Online Fraud Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Wed, 11 Sep 2024 05:26:53 +0000 en-US hourly 1 https://wordpress.org/?v=71057 200474804 McAfee Scam Email https://gridinsoft.com/blogs/mcafee-scam-email/ https://gridinsoft.com/blogs/mcafee-scam-email/#respond Tue, 10 Sep 2024 14:51:29 +0000 https://gridinsoft.com/blogs/?p=11280 The McAfee email scam is a dangerous form of phishing fraud targeting users’ accounts at this antivirus vendor. Fraudsters lure users with appealing offers or urgent notifications about changes in terms, requiring immediate attention. This scam exhibits many variations and can have numerous consequences. McAfee Email Scam Targets Your Credentials This phishing scheme involves emails… Continue reading McAfee Scam Email

The post McAfee Scam Email appeared first on Gridinsoft Blog.

]]>
The McAfee email scam is a dangerous form of phishing fraud targeting users’ accounts at this antivirus vendor. Fraudsters lure users with appealing offers or urgent notifications about changes in terms, requiring immediate attention. This scam exhibits many variations and can have numerous consequences.

McAfee Email Scam Targets Your Credentials

This phishing scheme involves emails that guide users to a malicious webpage, mimicking the design of a simple login site. While scams involving email messages from strangers may employ various tactics, this particular scam impersonates routine notifications from McAfee concerning account details or user licenses. Offers might include a free license for one year, a prompt to approve changes to McAfee policies, or a reminder to renew a soon-to-expire license. However, the phrasing of these messages often renders them suspicious, as genuine communications from McAfee would not include such claims. Is there a specific McAfee scam email circulating in 2023 within the cybersecurity community?

McAfee scam email
The example of a fake renewal message

At the bottom of the email, or within the text itself, there is a link or button you can click to get more details. Regardless of the lure, it leads to a phishing page—one that mimics the McAfee login page or a fraudulent survey site. The former is typical of more alarming messages, while the latter usually accompanies offers of gifts. Does McAfee send these types of emails?

The phishing login page features only two states: the default one and a “wrong login/password” notification beneath the credential fields. No matter what you enter, the information is sent directly to fraudsters who can then take control of your account. Additionally, from the phishing page designed to steal your credentials, the site may also include a download button. This button could install software that you would never willingly download, such as adware or rogue applications, which are commonly linked to such scams.

McAfee email scam giveaway
McAfee scam: Fake giveaway messages looks like this

Pseudo-giveaway that promises you a gift will likely ask you for your personal information. Shady persons on the Darknet are willing to pay a lot for a database of users’ information. The pack of name/surname/physical address/email address/system information et cetera gives a lot of advantages for other scams.

Rarely, the message may contain the attached file, and the text allows you to open it instead of following the link. In this file, you’re supposed to see details about the changes in the terms or other stuff they used as a disguise for a letter. This attachment (often a .docx or .xlsx document) contains a virus.

How Dangerous is the McAfee Email Scam?

The main risk associated with following the instructions in a scam email is the theft of your account credentials and personal information. While sharing information with various online services might seem commonplace, these services are typically bound by GDPR rules to keep your data confidential. However, cybercriminals obtaining your information through phishing do not adhere to any rules or laws. Often, this stolen information is compiled into databases and sold on the Darknet, where the new owners are unlikely to have benevolent intentions.

Your McAfee account credentials are particularly valuable as they serve dual purposes. Possession of your account allows a criminal to steal your license key, which might be used to activate a pirated copy of the software or sold online at a fraction of the price you originally paid. If your license covers multiple devices, prepare for potential unauthorized users, or “squatters“, on your account. Additionally, stolen credentials can be added to databases of leaked passwords and logins, which are often utilized in brute force attacks to crack other accounts.

The injection of malware via an email attachment represents another significant threat. Unlike identity theft or account hacking, which may not have immediate effects, malware begins to operate as soon as it is launched. Phishing scams, such as those mimicking McAfee, have become a primary method for distributing malware, posing a serious risk to both individual users and corporations due to human vulnerabilities. The most common types of malware distributed this way include stealers, spyware, and ransomware, which can lead to compromised accounts and encrypted data—a highly undesirable outcome.

How to Protect Yourself from McAfee Email Scams?

The good news about most email scams is that they can easily be mitigated by simple attentiveness. Upon receiving a suspicious email, it is crucial to scrutinize both the body and header of the message. Even the most sophisticated forgeries will contain discrepancies that don’t match the original communications. Simpler scams often exhibit other telltale signs that can help you identify the deceit. So, how can you stop McAfee scam emails?

Typos and Grammatical Errors

Despite the prevalence of online spell checkers, scammers often neglect to use them, resulting in numerous errors in their messages. Poor English, missing punctuation, and subpar design are not features of official communications. The presence of these errors is a clear indicator of a fraudulent email.

McAfee email scam
That message does not look like a regular McAfee invoice

Link address

Genuine messages may contain links to their website – for instructions, for example. However, they always belong to the original sender’s domain (mcafee.com for the genuine McAfee email message case). If you see the link to a dubious page, like WebProtectionProgram, or a short link, that is the reason to avoid clicking it. Official mailing never contains links to external sites and never applies using short links.

While using the Internet is impossible without the annoying forwarding of letters over the network. How to legally get spam email revenge?

Sender’s email address

There are official email addresses companies use for mailing or conversations. They are often listed on their website. Receiving a letter that pretends to be sent by McAfee support, but the sender is mikey19137@aol.com does not look trustworthy. In complicated situations, crooks may try to use email addresses that look related to the sender. That’s why it is better to review the contacts on the website. For McAfee, those are the following:

info@authenticate.mcafee.com
Info@notification.mcafee.com
info@protect.mcafee.com
info@smmktg.mcafee.com
info@smtx.mcafee.com
info@mailing.mcafee.com
info@communication.mcafee.com
info@protect.mcafee.com.cname.campaign.adobe.com
donotreply@authentication.mcafee.com
donotreply@mcafee.com
consumersupport@mcafee.com
donotreply@authentication.mcafee.com
mcafeeinc-mkt-prod2@adobe-campaign.com
noreply@mail.idtheftprotection.mcafee.com
research@mcafee.com
mcafee@mail.email-ssl.com
no_reply@mcafee.com
no-reply@mcafeemobilesecurity.com

Strange Offers and Unusual Notifications

Giveaways, quizzes, or notifications about account blocking are not typical for reputable companies. They may contact you if there are issues with your account that need resolving, but you would likely be aware of these issues beforehand. Conversely, offers that require you to share personal information in exchange for a prolonged license are never legitimate. Coupled with the other signs we’ve discussed, these offers clearly indicate a fraudulent message.

What is Geek Squad email scam, and how to avoid and stay safe? It informs you about the transaction made in your account, but you don’t remember anything about the purchase.

Is it Possible to Avoid Email Spam in the Future?

Receiving email spam does not necessarily mean something bad has already happened. Scammers often buy databases filled with random email addresses and send out mass emails hoping to lure someone into a scam. If you do not respond or click on any links, scammers will likely remove you from their list eventually. However, any engagement, such as replying or clicking a link, signals to them that your account is active and susceptible to scams. Experts note that any interaction with a fraudulent email can lead to a significant increase in spam.

Several strategies can help reduce the amount of spam you receive and make it easier to differentiate between genuine and fraudulent emails. First, use a separate email address for registrations on websites or at events where you have concerns about their credibility. Some sites may not prioritize protecting their clients’ data and might sell their databases to third parties. While not always malicious, this practice can lead to unwanted exposure for your primary email address. Using a secondary email address as a buffer can help protect your main accounts from suspicious activities, ensuring greater security for your personal or work emails.

Report suspicious email
Report about suspicious email

Another tip involves reporting suspicious emails. While most email services employ advanced anti-spam engines to filter out the bulk of spam, no system is perfect. You might still find McAfee phishing emails in your inbox. Reporting these deceptive messages is straightforward: simply click the button with three dots on the message and select “Report Spam.”

Conclusion

In the fight against email scams, especially sophisticated ones like the McAfee email scam, proactive protection is key. While following the tips outlined above can significantly reduce your risk of falling victim to these scams, having robust antivirus software can provide an additional layer of security. We recommend using Anti-Malware for its effective detection and removal of malware threats.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post McAfee Scam Email appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mcafee-scam-email/feed/ 0 11280
Virus Alert (05261) Scam https://gridinsoft.com/blogs/virus-alert-05261-scam/ https://gridinsoft.com/blogs/virus-alert-05261-scam/#comments Fri, 23 Aug 2024 17:32:14 +0000 https://gridinsoft.com/blogs/?p=26414 “Virus Alert (05261)” is a scam pop-up message you can see on a website that looks like a Microsoft page, but with a strange URL. It tries convincing people about their system being in trouble. As proof of it, they show a banner saying about outdated apps, incorrect privacy settings, and more critical problems. The… Continue reading Virus Alert (05261) Scam

The post Virus Alert (05261) Scam appeared first on Gridinsoft Blog.

]]>
“Virus Alert (05261)” is a scam pop-up message you can see on a website that looks like a Microsoft page, but with a strange URL. It tries convincing people about their system being in trouble. As proof of it, they show a banner saying about outdated apps, incorrect privacy settings, and more critical problems. The banner eventually demands calling a helpline, which appears to be a contact of fake tech support.

Fake Microsoft support is a rather popular fraudulent scheme, where victims are lured into a phone call with a scammer by the means of social engineering. Successful attack results in compromising users’ privacy, installation of unwanted apps or even malware. In this post, I will explain how to avoid such sites in the future. Also, you will see all the social engineering tricks that the frauds use to force the user into this trap.

Virus Alert (05261)

Virus Alert (05261) is the title of a banner you can encounter on a scam website. It tries to copy the appearance of a genuine Microsoft Office 365 page, but also adds several banners on top of the background. This banner says about your system being “locked due to unusual activity. Error Ox800xdfy”. Below, there is a pitiful infographic showing critical troubles like “browser cookies”, “slow startup apps” and “registry entries”. Lower, under the “Fix issues”, there is a phone number, that the user should allegedly call to solve the issue.

Virus alert (05261) scam page example

Typically for such scam websites, it plays a scary sound alert, and switches to full-screen mode after a click on the website. It does not matter where exactly the click has happened – the website will intercept it either way and go fullscreen. The latter may happen randomly, and with the fullscreen, all things start looking like the system is really locked. This is, in fact, a starting point of the scam.

Key target of the Virus Alert (05261) scam site is to make the user call the helpline phone, listed at the bottom part of both banners. This number leads to the fake Microsoft tech support – a part of a rather popular scam network that attacked users from Europe and both Americas. Even though the FBI once disrupted a large part of that network, it keeps rolling at the same scale.

“Virus Alert (05261)” Overview

Website Firewall-alert-windows-hlslj.ondigitalocean.app (scan report)
Threat type Fake Tech Support Scam
Source Redirect from a shady page, adware activity, pop-up notifications spam
Risk Installation of unwanted applications, personal information exposure

The content in “Virus Alert (05261)” scam pop-up:

Virus Alert (05261) !!
Microsoft Windows locked due to unusual activity. Error: 0x800xdfy
Security
Networks are safe
Virus free
14 outdated apps
Privacy
19 privacy settings to fix
434 browser cookies
Performance
10.4 GB to free up
21 slow startup apps
377 registry entries
Fix Issues Show details

Your system has been reported to be infected with Trojan-type spyware.
For assistance, contact Microsoft Support
+1-844-216-9800 (Helpline)

Fake Microsoft Tech Support Scam Risks

Upon calling the said number, the user will face a pseudo-support manager that will continue convincing the user about their PC being full of problems. Bugs, outdated software, lack of free space, or malware – they can choose almost any pressure point. While on the line, the user gets the instructions to download TeamViewer, UltraViewer, or another remote connection tool, and grant the scammers access to the device. After that, they are free to do anything with the device: access sensitive data, download or upload files, and even read messages.

But what that connection is used for is the installation of unwanted applications, presented as a “professional PC help”. The latter is of a specific kind: usually, they offer “system cleaners”, “PC speed-up utilities” or things like that. Either way, this software will once again show you a myriad of problems, only to ask you to pay for solving them. As you may have guessed, all the troubles are one big mystification.

Social Engineering Tricks and Mistakes of “Virus Alert (05261)” Scam

Now, let’s talk about methods that con actors use to make the scam work. The main thing that allows for all this to happen is users’ low awareness about malware, PC issues, and how Microsoft handles them. A tech giant from Redmond physically cannot reach out to every single user who has a problem. For malware-related issues, they have Microsoft Defender – an antivirus that is built into every Windows installation. However, privacy issues, outdated apps, and performance issues are not in their scope. Therefore, the existence of such websites is a scam alert by itself.

The Banner on the top layer of the page contains a bunch of technical terms, which have low to no correlation nonetheless. It says about systems being locked, creating fear, shows error codes and “scan results”, making the page look like some genuine Microsoft alert.

Aforementioned full-screen mode and a scary beeper sound add even more intimidation to the page. One careless click on the page – and the victim feels trapped inside. Combine it with a sound alert repeating lines about the PC being locked and all the data being in danger – and you just got the handbook definition of fear mongering. That adds just another layer of fear, making the user even more malleable for further demands.

So, in summary, things that scams ride on are fear of technologies, fear of being hacked, and low level of PC knowledge. One can’t help but notice the skillful application of social engineering – frauds really put effort into making it. It’s a good thing they’ve decided to put almost no effort in the rest of the elements of the scam.

Mistakes and More Nonsense

Even having just a tiny bit of computer skills and knowledge puts the majority of contents of the scam website in question. First is the error code displayed on top of the “main” banner – Ox800xdfy. Aside from the fact that this code does not exist – why would the unusual activity ever lead to an error code? And why does it start with “O”, the letter, instead of 0 (zero)?

The deeper a tech savvy person gets into the site, the more questions will surface. It lists outdated apps as a problem – fair enough, but how could the website know the apps are out of date? Why won’t Microsoft just show a notification in the Settings app? Same story is about privacy settings to fix. And those were the only things that somewhat correspond to the “virus alert” title.

Other points of the banner say about “browser cookies”, “space to free up”, “slow startup apps” and “registry entries”. This, in turn, is not even remotely close to the claimed virus problems or unusual activity. And for any tech savvy person, each of these claims are just ridiculous, and look like a set of randomly picked names of system elements. Once again, fraudsters did not put a lot of effort into creating a trustworthy look for the scam page, sticking to buzzwords instead.

Where did it appear from?

There are several ways for the Virus Alert (05261) scam to appear in the browser. All of them, however, hint at the unwanted activity that is happening in the system.

First and the most widespread one is the redirection from a dodgy website. Pages with pirated games, programs or movies often have the redirect links injected into buttons on the website. Typically, site masters choose popular ones, like “download” or “play”. The scam page will open shall the user click on the link (which they definitely will).

Another reason is the pop-up ads from a different scam site. There is a whole category of browser infections that parasite on push notification functionality of modern browsers. It is not hard for the user to get into one, and after that, they start receiving dozens of pop-up notifications. Clicking on one typically throws the person to a scam page, with the subject of this article being among them.

Third, but still a highly possible occasion, is the malware activity. Akin to push ads that I’ve just described, adware and browser hijackers can open random websites in the browser. As a result, the user gets exposed to a whole bunch of different scam pages. This is actually more dangerous than the other situations, as the actual malware may collect a lot of user information.

How to protect against online scams?

Despite how different they are, it is rather easy to secure yourself against the majority of online scams. One key rule is staying critical about what you see. If it is too good to be true (awards from Google for being a billionth user) or telling nonsense (like Virus Alert (05261)), they should not be taken for granted. Never call the number such websites say to call and never share your personal information with them – that will be enough to mimimize the potential damage.

Aside from your own attention, a reliable anti-malware software will come in handy. GridinSoft Anti-Malware comes with a network protection system that will intercept and block the malicious website before it can do any harm. And it is effective against regular malware, too, so your device will have excellent protection from all malware injection vectors.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post Virus Alert (05261) Scam appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/virus-alert-05261-scam/feed/ 1 26414
New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps https://gridinsoft.com/blogs/new-telegram-scam-digital-wallets/ https://gridinsoft.com/blogs/new-telegram-scam-digital-wallets/#respond Wed, 24 Jul 2024 22:55:37 +0000 https://gridinsoft.com/blogs/?p=25888 A new Telegram scam has emerged, leveraging bots functionality of the application and offering fake earning schemes. Scammers impersonate official bots of popular digital wallet brands, tricking users into investing their money into non-existent ventures. Further, they simply cut any communications, leaving users with no money and no promised returns. Telegram Bots Mimic Digital Wallet… Continue reading New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps

The post New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps appeared first on Gridinsoft Blog.

]]>
A new Telegram scam has emerged, leveraging bots functionality of the application and offering fake earning schemes. Scammers impersonate official bots of popular digital wallet brands, tricking users into investing their money into non-existent ventures. Further, they simply cut any communications, leaving users with no money and no promised returns.

Telegram Bots Mimic Digital Wallet Brands, Promote Questionable Apps

Recent research reveals a new scam scheme that combines Telegram bots and fake earning schemes. Scammers create bots in Telegram that pose as the official bot of a specific digital wallet, and offer easy earnings after completing the tasks. Victims are asked to register in a referral system, provide access to their digital wallet, and perform simple tasks. They usually about installing a strange app from the APK file, playing same strange games, watching ads and so on. Additionally, the scammers actively encourage the victims to share this scheme with friends and family, promising generous rewards for each referred friend.

Telegram bot screenshot
Telegram bot

This scam mainly spreads through social media, comments under videos on related topics, and in fake communities. At the moment it is a local threat targeting Indonesian users. However, there is a good chance it will eventually spread to other countries, as the scheme is extremely easy to replicate. Initially, frauds may allow the victim to withdraw funds – mostly at the very beginning, and with small sums. This is done to lull the victim into a false sense of security and to convince them that investing is safe. After investing, the victim is asked to perform the tasks for which they are promised rewards. However, ultimately, the scammers obtain the victim’s confidential information, funds and wallet data.

How Does This Scam Work?

The entire scam process can be roughly divided into stages. The first stage is gathering an audience, which aims to attract potential victims. Scammers use social media platforms like Facebook and TikTok for this purpose. Often, a link to the Telegram bot is placed under themed videos on TikTok, such as those about Hamster Combat tap-game. Though, more promotion ways may appear further, including ones in Telegram itself.

Tiktok comments screenshot
Comments on the TikTok

Retaining The Victim

The next stage is pushing the victim into continuous participation in the scam. As mentioned earlier, frauds use Telegram bots that impersonate well-known digital wallet brands. Main part of all this is built on two things: completing tasks and introducing new people through referral links. Through the bot messages, they motivate the user to bring in as many new users as possible and do the tasks in order to increase the reward.

Moreover, there are specific minimum requirements that, if not met, leave the user without any reward. For example, the user receives 10,000 Indonesian Rupiah (~62¢) for each referred friend. However, the minimum number of referred users is 15, and the minimum withdrawal amount is 100,000 Indonesian Rupiah (~$6.15). Also, the victim should be subscribed to the Telegram channel led by scammers, otherwise they will not be rewarded at all.

Main Act of the Fraud

After attaching the victim to the scam, the bot starts sending them the tasks – installing certain programs from shady websites (as .APK files), browsing through pages that appear as phishing, and watching ads. There were legitimate earning schemes in the past that offered a certain pay for such actions, thus it does not look like a complete ripoff at a glance. Nonetheless, these older schemes never offered installing gambling apps, some dodgy games that collect a lot of user data, or, moreover, get to phishing websites.

Eventually, when the reward is getting closer to the withdrawal threshold, the bot simply stops communicating with the victim. At first, the tasks appear slower and slower, and at some point you will just see the message saying “no tasks available”. This is, in fact, the culmination of the scam.

Fake Community

To enhance their credibility, scammers have created groups on Telegram and WhatsApp where they post news and interact with users. Often, to join such a group, the victim must make an initial deposit. However, in some cases, scammers may add an interested user without requiring a deposit. In these groups, more experienced “investors” share stories and screenshots of their “earnings,” thereby increasing the trust of new victims.

Despite these Telegram bots and communities associating themselves with well-known wallets, they obviously have no real connection to them. As a result, after some time, users are left with nothing. When they attempt to withdraw funds, they are directed to customer support, which promises that everything will be done soon. Additionally, besides losing money, victims provide scammers with confidential information that can later be reused in other scams.

Another side of that fraud that is not that obvious is the outcome of the installation of shady APK files. While Google Play is not the most reliable app source, it will still stop the most blatant malware. But when you side-load an APK file, any checks are only on you. And that is the main problem here: victims are simply blinded by the rewards, and consequently pay no attention to what they install. This may – and will – result in data loss and identity theft.

Why Is This So Popular?

Although similar scams have existed before, they are currently experiencing a significant boom. There are several reasons, including widespread digitalization and the popularity of digital assets and tokens. For example, apps like “Hamster Combat” and similar ones attract users who are eager for easy earnings. Scammers exploit this trend by creating fake referral programs and investment schemes to lure users and gain access to their funds.

The second reason is the lack of sufficient moderation on social media platforms. As mentioned earlier, the primary source of this scam is social networks, where the audience is often not technically savvy. Consequently, users frequently encounter ads and comments containing links to fraudulent websites and apps. Although artificial intelligence is increasingly being used in moderation processes, scammers also use AI to bypass these measures. As a result, naive users fall victim to this arms race.

New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps

The post New Telegram Scam Mimics Digital Wallets, Promotes Shady Apps appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/new-telegram-scam-digital-wallets/feed/ 0 25888
Fake Instagram Hacking Services https://gridinsoft.com/blogs/fake-instagram-hacking-services/ https://gridinsoft.com/blogs/fake-instagram-hacking-services/#comments Tue, 02 Jul 2024 16:01:15 +0000 https://gridinsoft.com/blogs/?p=25448 Instagram hacking scams is an old-new direction of online fraud that targets people who want to get into someone’s accounts on social media. Frauds poison search results, gather the users interested in such a service and push them to shady pages or ones that promote commercial spyware. A key risk for users here is the… Continue reading Fake Instagram Hacking Services

The post Fake Instagram Hacking Services appeared first on Gridinsoft Blog.

]]>
Instagram hacking scams is an old-new direction of online fraud that targets people who want to get into someone’s accounts on social media. Frauds poison search results, gather the users interested in such a service and push them to shady pages or ones that promote commercial spyware. A key risk for users here is the possibility of money loss, malware injection, or identity theft.

Instagram Account Hacking Scams Overview

Hacking into someone’s Instagram account was – and remains – a dream for quite a few people out there. Moral aspect of this, well, I won’t discuss that in that article, but the scammers definitely aim at exploiting this gray-zone wish. Quite a few websites popped up recently, offering the ability to hack the password of any Instagram account in just a few clicks.

Instagram hacking site
Example of a site that offers fake hacking services for Instagram accounts

Upon opening the site and entering the username in question, the user will see the alleged hacking process. Some of the sites talk about performing a brute force attack (which is fairly realistic), while others are “injecting commands” or “RCE injections“. For anyone who is at least remotely familiar with how these things work, these sites look as nothing but ridiculous lies.

Fake hacking process

List of scam hacking websites (updating)

URL Information
Instahack.thegen.org Scan Report
Instagramhackonline.com
Wordbeep.com Scan Report
Hs-panel.com

But the ending of all this is even more interesting. The site shows the alleged “Hack successful” page, but then a pop-up message appears saying that the account is well-protected. For hacking it, the user should click the button and follow the instructions. And this is where the main course of this scam kicks in.

Protected account pop-up

In my observation, the button on several different websites redirected me to a payment page of a shady commercial spyware; each scam appears to promote a different one. Buying the spyware should allegedly help with accessing this Instagram account. However, other people, particularly from North America, report about the click throwing them to other, much less safe sites. Among them are notification spam sites, websites that offer to download some sketchy software, or even outright phishing pages.

Malicious ad screenshot
Malicious ad offering to install an extension

Promoting Through Hacked Legitimate Websites

The way these scams are promoted is also worth attention. They primarily target Google search results for queries like “Instagram hacking” or “Hack Instagram account”. But the search engine will never let the exact hacker page get to the top of results. What they do instead is inject corresponding keywords into files and directories of legit and well-established websites. That practice is also known as SEO poisoning, however, in this case, we see the modernized variant of one. This does not in fact require any hacking; the sites of choice should have the indexing of uploaded documents enabled, so the keyword spam will get into Google search index.

Instagram hacking SEO poisoning
Poisoned search results

Once the user clicks on what looks like a result from a well-established site, they are getting redirected to one of the scam pages from the list above. Among the sites infested with such documents are mostly ones of government organizations. There are also several GitHub pages that Google may display, but all of them are taken down at the moment. Government sites, as usual, have much less snappy moderation, so I expect these poisoned results to hold up for some time. In the past, other fraudsters used the same exact practice to redirect people searching for Roblox money generator cheats to fake tech support pages.

Is Instagram Hacking Any Real?

In fairness, it is really possible to hack someone’s account, not only on Instagram, but on pretty much any website. Of course, I am not talking about dodgy sites I’ve mentioned above. With a fair amount of social engineering, OSINT, brute force or even phishing, one can get access to almost anything. All these methods, complemented with phishing and infostealer malware injection, form the basis for modern cyberattacks.

The ways to secure your account against such tricks are simple and are repeated in different places dozens of times. Set secure passwords, multi-factor authentication, login notifications to your devices, change passwords once in a 2-3 months, and chances of getting hacked will decrease by orders of magnitude.

How to Avoid Scam Instagram Account Hacking Pages?

To be sure about online services you have stumbled upon, regardless of their purpose, consider using Domain Checker. This free service checks websites for safety through the selection of characteristics, and will clearly show whether you may or may not trust the site.

But to have an on-the-move online security, opt for using GridinSoft Anti-Malware, that has the same exact website checking system built into Online Security module. Such protection will stop any malicious sites from opening even before they can harm you.

Fake Instagram Hacking Services

The post Fake Instagram Hacking Services appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/fake-instagram-hacking-services/feed/ 4 25448
Hello Perv https://gridinsoft.com/blogs/hello-perv-email-scam/ https://gridinsoft.com/blogs/hello-perv-email-scam/#respond Wed, 26 Jun 2024 16:29:32 +0000 https://gridinsoft.com/blogs/?p=23059 “Hello perv” is the name for an email scam that got its name from the eponymous title. It aims at scaring the user and asking them to pay the ransom in cryptocurrency, in exchange for not publishing explicit content. These emails are sent in thousands, targeting people all around the world, sometimes even misfiring by… Continue reading Hello Perv

The post Hello Perv appeared first on Gridinsoft Blog.

]]>
“Hello perv” is the name for an email scam that got its name from the eponymous title. It aims at scaring the user and asking them to pay the ransom in cryptocurrency, in exchange for not publishing explicit content. These emails are sent in thousands, targeting people all around the world, sometimes even misfiring by sending these letters to tech support addresses.

Such scam emails typically straddle users’ unawareness about how malware and the overall cybercrime world normally work. They take the claims about collected personal information for granted and obey any of the further guidelines. However, there are quite a few signs of these messages being complete and utter scams, and I am going to reveal all of them in this post.

Hello Perv Email Scam Overview

Hello Perv is an email scam that circulates for several months already, gaining significant popularity at the end of June 2024. Fraudsters send them to different emails in hundreds, if not thousands, hoping for gullible people to believe the text and follow the instructions. The email contains threats of publishing explicit graphical content that the hacker has allegedly collected using spyware.

Click to see the full email text
Subject: You are my victim.
Hello, Perv.
You’ve been looking at porn sites recently.
One at them had my virus on it.
When u started its video, your computer downloaded and launched my malicious software.
After that, I started your camera and recorded a video at u masturbating.
I’ve gathered all its contacts from your computer.
After that, I put together a video at your Masturbation and added videos with child porn.
In my version at its video, u masturbate to sex with kids.

I’m giving u its opportunity to save your life!
Below I will provide u with its address at My bitcoin wallet.

Send me 500 EURO in BTC.

BTC wlt – 1Pdf1QMXH7e9957vhMskAFKQNi79eoa9Rm, 1JVMTup4zuS1JMGXAYYRgvyr2PUmNnY6g2
(If you don’t know what bitcoin / write to buy bitcoin in Google)
You have 24 hours after reading its letter.
As soon as my wallet receives its payment , its system will automatically destroy all its dirt that I made.
If u need more time , open its notebook and write ” Plz 48″
In that case , u’ll have 48 hours to send me its money.
If after a time, I do not see its money in my wallet.
I’ll send my dirt to all your colleagues and friends right away.
I can see everything u’re doing on your computer , so don’t try to trick me.
If I understand that u’re just stalling, I will immediately send dirt on your contacts!
Hurry u have little time, save your life!

The demand of the email, as you can see above, is about sending a sum of money (typically ~€500) in Bitcoin to a cryptocurrency wallet. One outstanding detail here is that the hacker provides the ability to get extra time to pay the ransom. Overall, the email body is built around social engineering tricks, while having a lot of manipulative facts and logical mistakes. Let me explain each one of them, so you will have a better understanding of how con actors manipulate people and how to detect such scam emails in the future.

Revealing Introduction & Malware Description

Hello Perv fraudulent email did not really try to prolong the narrative. From the very beginning, the fraudster talks about infecting the device through a site with adult content. Further, they claim to start recording from the web camera and capturing the process of the victim touching themselves. To make matters worse, the hacker claims manipulated the resulting video to make it look like the user was watching a prohibited category of adult videos.

A thing that scares a lot of people is that they see this email being sent from their own address. This may look like hackery, but is, in fact, a rather easy trick of sender email spoofing. It only requires using a specific email client, that allows tinkering with email metadata. But nonetheless – this makes enough people believe the scam is genuine.

Hello Perv email scam spoofed address
User complains about the scam email being sent from his own email

One major fault here is the story about hacking the computer through an infected browser page. Well, this is totally possible – browsers may be vulnerable to code injections and other flaws. But applying such a technique in attacks on individual users is simply unreasonable. Exploiting vulnerabilities is more suitable in attacks on corporations, where potential profits are much higher.

Approach comparison Hello Perv vs classic malware

There is also an old-new tactic of hacking the site and putting the “update your browser” banner on top of all the content. Clicking the update button will lead to malware downloading, and the user will likely execute it thinking it is a genuine update. Thing is – all the malware families deployed in such a manner are well-known and do not operate in the way the hacker describes. Doing what spyware operators normally do – collecting credentials and selling them on the Darknet – is more profitable and takes less effort.

Ransom Demands

After the rapid introduction, the “hacker” puts out the demand: pay a ransom to a cryptocurrency wallet and no explicit videos will make it to the public. Typically for this specific email campaign, ransom amounts are around €500, though it may change in future. As I’ve already mentioned, there is a possibility to extend the ransom payment deadline for another 48 hours. One particularly interesting clue here is the Bitcoin wallet: its statistics uncover how “successful” this scam is.

Hello Perv BTC Wallet Blockchain Explorer

It is possible to see the Bitcoin wallet balance & history using free blockchain explorer tools. A few clicks – and voila, we now can see when and how much was paid to the wallet in the past. Throughout the extensive list of wallets, the majority have just a few transactions, with a total sum of $4-6k. Interestingly, the sum of some of the incoming transactions is twice of what is the current bid of the scammer. This implies that the fraudster either uses the wallet for several scam campaigns, or forces victims into paying more, possibly after extending the deadline.

Threats of Publishing Explicit and Compromising Videos

Strangely, the actual threats go after the ransom demand – not a usual tactic for this kind of scammers. Though, it was rather obvious where all this is going: “hacker” threatens to publish the compromising video to all the victim’s social media pages, so all friends and colleagues will see this abomination. And the forbidden character of the video suggests that this may be the reason for law enforcement to turn their attention.

Obviously, same as pretty much any other email scam, this one ensures the user about watching their computer and user’s actions. Shall the user try to trick the scammer, they will translate their threats into actions. Though, I wonder how the scammer will track a police call from your phone? Or from a friend’s phone? Once again, the email is full of rather obvious logical mistakes, and that’s just another one. Most of them are clearly visible even to people without much knowledge in cybersecurity, it’s merely about cold-minded analysis.

Any chances the computer is infected?

Despite the Hello Perv email being a blatant scam like a Professional Hacker Scam or Pegasus Scam, there is still a possibility that malware once was present in your system. Some variations of such email scams may additionally scare people by showing them their (old) passwords. This pretty much forces users into believing the fairy tales about advanced spyware and all-encompassing tracking. To be sure your system is clean of any spyware, consider scanning it with GridinSoft Anti-Malware: it is capable of finding and eliminating even the most recent spyware samples.

Hello Perv

The post Hello Perv appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/hello-perv-email-scam/feed/ 0 23059
Your Computer is Infected https://gridinsoft.com/blogs/your-computer-is-infected-scam/ https://gridinsoft.com/blogs/your-computer-is-infected-scam/#respond Wed, 12 Jun 2024 09:57:04 +0000 https://blog.gridinsoft.com/?p=772 Your computer is infected is a campaign of scam pop-up notifications, that aims at tricking users into downloading unwanted programs. Key purpose of the popups is to intimidate people, making them think their system is infected. Let’s debunk this scam by going through each of its steps, and see how to avoid it in future.… Continue reading Your Computer is Infected

The post Your Computer is Infected appeared first on Gridinsoft Blog.

]]>
Your computer is infected is a campaign of scam pop-up notifications, that aims at tricking users into downloading unwanted programs. Key purpose of the popups is to intimidate people, making them think their system is infected. Let’s debunk this scam by going through each of its steps, and see how to avoid it in future.

What Is “Your computer is infected” Notification?

The “Your computer is infected” pop-up notification is a scam that aims at intimidating the user and forcing them into further fraudulent actions. These notifications usually appear as pop-up windows or alerts that can look like legitimate system messages, antivirus alerts, or browser notifications. In fact they are totally fake, designed to scare or trick users into taking a particular action, often by making them believe their computer is infected with a virus or other malware.

Your computer is infected notification screenshot
Your computer is infected notification

This usually results from visiting websites with pirated content, such as movies or games, as well as adult content sites. These websites often embed malicious code, so any interaction with the site, whether it’s clicking a link or pressing the play button, can lead to redirects and, eventually, pop-up notifications or a flood of ad banners.

How Does This Scam Work?

Let’s go through the entire course of action to understand the source of fake notifications. As I mentioned earlier, in most cases, the first step is about the user visiting dubious websites. The issue lies in the fact that the owner of a pirated site usually adds hidden redirect links to everything on the site: buttons, images, links, etc. With such traps, any click on these elements automatically triggers a redirection, and the user finds themselves on another site, the one that offers to allow pop-up notifications.

From the user’s perspective, this looks like anti-DDoS or anti-bot protection. They allow pop-ups, willing to keep watching. But that is what allows for the rest of this scam.

Flood Of Notifications & Fake Scan

Typically, right after clicking “Allow,” nothing seems to happen, so the user doesn’t pay much attention to it. However, after a while, the websites start sending a huge number of notifications. Although these notifications come from the web browser, they look like system alerts and can contain various messages.

This is where “Your computer is infected” pop-ups hove into view. Appearing in dozens, they confuse people due to excessive usage of capital letters and alarming wording. When the user clicks on this notification, it throws them to a fraudulent website. The site then performs a fake scan, finds numerous issues, and suggests installing a “fix tool” to resolve these problems.

Obviously, all these “issues” and detected malware are fake because no website can scan a device for viruses – it is just technically impossible. These actions aim to trick the user into installing unwanted software, particularly rogue antiviruses or pseudo-effective apps.

Fake Support Page

An alternative scenario involves redirecting the user to a fake tech support page. In this case, the user lands on a webpage that mimics an official Microsoft support site. Typically, this page displays banners or notifications claiming issues with the computer and urges the user to call a specified number for assistance.

Fake tech support scam screenshot
Fake tech support scam

If the user calls the provided number, they reach scammers posing as legitimate support staff. These fraudsters may attempt to obtain personal information or credit card details, trick the user into paying for “fixing” nonexistent issues, or gain remote access to their computer through a remote connection. The latter is particularly dangerous as it grants the scammers full control over the device.

Is Your Computer Infected?

It is possible to manually remove the pop-up source through the browser interface. To do this, go to your browser settings, find notification settings, and remove all the sites listed as ones that can send notifications. Reload the browser to apply the changes.

Z

Afterward, I still recommend performing a system scan for malware using legitimate antivirus software.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post Your Computer is Infected appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/your-computer-is-infected-scam/feed/ 0 772
Windows Defender Security Warning https://gridinsoft.com/blogs/windows-defender-security-warning/ https://gridinsoft.com/blogs/windows-defender-security-warning/#respond Fri, 07 Jun 2024 16:43:55 +0000 https://gridinsoft.com/blogs/?p=22616 “Windows Defender Security Warning” is a scam website that falsely claims your PC is infected and urges you to contact Microsoft tech support. This scam is part of a larger scheme aimed at deploying unwanted software on users’ devices and extracting money for resolving nonexistent issues. It has been around for some time and targets… Continue reading Windows Defender Security Warning

The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

]]>
“Windows Defender Security Warning” is a scam website that falsely claims your PC is infected and urges you to contact Microsoft tech support. This scam is part of a larger scheme aimed at deploying unwanted software on users’ devices and extracting money for resolving nonexistent issues. It has been around for some time and targets users worldwide.

Tech support scams represent a particularly notorious type of online fraud, utilizing various tactics to coerce people into making a phone call to a fake support service. The Windows Defender Security Warning scam is one of the most enduring and widespread methods used in these schemes. In this article, I will describe what this scam is, how it operates, and how you can avoid falling victim to it in the future.

What is Windows Defender Security Warning?

As mentioned earlier, the Windows Defender Security Warning typically appears as a browser window after clicking a link on a certain website. It displays numerous smaller windows, which are actually non-interactive images. These fake alerts inform the user that their PC is blocked “for security reasons”. In the background, a robotic voice claims the following:

“Important security message! Your computer has been locked up. Your IP address was used without your knowledge or consent to visit websites that contain identity theft virus. To unlock the computer please call the support immediately. Please do not attempt to shut down or restart your computer. That will lead to data loss and identity theft.”

Clicking on any of the site elements – which in fairness may happen randomly – results in the website switching to a full screen, with no obvious way out. Escape button won’t work, and roaming the mouse around the screen won’t help out either. If the victim is not aware of combinations like Ctrl+F4, Alt+Tab or Ctrl+Shift+Esc, it may look like a trap. That, along with the sound alert, is what should push the user towards following the scam’s guidance and call the support.

Windows Defender Security Warning scam page
Typical example of a Windows Defender Security Warning page

As you can see, this is just a scam designed to capitalize on the fear of individuals who may have less knowledge about computer security or computers in general. However, let’s take a closer look at how this scam operates—there are quite a few interesting tactics involved.

Windows Defender Security Warning Mechanism Explained

The scam begins by luring users to the Windows Defender Security Warning page. To achieve this, scammers often purchase link placements on dubious websites, such as those hosting pirated movies. A user clicking on a play button or attempting to skip an ad in the video player may be redirected to the scam site.

The domains hosting this scam can vary widely, but they typically include some mention of Microsoft in the URL. In some egregious instances, fraudsters have even managed to secure hosting from Microsoft themselves. Below, you can find a list of sites used in this scam campaign:

digitalcompletes[.]online spicyhotrecipes[.]site rickyhousing[.]xyz
gardenhub[.]site morningh[.]shop robortcleaning[.]site
jadeneal[.]autos programmaticcrooks[.]online elhiuwf[.]cf
hitorikawag[.]top adultfriend[.]store yeddt[.]jet
jonwirch[.]com aweqaw12d[.]tk helpadvance[.]ga
333waxonet[.]ml noblevox[.]com risingsolutions[.]online
pixua[.]com adultfriend[.]site giveserendipity[.]website
connectflash[.]ml ondigitalocean[.]app dothrakiz[.]com
jbvhjcbjzvhxvhzcjgzvgcczgh29[.]ml digitalflawless[.]ga todogallina[.]es
markmoisturise[.]online enterthecode[.]org ebonygirlslive[.]com

Once the user lands on the scam site, it typically goes fullscreen and starts playing the previously mentioned audio message. The main goal of this message is to coerce the victim into contacting “tech support” using the phone number displayed on the site, which is mentioned multiple times. The phone call marks the final phase of the scam.

The so-called support manager begins by instructing the user to download sketchy software purported to resolve the issue—without explaining how the software addresses identity compromise. Throughout the life of this scam, various fraudulent programs have been offered, including SystemKeeper, Driver Updater, and Wise System Mechanic. As expected, all these are pseudo-effective unwanted programs that further prompt users to pay for fixing a myriad of non-existent problems.

What is the purpose of all this, you might ask? Money is the short and universal answer. The fraudsters posing as tech support managers receive commissions for each user they persuade to download the software. Meanwhile, the developers of this software profit from users purchasing licenses. Considering how long this scam has been active, the monetary turnover is quite substantial.

How to Protect Against Windows Defender Security Warning Scam?

The primary advice for protecting against the Windows Defender Security Warning scam and similar schemes is to avoid websites that initiate these scams. As mentioned, the majority of redirects to scam websites originate from pages hosting pirated content. This should be another reason to steer clear of such sites, beyond the fact that content piracy is illegal. Additionally, pirated software or games pose a significant security risk.

Learn how genuine notifications from security software should look, and how they should not. Neither Microsoft Defender nor other antivirus/antimalware programs issue security notifications through web browsers. None of them will prompt you to call support while appearing to block your computer. And, importantly, no legitimate tech support from any security vendor will ever advise you to install questionable third-party software.

Use reliable antivirus software with network protection. To prevent scam pages from opening and to ensure your system remains secure regardless of any fake alerts, a robust antivirus solution is essential. GridinSoft Anti-Malware offers excellent malware removal capabilities and network protection, backed by a multi-component detection system and regular updates.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post Windows Defender Security Warning appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/windows-defender-security-warning/feed/ 0 22616
Have you heard of Pegasus? Scam https://gridinsoft.com/blogs/have-you-heard-of-pegasus-scam/ https://gridinsoft.com/blogs/have-you-heard-of-pegasus-scam/#comments Fri, 07 Jun 2024 09:37:52 +0000 https://gridinsoft.com/blogs/?p=22598 Have you heard of Pegasus? is a type of email scam that targets people worldwide, threatening to release compromising information. To prevent this, the email message asks to pay the ransom to a Bitcoin wallet. All the claims in the message are complete and utter lies, and all the scam holds exclusively on social engineering.… Continue reading Have you heard of Pegasus? Scam

The post Have you heard of Pegasus? Scam appeared first on Gridinsoft Blog.

]]>
Have you heard of Pegasus? is a type of email scam that targets people worldwide, threatening to release compromising information. To prevent this, the email message asks to pay the ransom to a Bitcoin wallet. All the claims in the message are complete and utter lies, and all the scam holds exclusively on social engineering.

Email scams have become an increasingly popular attack on individuals, bearing on users’ unawareness about how malware works. “Have you heard of Pegasus” does exactly this: scares the user with the name of a well-known spyware, making them believe the threats are real. In this post, I will explain every single element of this scam, so next time you will recognize it immediately.

What is “Have you heard of Pegasus” Email Scam?

Have you heard of Pegasus? scam is a common name for email messages that contain text with claims of possessing compromising photos and videos of the user. The text of the message may differ, but it always contains mentions of Pegasus spyware. One of the latest text variants (as of early June 2024) is the following:

Click to expand the scam email text
Hello pervert,
I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely.
Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, and Windows. I guess, you already figured out where I’m getting at.
It’s been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, I’ve learned about all aspects of your private life, but one is of special significance to me.
I’ve recorded many videos of you jerking off to highly controversial porn videos. Given that the “questionable” genre is almost always the same, I can conclude that you have sick perversion.
I doubt you’d want your friends, family and co-workers to know about it. However, I can do it in a few clicks.
Every number in your contact book will suddenly receive these videos – on WhatsApp, on Telegram, on Skype, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your former life.
Don’t think of yourself as an innocent victim. No one knows where your perversion might lead in the future, so consider this a kind of deserved punishment to stop you.
Better late than never.
I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving, and so do I. But my mercy is not free.
Transfer $1220 USD to my Bitcoin wallet: 1JVMTup4zuS1JMGXAYYRgvyr2PUmNnY6g2
Once I receive confirmation of the transaction, I will permanently delete all videos compromising you, uninstall Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second.
I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don’t worry, it’s very simple. Just google “crypto exchange” and then it will be no harder than buying some useless stuff on Amazon.
I strongly warn you against the following:
) Do not reply to this email. I sent it from a temp email so I am untraceable.
) Do not contact the police. I have access to all your devices, and as soon as I find out you ran to the cops, videos will be published.
) Don’t try to reset or destroy your devices.
As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the videos are published.
Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided address.
Good luck, my perverted friend. I hope this is the last time we hear from each other.
And some friendly advice: from now on, don’t be so careless about your online security.”

The text goes under a rather strict pattern: beginning, where the scammer introduces himself as a pro hacker. They claim to have explicit photos or videos of you watching adult content, and threaten to publish it to all of the contacts you have in your phone book. Having such comprehensive access is explained by installing Pegasus spyware into all the user devices.

In certain cases, the author adds a password or two that you could really have used in the past. This, although is a pure manipulation, makes the email much more convincing. After that, the fraudster switches to the main course of the scam: demand to send money (usually around $1000-$1500) to a specified BTC address.

Cyber Criminal Cryptowallets

1JVMTup4zuS1JMGXAYYRgvyr2PUmNnY6g2
12PY3MibuWtNHjszG4YMSaSEFf6Y8P2zcN
1AXNYLDEG5YEzc2eyUh7SUYYKeRUaRwseu
17KHqeibF7TWfb9dvPRrbRhvwpkYPd8R3R
ltc1q2yd2s2nq8vgw3swqfhudztarrfwakj96tk7s82
ltc1qughecqtek6x5mfjrhwf0wvg8cqgdehmhyxkluw
ltc1qpj5nfh4j6p7fnn5zwt8jsukz6fum2uj4use6e5
1Dz3tE5mspT4fk9fxkfZk6fBcgav28XxRd
ltc1qjpua6w4zqvhdwlt7hdesshu9fgjfl0525lxvew
1P1muuaa35mkDDxaKZcvTSUqPAtMo1j8nr
ltc1qpyvf4vkw8xg775jduf4uwyecesgd93g579skm7
bc1q34vjur6yxxra3mjktr2qu5wrkvelgrw47wf93k
ltc1q33rqzm8ry5q3y7nv7m8degk9smp6aqxd0lt9z4

As I’ve mentioned at the beginning, all the claims are lies and manipulation, called to scare the user and make them believe the attack is real. This fear, in turn, makes the victim obedient and forces to follow the guidance to pay the ransom. However, a closer look at pretty much every element, especially for a tech-savvy user, reveals that the message is full of questionable claims. Let’s get through this scam, top to bottom, to see what exactly is wrong.

“Have you heard of Pegasus” Analysis

We begin with the introduction, where the alleged hacker calls the victim a pervert and claims “a very bad situation” for the victim. Then they immediately claim using Pegasus spyware on all the victim’s devices, saying that “It works well on Android, iOS, and Windows”. And that is where the first issue comes into view.

Pegasus is a real spyware, a military-grade one, developed by Israeli-based NSO Group. It is a really powerful tool, but the thing is – it works only on iOS and Android, and has stability issues with the latter. Windows was never in scope of this malware, and was in fact never targeted by NSO products.

How does Pegasus work?

One more thing is that Pegasus is not for sale to everyone. The developer markets its solution only to governments, and only after quite long haggling regarding areas of use. There were – and are – quite a few offers of Pegasus for sale on the Darknet, but every single one of them to date appears to be a fake.

Questionable Infection Way & Timing

Email body continues with the claim about spying on the victim for a few months, and all the infection was happening through shady links on the Internet. That is just a double load of nonsense. Spying on a specific person for quite some time – well, people know this as stalking, but no one does this on an industrial scale. Considering the number of these emails, they should be attacking thousands of people, but earning money in the way they do is simply counterproductive. By selling just the credentials, without having to collect explicit graphic materials for months, they could get more money and much faster.

Have you heard of Pegasus scam comparison

Aside from the time-wasting strategy, the infection vector is also really strange. By the “links on the Internet” the hacker most likely meant deploying malware through exploiting web browser vulnerabilities. And while it is a real thing, it is once again counterproductive to infect single users in such a tricky way. Creating an exploit code usually supposes targeting it on a specific victim (or a small group), and is time- or money-consuming regardless. Once again, the number of “victims” they mail means wasting too much time and effort into creating the exploits. And considering that the majority of web browsers these days have auto-updates, it is hard to find a victim with an unpatched vulnerability.

Overall, both elements seem unreasonably complicated, and are just not how malware attacks usually work.

Blind Claims & Threats

The message further takes us to the part where the hacker claims possessing the recordings of the victim in some truly embarrassing circumstances, specifically while watching adult videos. What’s worse, at least if we believe in what the letter says, the genre of the said adult videos is compromising and says about the victim’s perversion on the topic. And here is a sign of a scam: there is not even a single mention of anything specific. Threat actors write the text in order to target a wide audience. Having no specific information about the victim, they try to make the message body suitable for any possible case.

The key threat here is to send the said compromising materials to all the contacts in the phone book, in all the ways possible. Well, there’s nothing impossible about that, but all these compromising materials are nowadays too easy to refute by saying it is an AI-generated fake. Sure, it is still less than pleasant that you have to make excuses to all of your friends and colleagues, but that’s not even close to a doomsday promised by the “hacker”.

Trick With Your Password

Above I’ve mentioned that the scammer who sends the message may occasionally add a password that the victim really used with one of the accounts. This has an exceptionally frightening effect, making the letter look genuine in the eyes of the user. However, there’s no reason to panic.

Have you heard about Pegasus? email scam with password
Example of a Have you heard of Pegasus scam message that includes the leaked password

You see, it is not hard to get someone’s old password. Credential leaks happen pretty often, usually after a company, website or organization is hacked. Huge dumps of collected credentials are then sold on the Darknet, with free test samples having hundreds of entries. If the fraudulent actor is serious about the scam, they may get hold of a paid database that will cover many more potential victims.

If you read the news about the latest hacks, or just follow the basic cybersecurity rules and change your passwords once every 2-3 months, then these leaks pose no threat to you. By the time all the data is aggregated, sold, and the con actor sends a scam email, that leaked password gets irrelevant.

Ransom Demand & Warnings

As this part is a culmination of a scam, there is not a lot going on, and thus it is hard for a scammer to make a mistake. They demand paying anywhere from $1000 to $1500 to prevent the leak of all the aforementioned explicit content, specifying a Bitcoin address as a payment method. Also, there is typically a deadline of 48 hours, which counts from the moment when the email is opened. Obviously, for such a use case, they register a disposable BTC wallet, so the law enforcement won’t have a persistent clue.

Scammer Bitcoin wallet
History of one of the BTC wallets that the scammer used in the past. It was active for only a few days, and got just 6 payments

Typically for any scam, frauds ensure you against any off-the-road steps, like contacting the police, resetting devices or reaching them back. While the latter two being more or less understandable, the first one is yet another sign of a “Have you heard of Pegasus” scam. The “hacker” tries to cut any connections to the scam as soon as the victim receives the message. No payment confirmation, no afterword – just vanish. If they’re so confident about their anonymity, why can’t they contact them to confirm that the deal is done? One more point of uncertainty here.

How Scam Works?

The key to how this scam works is social engineering. The number of technical mistakes and logic inconsistency works because of folks’ lack of knowledge on how malware works. Nevertheless, the points to push on are picked rather professionally. Here are the methods of social engineering that fraudsters use in “Have you heard of Pegasus” scam.

Pretending to Compromise the Privacy

One of the biggest fears of any human being is that their secrets will be revealed. Regardless whether it is about which plushie they prefer to sleep with or what category of adult videos they prefer, this always infuses a feel of insecurity or even vulnerability. This, in turn, makes the victim obedient to any of the further instructions, ransom payment in particular.

Appealing to Professionalism

One more step in making the victim believe what’s said in the email is real is the appeals to a worldwide-known spyware. Pegasus got rather ill fame amongst people, despite being rarely used and inaccessible to black hat hackers. The latter two facts, nonetheless, are not really known to a wide audience, hence the “I’m using Pegasus” trope appears true.

Threats of Humiliation

The key thing that the hacker does is threats of public humiliation – a possibility that, in fact, makes the privacy compromise such a scary occasion. This eventually pushes the victim to an obvious step – paying the ransom. That’s exactly what the scammer wants, and a scared person is haste to obey.

Scan your computer for malware

Even though the described email is a complete scam, there’s still a possibility that something is present in the system. Not something related to the scammer, but possibly a thing that has leaked your password before. For that reason, I recommend scanning the system with GridinSoft Anti-Malware. Its multi-component detection system will find and remove any malicious programs present on the computer.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post Have you heard of Pegasus? Scam appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/have-you-heard-of-pegasus-scam/feed/ 1 22598
Scareware: How to Identify, Prevent and Remove It https://gridinsoft.com/blogs/what-is-scareware/ https://gridinsoft.com/blogs/what-is-scareware/#respond Tue, 14 May 2024 18:50:38 +0000 https://gridinsoft.com/blogs/?p=7733 Scareware is a widespread Internet fraud scheme that intimidates victims into buying unnecessary or harmful software taking advantage of their ignorance. Scareware usually exploits fears of having a computer virus on a machine and persuades users to purchase fake security software. Here we’ll regard how this spoof works and how not to get fooled by… Continue reading Scareware: How to Identify, Prevent and Remove It

The post Scareware: How to Identify, Prevent and Remove It appeared first on Gridinsoft Blog.

]]>
Scareware is a widespread Internet fraud scheme that intimidates victims into buying unnecessary or harmful software taking advantage of their ignorance. Scareware usually exploits fears of having a computer virus on a machine and persuades users to purchase fake security software. Here we’ll regard how this spoof works and how not to get fooled by it. Among other things, we’ll touch on threats associated with scareware.

What is Scareware?

Scareware is a scam that plays on fears of inexperienced users. Although computer viruses are an obsolete type of malware, and you will hardly catch one nowadays even if you try, they remain a horror story for people. And the least you know about a threat, the easier it can scare you.

Both trustworthy and scam security products are promoted via advertising. An advertisement of a good solution will respect the customer and make stress on qualities and features of the promoted program. In the worst case – it will explain that there are many threats out there on the Web, and each endpoint needs protection. The scareware, on the contrary, will try convincing you that your computer is already infected with malware. Moreover, pushy ads will insist on immediate installation of the program they represent, as if it were a last chance to cure your pc.

Scareware Banner
An example of a flashing scareware pop-up banner.

The profitability of the scheme is understandable. People get scared, buy the program and feel like the defenders of their computer system. Perhaps later, the apprehension will come that they just threw away their money, but they will no longer be able to get it back. There are usually many victims of such deception, and that is the very thing on which the scam relies.

Sadly, losing money is not the worst thing that can happen. Sometimes such malvertising used as a filter: whoever bought into this definitely does not have an actual antivirus. Accordingly, those agents who do business on the distribution of adware and malware can safely install a bunch of harmful programs on the victim’s device.

How Scareware Works

It all starts with a person suddenly seeing an advertising banner on some website. The banner itself looks like an automatic notification. Novice users may not even understand that they are dealing with an advertisement.

The message usually says that a scan of the user’s computer was carried out, which found infection with dangerous malware. Already here, a knowledgeable person could have laughed because not only is it impossible to scan the device so quickly, but it would also be problematic to do it remotely without preliminary procedures.

But charlatans deal with inexperienced people and therefore continue their psychological attack. The banners usually include very serious-looking malware names, tables, codes, etc. The more serious the picture looks, the stronger the effect. In all its appearance, the message tries to appear automatic. You can see, for example, this caption: “threat level: high“, as if the same plate could give out a reassuring “low“.

Scareware Fake Scan Results
Scareware often renders fake scan results with frightening namedropping.

Such schemes are generally built on a series of psychological techniques. Intimidation is only the first of them. The use of colors plays with the victim’s emotions. Red stands for anything related to threats. As soon as the “rescue” program enters the scene, a soothing blue or green color appears. This feeling of possible safety encourages the user to make a purchase. In addition, the price is low. Most scareware schemes rely on the possibility of quick payments combined with a vast number of buyers.

Alternative Scams

There may be more time-consuming schemes for the crooks. For example, they might launch a massive campaign offering free device scans. To take one, the user must first download the software, the functionality of which will be limited until the program is purchased. So that this payment is still made, the scan will produce frightening results. This approach counts on more educated users.

By the way, the scope of scareware is not limited to the security sector. You can imagine other types of scareware, such as cleaners, that will scare users by saying: “look, a little more, and your system will get so clogged with the garbage that the device will start freezing.” The advertised program will be able to delete unused applications, temporary files, etc.

The programs in question can remain completely fake without an iota of the promised functionality. All “treatment” of the device, just like the initial intimidation, can be just a visual effect.

What are The Threats?

Theoretically, the victim of scareware could get lucky, and the only problem would be the wasted money. But more often than not, a deceptive program will leave an unpleasant payload behind. Its severity may vary. In fact, it corresponds to the degree of danger from the unwanted or overtly malicious software that scareware can fetch onto the victim’s computer. In most cases, installing a scareware application will decrease the PC’s running speed. We’ll be coming from the guess that scareware developers want understandable profit from their victims, not reduced to the price of the application.

This goal implies infecting the device with either of the malware types:

  • Adware is a class of relatively harmless unwanted applications. They flood users with ad banners, modify browsers’ settings, add ad links on webpages, etc.
  • Spyware is a more significant threat. Hidden software collects information about the system and the user’s activity to send it to people who can commercially benefit from having it. o
  • Miners are the programs that steal computing resources of the victim’s machine and throw them at mining cryptocurrency (for somebody else, of course.) The injured side will also be surprised by the electricity consumption rate.
  • Cybercriminals can add the infected device to the botnet, a controlled network, to perform certain activities on the web unbeknownst to the user.
  • Ransomware is probably the worst case. This malware encodes all data files on the victim’s computer, and the only chance to get them back is to buy a key from the racketeers.

Criminals can drop many other types of malware into the unaware victim’s system. However, those are more suitable for targeted attacks and require hackers’ special attention. The malware mentioned above can work and bring profit automatically.

Scareware: How to Identify, Prevent and Remove It

How not to be fooled by scareware?

  • Install an modern antivirus software. GridinSoft Anti-Malware is one of the best solutions on the market due to the combination of technical efficiency and cost-effectiveness. Its virus libraries are regularly updated so that whichever malware becomes recognized in the world, Anti-Malware will know how to deal with it. The program can perform a deep scanning, work in on-run protection mode, and be a security measure for safe Internet browsing.
  • Know right before you get scammed. The scareware schemes work only because of people’s ignorance. You don’t need to be a hacker or even an advanced user. Just take a simple course on Internet surfing from someone more experienced in it.
  • Don’t visit dubious websites and avoid clicking on ad banners whatsoever. You can hardly encounter malicious advertising, which scareware surely is, on trustworthy websites like Google, Youtube or Facebook. It’s not that you should limit your surfing to these three sites, but they can serve as an example of a trustworthy website appearance. As soon as you see ad banners popping up all around you, flashing and glaring, proceed with great caution if you need to.
  • Install ad-blocking software. It goes as an extension to your browser that blocks advertising banners from rendering. It might save you a lot of nerve cells.
  • If you happen to buy a scareware product, make sure you remove it as you usually remove an application. In Windows, press Start > Settings > Apps > Apps & Features Choose the app you want to remove, and then select Uninstall. After removing the scareware, carry out an antivirus scan to get rid of any accompanying malware.

The post Scareware: How to Identify, Prevent and Remove It appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/what-is-scareware/feed/ 0 7733
Paypal Scams: Most Dangerous Examples https://gridinsoft.com/blogs/dangers-of-paypal-scams/ https://gridinsoft.com/blogs/dangers-of-paypal-scams/#comments Tue, 14 May 2024 18:36:27 +0000 https://gridinsoft.com/blogs/?p=11743 PayPal has a reputation for being a safe and easy way to send and receive money. But no payment system is completely immune to fraud. Read on to learn more about PayPal scams, how to avoid them, and how to protect all of your online accounts from scammers. What is a PayPal Scam? PayPal scammers… Continue reading Paypal Scams: Most Dangerous Examples

The post Paypal Scams: Most Dangerous Examples appeared first on Gridinsoft Blog.

]]>
PayPal has a reputation for being a safe and easy way to send and receive money. But no payment system is completely immune to fraud. Read on to learn more about PayPal scams, how to avoid them, and how to protect all of your online accounts from scammers.

What is a PayPal Scam?

PayPal scammers will use fake emails or websites to trick people into giving them their personal information. They’ll often use strategies like social engineering to get users to follow unnatural PayPal links and input their credit card details. Alternatively, they’ll ask users to send them money.

PayPal’s two-factor authentication and end-to-end encryption make it an extremely secure online payment system. Moreover, it has over 400 million active users in 200 countries and territories worldwide.

Main Signs of Genuine Paypal Email

When using the PayPal service, emails are used only for promotional purposes and receipt notifications. All other email correspondence is issued via their website or mobile app. Any PayPal fraud email will always address you by name instead of an impersonal address like “Dear User”.

PayPal’s primary email address is paypal@mail.paypal.com, typically used to send account statements and change notifications. PayPal sends the receipt to the email address service@paypal.com. A PayPal.me email address is also a legitimate domain, allowing you to share your PayPal account and send money faster and easier.

Most Dangerous Examples of Paypal Scams

PayPal scammers have many ways to trick unsuspecting users of online payment platforms. They usually use social engineering tactics to trick you into believing the order or payment is legitimate. Here are the most common PayPal scams to watch out for.

1. PayPal Phishing Scams

Fake PayPal email can contain links to fake websites that trick users into installing malware on their computers, or the links can lead to websites that pretend to be PayPal’s. If users follow these links and enter their information, they can access personal information such as passwords and financial information. This can honestly be called one of the most dangerous Paypal attacks.

Paypal Scams: Most Dangerous Examples

A phishing scam emails you claiming that your PayPal account is experiencing problems. They instruct you to click a provided link to fix the issue supposedly. However, this link leads you to a fake PayPal website. Criminals control a fake PayPal website that pretends to be the real thing. They have full access to your account and funds when you log in.

Paypal Scam: Phishing
Example of PayPal phishing scams

2. PayPal Overpayment Scams

Be wary of e-commerce transactions that result in false overpayment scams. In this scam, a buyer pays more than necessary for the item and then asks the seller to refund the difference. Instead, the buyer cancels their original payment and leaves the seller with less cash or no item at all.

3. PayPal Shipping Address Scams

Scammers use invalid shipping addresses to trick delivery services into updating the address. They then contact the delivery company to ask them to change the address and give them the package. However, since their original address was invalid, they can claim that they never received the package and ask for a refund from PayPal. Some con artists use several methods to dupe people. For example, they may request a specific shipping company or method or ask the seller to send them a prepaid shipping label. In addition, a buyer can fraudulently route the package to the intended address without the seller knowing. This is because the fake address is listed on the transaction details. As a result, PayPal may grant a refund if this method is used.

Paypal Scam: Fake Shipping
PayPal shipping address scam

4. PayPal Hacked Account Scams

Scammers create fake accounts purporting to be connected to a charity to ask for donations. Typically, these scammers spoof the phone number or website displayed on their fake accounts. If they made up a charity that looked convincing enough, people might even think their fake account was legitimate.

If you don’t investigate the charity’s legitimacy or payment requests, chances are you’ll never see the money, or the positive impact of the donation, again. Charities are often used in this type of PayPal scam because they appeal to the victim’s sense of generosity and, unlike fake storefronts, don’t expect anything in return. Double-check the recipient’s details to check the charity’s legitimacy. Legitimate charities generally do not accept donations via PayPal. If you find a legitimate charity site asking for donations, please donate directly through the site rather than via an email link, as these links may be fake.

How to report a Paypal Scam Email

PayPal has standard procedures for reporting scams. PayPal Phishing emails should be forwarded to phishing@paypal.com and the email should be removed from your inbox. If you think your account has been compromised, you need to change your password and update your security question before using your PayPal account again. If you suspect fraud related to unauthorized use or fraudulent activity, you should use the Report a Problem feature in the PayPal Resolution Center. After that, select the transaction you want to dispute and follow the instructions. If fraud results in identity theft, report the identity theft to the appropriate authorities.

PayPal Community
PayPal Community

How can I avoid being scammed on PayPal?

Fraud can and should be avoided. To do this, there are several main ways that users should follow. This way they can avoid fraud and keep their accounts.

  • Check for spelling errors and unusual domains in email addresses such as B. .vip, .gdn, .win – these are clear signs of suspicious activity. All emails not sent from the original addresses, which use PayPal for mailing, are scams.
  • Be skeptical – If something seems too good to be true like a huge sum of money promised, it probably is.
  • Don’t click links – in an email that appears to be from PayPal. If you’re having trouble with your account, please log in directly to PayPal and continue from there.
  • Don’t use a delivery service you’re not familiar with.
  • Do not share personal information
  • Sign up for PayPal’s Seller Protection Program

The post Paypal Scams: Most Dangerous Examples appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/dangers-of-paypal-scams/feed/ 1 11743