Tag Archives: phishing

Online casino scam

These online casino emails never pay what they promise

Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails.

Many of the larger online casinos utilize an affiliate program that allows other websites or influencers to promote their products and earn a commission for anyone who signs up for an account.

To refer users, the affiliates will create specially crafted URLs that contain an affiliates ID or drops a cookie that allows the casino to give them credit when a referral registers a new account.

This week, BleepingComputer was told about an online spam campaign conducted by affiliates of online casinos that are bombarding users with misleading emails stating they won the ‘Grand Prize,’ that a large cash payout is ready, or that the recipient needs to confirm their account.

After being told about the campaign, we took a look at the spam folder for one of our emails accounts and saw that we too are heavily targeted with this spam campaign, as shown below.

List of spam emails

While Gmail has done an excellent job marking these types of emails as spam, other free email services may not do as good of a job, and the spam could make it into the general mailbox.

For example, below are two affiliate spam emails for Raging Bull Casino and Royal Ace Casino. You can see that they promise a payout of $3,500 or a betting strategy will be shared after confirming their online account.

Royal Ace phishing

When clicking on the links, the user is redirected through another site that drops an affiliate cookie and then redirects them to the casino.

As you can see below, the redirection to Raging Bull Casino includes the affiliate ID (affid) in the URL so that the affiliate can get credit for the signup.

Raging Bull Affiliate

As you can imagine, when you sign up for the account expecting a nice payout waiting for you, there is no payout waiting for you. Instead, the only one making money is the affiliate who sent you the email.

BleepingComputer has reached out to the online casinos listed in the article and their affiliate managers, if available, but did not receive a response.

If you receive these types of emails, simply mark them as spam so that your email provider’s spam filters will be trained to recognize them in the future.

CAPTCHA Phishing Scam

CAPTCHA Phishing Scam Targets Android Users

A CAPTCHA phishing scam has been detected which is being used to trick users into downloading a malicious file that intercepts multi-factor authentication codes on a user’s smartphone. With the codes, hackers can perform a more extensive attack and gain access to a much wider range of resources such as email and bank accounts.

When a visitor lands on the phishing page, a check is performed to determine what device is being used. If the user is on an Android device, a malicious APK file is downloaded to their device. Any other platform will receive a zip file containing malware.

A fake version of the familiar Google reCAPTCHA is displayed on the phishing page. It closely resembles the legitimate version, although it does not support sound and the images do not change when they are clicked. The fake reCAPTCHA is housed on a PHP webpage and any clicks on the images are submitted to the PHP page, which triggers the download of the malicious file. This campaign appears to be focused on mobile users.

On an Android device, the malicious APK intercepts PIN codes from two-factor authentication messages, which allow the attackers to gain access to the user’s bank account. With these PIN codes, an email account can also be compromised, which would allow further accounts to be compromised by requesting password resets.

A successful attack could see several accounts used by an individual subjected to unauthorized access. Businesses are also attacked in a similar manner. Successful attacks on businesses could give the attackers access to huge volumes of sensitive company data and even infrastructure resources.

This method of delivering malware is nothing new and has been around since 2009. A CAPTCHA phishing campaign was detected in February 2018 attempting to download a malicious file, and a similar campaign was run in 2016.

A method of attack is adopted for a while then dropped. While it is possible to prepare the workforce for phishing attacks such as this through training, security awareness training alone is not enough as tactics frequently change, and new methods of attack are frequently developed.

As this attack shows, two-factor authentication is far from infallible. In addition to this method of obtaining 2FA codes, the SS7 protocol used to send SMS messages has flaws that can be exploited to intercept messages.

Security awareness training and 2FA are important, but what is required on top of these protections is a powerful anti-spam and anti-phishing solution. Such a solution will block phishing emails at the gateway and make sure they are not delivered to inboxes.

It is important to choose a solution that provides protection against impersonation attacks. Many phishing campaigns spoof a familiar brand or known individual. A solution that incorporates Domain-based Message Authentication, Reporting & Conformance (DMARC) will help to ensure that the sender of the message is genuine, by performing checks to make sure that the sender of the message is authorized to send messages from that domain.

Most anti-phishing solutions incorporate an anti-virus component that scans all incoming attachments for malware and malicious code, but cybercriminals are using sophisticated methods to evade detection by AV solutions. Files may include malicious code that is hard to detect. A sandbox is therefore required to execute suspicious attachments in a safe environment where they can be monitored for malicious activity. By testing attachments in the sandbox, malicious files can be identified and more genuine emails and attachments will arrive in inboxes.

online phishing scam

Five smart things you should know about phishing

1. Phishing refers to the practice of sending e-mails posing as a genuine service provider and seeking to access confidential information about credit cards and bank accounts.

2. Such e-mails are designed to mislead the investor. Misaligned logos, expanded or contracted photos, or signatures with dubious designations are a giveaway.

3. Look for spelling and punctuation errors and unnecessary use of technical language. The drafts of these mails are not subject to quality checks of the original bank or institution.

4. No bank or service provider will ask you to open an attachment or click a link on a mail. Always access websites using the URL of the bank.

5. The messages that call for urgent action or dire consequences are usually spam. Banks do not send such communication through e-mails.

What is phishing?

What is phishing?

Phishing is a kind of scam that happens online, where criminals send emails which appear to have come from a legit company and request you to provide some sensitive information. They do this by including a web-link that supposedly directs you to the company’s website. Thereafter, you are asked to provide your personal information by filling an online form on the scammer’s ‘website’. Their ‘fake link-site’ is designed in such a way that the information you provide is directly received by these crooks who are behind the scam. The kind of information they request for may include credit card numbers, usernames, passwords, account numbers, and much more.

Clues That May Indicate An Email is From A Scammer

The email in most times is not addressed to the recipient, probably because the scammer doesn’t know the recipient. The Identifier “Dear Customer” is used so many times.

  • When you try to log in to their ‘web account’, it could easily indicate that you have exceeded the number of login attempts allowed, yet you have never even logged in.
  • Their messages often contain grammatical errors: Tricking words such as ‘Online Banking’ could all be capitalized. And, if you continue reading keenly, you will find so many wrong sentences that do not make any sense grammatically. Most people usually scan emails quickly, and therefore small grammatical errors could go unnoticed.
  • They insist on assuring the recipients by encouraging them to confirm ‘their’ email by using a scammer link they provide.
  • A true email address gets displayed when the mouse is made to hover over any link on that particular page. I doubt if there exists a company that has all these kind of actions pointing to the same link. This is just directly a scam!

If you happen to see anyone kind of these flaws, that’s just enough for you to know that email is an attempt of phishing.

How To Protect Yourself From Online Email-Scams

1. Use your own link

In case you use the company often, you most likely have a bookmark for the site you can use. If not, use an online search engine such as Google and type in the company’s name. you can then use the genuine link to go to the correct site. If the email is legit, the information you will see is the same as the one you have when you log into your account on the legitimate site. This is just the ONLY way to guarantee that you land on the legit site.

2. Detection software

Install a software that will help you identify malicious sites so that you can get to know whether the site you found is legitimate. Most browsers now have add-ons that can be turned on to provide alerts if a site you are about to fall victim by clicking a malicious link. Be mindful to only install add-ons from the store and watch out for phishing add-ons for browsers.

If you happen to find out that you have already fallen victim to a phishing scam, the best option is to change all of your passwords, immediately.