-site’ is designed in such a way that the information you provide is directly received by these crooks who are behind the scam. The kind of information they request for may include credit card numbers, usernames, passwords, account numbers, and much more.

Clues That May Indicate An Email is From A Scammer

The email in most times is not addressed to the recipient, probably because the scammer doesn’t know the recipient. The Identifier “Dear Customer” is used so many times.

  • When you try to log in to their ‘web account’, it could easily indicate that you have exceeded the number of login attempts allowed, yet you have never even logged in.
  • Their messages often contain grammatical errors: Tricking words such as ‘Online Banking’ could all be capitalized. And, if you continue reading keenly, you will find so many wrong sentences that do not make any sense grammatically. Most people usually scan emails quickly, and therefore small grammatical errors could go unnoticed.
  • They insist on assuring the recipients by encouraging them to confirm ‘their’ email by using a scammer link they provide.
  • A true email address gets displayed when the mouse is made to hover over any link on that particular page. I doubt if there exists a company that has all these kind of actions pointing to the same link. This is just directly a scam!

If you happen to see anyone kind of these flaws, that’s just enough for you to know that email is an attempt of phishing.

How To Protect Yourself From Online Email-Scams

1. Use your own link

In case you use the company often, you most likely have a bookmark for the site you can use. If not, use an online search engine such as Google and type in the company’s name. you can then use the genuine link to go to the correct site. If the email is legit, the information you will see is the same as the one you have when you log into your account on the legitimate site. This is just the ONLY way to guarantee that you land on the legit site.

2. Detection software

Install a software that will help you identify malicious sites so that you can get to know whether the site you found is legitimate. Most browsers now have add-ons that can be turned on to provide alerts if a site you are about to fall victim by clicking a malicious link. Be mindful to only install add-ons from the store and watch out for phishing add-ons for browsers.

If you happen to find out that you have already fallen victim to a phishing scam, the best option is to change all of your passwords, immediately.