McAfee Email Scam Targets Your Credentials

This phishing scheme involves emails that guide users to a malicious webpage, mimicking the design of a simple login site. While scams involving email messages from strangers may employ various tactics, this particular scam impersonates routine notifications from McAfee concerning account details or user licenses. Offers might include a free license for one year, a prompt to approve changes to McAfee policies, or a reminder to renew a soon-to-expire license. However, the phrasing of these messages often renders them suspicious, as genuine communications from McAfee would not include such claims. Is there a specific McAfee scam email circulating in 2023 within the cybersecurity community?

At the bottom of the email, or within the text itself, there is a link or button you can click to get more details. Regardless of the lure, it leads to a phishing page—one that mimics the McAfee login page or a fraudulent survey site. The former is typical of more alarming messages, while the latter usually accompanies offers of gifts. Does McAfee send these types of emails?

The phishing login page features only two states: the default one and a “wrong login/password” notification beneath the credential fields. No matter what you enter, the information is sent directly to fraudsters who can then take control of your account. Additionally, from the phishing page designed to steal your credentials, the site may also include a download button. This button could install software that you would never willingly download, such as adware or rogue applications, which are commonly linked to such scams.

Pseudo-giveaway that promises you a gift will likely ask you for your personal information. Shady persons on the Darknet are willing to pay a lot for a database of users’ information. The pack of name/surname/physical address/email address/system information et cetera gives a lot of advantages for other scams.

Rarely, the message may contain the attached file, and the text allows you to open it instead of following the link. In this file, you’re supposed to see details about the changes in the terms or other stuff they used as a disguise for a letter. This attachment (often a .docx or .xlsx document) contains a virus.

How Dangerous is the McAfee Email Scam?

The main risk associated with following the instructions in a scam email is the theft of your account credentials and personal information. While sharing information with various online services might seem commonplace, these services are typically bound by GDPR rules to keep your data confidential. However, cybercriminals obtaining your information through phishing do not adhere to any rules or laws. Often, this stolen information is compiled into databases and sold on the Darknet, where the new owners are unlikely to have benevolent intentions.

Your McAfee account credentials are particularly valuable as they serve dual purposes. Possession of your account allows a criminal to steal your license key, which might be used to activate a pirated copy of the software or sold online at a fraction of the price you originally paid. If your license covers multiple devices, prepare for potential unauthorized users, or “squatters“, on your account. Additionally, stolen credentials can be added to databases of leaked passwords and logins, which are often utilized in brute force attacks to crack other accounts.

The injection of malware via an email attachment represents another significant threat. Unlike identity theft or account hacking, which may not have immediate effects, malware begins to operate as soon as it is launched. Phishing scams, such as those mimicking McAfee, have become a primary method for distributing malware, posing a serious risk to both individual users and corporations due to human vulnerabilities. The most common types of malware distributed this way include stealers, spyware, and ransomware, which can lead to compromised accounts and encrypted data—a highly undesirable outcome.

How to Protect Yourself from McAfee Email Scams?

The good news about most email scams is that they can easily be mitigated by simple attentiveness. Upon receiving a suspicious email, it is crucial to scrutinize both the body and header of the message. Even the most sophisticated forgeries will contain discrepancies that don’t match the original communications. Simpler scams often exhibit other telltale signs that can help you identify the deceit. So, how can you stop McAfee scam emails?

Typos and Grammatical Errors

Despite the prevalence of online spell checkers, scammers often neglect to use them, resulting in numerous errors in their messages. Poor English, missing punctuation, and subpar design are not features of official communications. The presence of these errors is a clear indicator of a fraudulent email.

Link address

Genuine messages may contain links to their website – for instructions, for example. However, they always belong to the original sender’s domain (mcafee.com for the genuine McAfee email message case). If you see the link to a dubious page, like WebProtectionProgram, or a short link, that is the reason to avoid clicking it. Official mailing never contains links to external sites and never applies using short links.

Sender’s email address

There are official email addresses companies use for mailing or conversations. They are often listed on their website. Receiving a letter that pretends to be sent by McAfee support, but the sender is mikey19137@aol.com does not look trustworthy. In complicated situations, crooks may try to use email addresses that look related to the sender. That’s why it is better to review the contacts on the website. For McAfee, those are the following:

info@authenticate.mcafee.com
Info@notification.mcafee.com
info@protect.mcafee.com
info@smmktg.mcafee.com
info@smtx.mcafee.com
info@mailing.mcafee.com
info@communication.mcafee.com
info@protect.mcafee.com.cname.campaign.adobe.com
donotreply@authentication.mcafee.com
donotreply@mcafee.com
consumersupport@mcafee.com
donotreply@authentication.mcafee.com
mcafeeinc-mkt-prod2@adobe-campaign.com
noreply@mail.idtheftprotection.mcafee.com
research@mcafee.com
mcafee@mail.email-ssl.com
no_reply@mcafee.com
no-reply@mcafeemobilesecurity.com

Strange Offers and Unusual Notifications

Giveaways, quizzes, or notifications about account blocking are not typical for reputable companies. They may contact you if there are issues with your account that need resolving, but you would likely be aware of these issues beforehand. Conversely, offers that require you to share personal information in exchange for a prolonged license are never legitimate. Coupled with the other signs we’ve discussed, these offers clearly indicate a fraudulent message.

Is it Possible to Avoid Email Spam in the Future?

Receiving email spam does not necessarily mean something bad has already happened. Scammers often buy databases filled with random email addresses and send out mass emails hoping to lure someone into a scam. If you do not respond or click on any links, scammers will likely remove you from their list eventually. However, any engagement, such as replying or clicking a link, signals to them that your account is active and susceptible to scams. Experts note that any interaction with a fraudulent email can lead to a significant increase in spam.

Several strategies can help reduce the amount of spam you receive and make it easier to differentiate between genuine and fraudulent emails. First, use a separate email address for registrations on websites or at events where you have concerns about their credibility. Some sites may not prioritize protecting their clients’ data and might sell their databases to third parties. While not always malicious, this practice can lead to unwanted exposure for your primary email address. Using a secondary email address as a buffer can help protect your main accounts from suspicious activities, ensuring greater security for your personal or work emails.

Another tip involves reporting suspicious emails. While most email services employ advanced anti-spam engines to filter out the bulk of spam, no system is perfect. You might still find McAfee phishing emails in your inbox. Reporting these deceptive messages is straightforward: simply click the button with three dots on the message and select “Report Spam.”

Conclusion

In the fight against email scams, especially sophisticated ones like the McAfee email scam, proactive protection is key. While following the tips outlined above can significantly reduce your risk of falling victim to these scams, having robust antivirus software can provide an additional layer of security. We recommend using Anti-Malware for its effective detection and removal of malware threats.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post McAfee Scam Email appeared first on Gridinsoft Blog.

Email spoofing, also known as spoofing email, involves forging the sender’s email address. Often, the address in the sender’s field is fake; any responses sent to this address will likely reach a third party. The primary goal of this scam is to deceive the user.

Fraudsters deploy a variety of tactics to execute a successful spoofing attack ¹. Below, we explore the most common methods they use.

1. Sharing a Similar Domain

To successfully spoof an email, fraudsters meticulously imitate sender addresses that appear similar to those of well-known organizations or companies. They typically:

• Alter the top-level domain, for example, from support@spotify.com to support@spotify.co
• Change the domain to include a country code, for example, support@spotify.com.ru
• Modify a single character in the domain name, turning support@spotify.com into support@spatify.com
• Use a variant of the domain that still references the brand, such as support@spotifyinfo.com
• Create an email address that incorporates the company’s name, like support.spotify@gmail.com

2. Substituting the Sender’s Name

This tactic involves falsifying the sender’s name, with the “From” and “Reply-To” headers displaying the fraudster’s address instead. This method is particularly prevalent on mobile mail clients, which typically only display the sender’s name. Fraudsters may use:

• Misleading variations of the company’s name.
• Fabricated names paired with deceptive email addresses.

Imagine that you receive an email like this:

Notice that all fields are correct, but the From and Reply-To fields are not. When Dude1 receives this email, he may think it’s from his boss. When he hits “Reply,” all he’ll see in the To: field is the name “BossMan,” but it will actually go back to his friend who spoofed the email, Dude2.

3. Changes the significance of the From and Reply-to fields

Because the SMTP protocol does not authenticate headers, fraudsters can easily forge addresses in the From and Reply fields without being noticed. Thus, they have the privilege of not being caught, as a fake is almost no different from the original.

Protection from Email Spoofing

To effectively guard against email spoofing, it’s essential to configure email security protocols such as SPF, DKIM, and DMARC. Below, you’ll find step-by-step guides on how to set up these protocols for popular email platforms:

1. Setting Up SPF (Sender Policy Framework)

SPF helps to verify that incoming mail from a domain comes from a host authorized by that domain’s administrators.

• Gmail: Go to the Google Admin console, navigate to ‘Domains’, and then ‘Add a domain or a domain alias’. Add the SPF record in your DNS settings: v=spf1 include:_spf.google.com ~all
• Outlook: In the Microsoft 365 admin center, go to ‘Settings’ → ‘Domains’, select your domain, and add the SPF record to your DNS settings: v=spf1 include:spf.protection.outlook.com -all

2. Implementing DKIM (DomainKeys Identified Mail)

DKIM (DomainKeys Identified Mail) adds an encrypted signature to outgoing emails, allowing the receiver to verify that an email was indeed sent and authorized by the owner of the sending domain. Setting up DKIM correctly can help prevent email spoofing by verifying the authenticity of the sender. Here’s how to set up DKIM for Gmail and Outlook:

Implementing DKIM for Gmail:

To configure DKIM for Gmail, use the following steps:

1. Sign in to the Google Admin console.
2. Navigate to Apps → Google Workspace → Gmail → Authenticate email.
3. Select the domain for which you want to set up DKIM and click GENERATE NEW RECORD. You might see this option only if you haven’t already set up DKIM for your domain.
4. Choose a key length of 2048 bits for better security (1024 bits is also available but less secure).
5. After generating the DKIM key, Google will provide you with a TXT record to add to your domain’s DNS. It will look something like this:

   google._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSq...AB"

   This is your public key.

6. Add this record to your DNS settings at your domain host. Keep in mind that DNS propagation can take up to 48 hours.
7. Once the DNS has propagated, return to the Admin console and click START AUTHENTICATION.

When DKIM is set up correctly, Gmail will sign outgoing emails automatically, allowing recipient servers to verify their authenticity.

Implementing DKIM for Outlook:

For users of Microsoft 365 or Outlook, the setup process involves similar steps:

1. Login to the Microsoft 365 Defender portal.
2. Go to Email & collaboration → Policies & rules → Threat policies → DKIM.
3. Choose the domain you wish to enable DKIM for and click Enable.
4. If no DKIM keys exist, Microsoft will prompt you to create them. Click on Create to generate the keys.
5. Microsoft will then provide two CNAME records to add to your domain’s DNS. These records delegate the DKIM signing authority to Microsoft. They typically look like this:
   selector1._domainkey.YOURDOMAIN.com CNAME selector1-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
selector2._domainkey.YOURDOMAIN.com CNAME selector2-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
6. Add these CNAME records to your DNS. Again, allow up to 48 hours for DNS changes to take effect.
7. Once DNS propagation is complete, go back to the Defender portal and confirm the DKIM status to ensure it is active.

Implementing DKIM for your domain significantly improves your email security by enabling email authenticity verification at the recipient’s end.

3. Configuring DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication, policy, and reporting protocol. It builds on SPF and DKIM protocols, helping email receivers determine if a given message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle these discrepancies. Here’s a step-by-step guide to setting up DMARC:

Understanding DMARC Policy:

Before setting up DMARC, you need to understand the policies you can apply:

Steps to Configure DMARC:

1. Create a DMARC record: A DMARC policy is published as a DNS TXT record. The typical format of a DMARC record looks like this:

   v=DMARC1; p=none; rua=mailto:admin@yourdomain.com

   In this example, ‘p=none’ specifies the policy, and ‘rua’ indicates where aggregate reports of DMARC failures will be sent.

2. Choose Your Policy: Decide which policy (none, quarantine, reject) fits your needs based on your security posture and the maturity of your SPF and DKIM setups.
3. Specify Email Reporting: Determine where you want reports of pass/fail to be sent. These reports are crucial for understanding the types of attacks targeting your domain and observing how your emails are being received on the internet. Use ‘rua’ for aggregate reports and ‘ruf’ for forensic reports:

   rua=mailto:aggregate@yourdomain.com; ruf=mailto:forensic@yourdomain.com

4. Publish the DMARC Record: Add the DMARC TXT record to your domain’s DNS. This is similar to adding SPF or DKIM records. You typically enter the record into your DNS management dashboard.
5. Monitor and Adjust: After implementing DMARC, monitor the reports you receive and adjust your policy as needed. Initially starting with a ‘none’ policy and moving to ‘quarantine’ or ‘reject’ as you confirm that legitimate emails are passing SPF and DKIM checks is a common approach.

Additional DMARC Tags:

DMARC records can include several optional tags to refine its operation:

• aspf: Alignment mode for SPF (strict or relaxed).
• adkim: Alignment mode for DKIM (strict or relaxed).
• fo: Forensic options to specify conditions under which forensic reports should be generated.
• rf: The format to be used in forensic reports.
• ri: Reporting interval for how often you want to receive the aggregate reports.

The post How to Prevent Email Spoofing appeared first on Gridinsoft Blog.

How can you identify a suspicious email as “Spam”? What steps can you take to protect your computer from potential spam infections? Is it safe to open such emails?

In this article, we will address all these questions, helping you decipher the overwhelming number of mysterious emails in your inbox, understand their origins, and provide practical tips to avoid falling prey to spam emails.

How to Identify Spam Emails

If you have never heard of this type of message or have not encountered a particular moment with “Spam”, then we will tell you about some signs:

• Check the sender’s address. Look carefully at the sender’s address bar. If there is some incomprehensible set of letters and numbers, move the cursor to the address to see it in full. If he alerts you, enter him into the search engine and try to find something about this address.
• Follow the intended query. Think logically that large companies will not ask you for personal information, registration, bank account number, insurance details, and other confidential data. If you assume for what reason this service or the company, then yes, but if it all looks as inappropriate as possible – do not fall for it, it is SpamSpam!
• Be careful if the message creates the appearance of something urgent. Do not fall for such phrases: “Urgently,” “does not require a delay,” and others like that. The intruders are trying to put pressure on you in this way. They want these headlines to make you make your decisions quickly and rashly.
• Check whether the email uses your name. The company that will send you an email will probably know your details, at least your first and last name. Such phrases like “Dear Customer” or “Dear Reader” should make you doubt their legitimacy.
• Checks grammar and spelling. What does that mean? The strange wording in the article, miswritten words, and no system can give you the idea that there is something wrong.

Examples of Spam Emails

All spam emails have different types; you need to know and understand where you can meet them.

• Spoofed emails – in this case, the attacker attempts to deceive you by stealing confidential data and impersonating a different person.
• Ads are the most common form of SpamSpam. These are often scammers, although sometimes it can be an actual advertisement or product.
• Malware warnings – TI messages suggest you click on a predefined link to protect your PC from malware.
• Money scams – in this case, the pretenders, by deception, in the form of volunteers and good virtues, try to draw money from you.
• Over-the-top promises – this you often could see on the Internet. These are promises about quick winning, fast losing weight, big payouts, and other lies.
• Forced or accidental subscriptions – you probably bought something on the Internet and know that you offered to subscribe to the newsletter about new updates after the purchase. But some companies do this secretly; after the purchase, you automatically subscribe to a hundred emails from them.
• Chain letters – this is a made-up, where you press psychologically, frightening you that something will happen to you.

How to Stop Spam Emails

If your Inbox is already crowded, making it difficult to navigate and understand where messages come from and why, follow these steps to rid yourself of the massive number of spam emails:

1. Report the email as spam. Use your email provider’s option to mark emails as spam. This helps improve spam filters and keeps your inbox clean.
2. Block spam email addresses. Block addresses that frequently send you spam. This prevents further emails from those addresses from reaching your inbox.
3. Use an email alias. Create an alias for situations where you might not want to share your main email address. This helps protect your primary inbox from spam.
4. Change your email privacy settings. Adjust your email privacy settings to limit who can send you emails and prevent your address from being publicly accessible.
5. Unsubscribe from unwanted newsletters or mailing lists. Use the unsubscribe link typically found at the bottom of newsletters and marketing emails to stop receiving them.
6. Check if your email is on the dark web. Use services that can check if your email address has been compromised or is being circulated on the dark web.
7. Use SPF and DKIM email authentication. Ensure your email provider uses SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to authenticate emails and reduce spam.

Report the Email as Spam

Reporting spam emails helps improve the spam filters of your email provider and reduces the amount of spam you receive. Here’s a step-by-step guide on how to report an email address that is sending spam:

Block Spam Email Addresses

Blocking spam email addresses prevents further emails from those addresses from reaching your inbox. Here’s a step-by-step guide on how to block an email address:

Use an Email Alias

Using an email alias can help protect your primary email address from spam and keep your inbox organized. Here’s a step-by-step guide on how to create and use an email alias:

Check if Your Email is on the Dark Web

Checking if your email is on the dark web can help you take proactive measures to protect your information. Here’s a step-by-step guide on how to check if your email is compromised:

Use SPF and DKIM Email Authentication

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are email authentication methods that help protect your domain from email spoofing and ensure that your emails are delivered securely. Here’s a step-by-step guide on how to use SPF and DKIM:

Monitoring and Maintenance

1. Regularly Check Your DNS Records: Ensure your SPF and DKIM records are up-to-date and correctly configured.
2. Monitor Email Deliverability: Use email deliverability tools to monitor how well your emails are being delivered and check for any issues related to SPF or DKIM.
3. Update Records as Needed: If you change email providers or add new sending sources, update your SPF and DKIM records accordingly.

The post How to Stop and Block Spam Emails appeared first on Gridinsoft Blog.

It is crucial to thwart fraudulent attacks and learn how to protect yourself and your PC. If you have already fallen victim to a fraudulent attack, consider whether you should take action to protect yourself or seek revenge on the intruder.

Spam Email Revenge: Ways to Seek Retribution

Vengeance is not always the wisest choice, though it might gratify your ego. Users sometimes attempt to retaliate, but it often results in wasted time. It’s essential to understand that hackers and scammers are not naive individuals. They meticulously choose their targets for fake emails with malicious attachment. Attempting to outsmart them and expose their activities may lead to increased attacks on you. Users frequently encounter scams, and one particularly bothersome example is the McAfee scam email.

It’s advisable not to harm the fraudster. Attempting to retaliate might expose your phone number, leading to an influx of calls. Additionally, engaging in retaliatory spam may violate privacy policies and lead to legal consequences. If you are knowledgeable in privacy protection, we provide some points on how to retaliate against fraud.

How to Get Revenge: Some Tips

Here are practical steps to retaliate against spam emails:

1. Ignore: Ignoring spam messages is the simplest and most effective retaliation. Set up email filters to automatically move these messages to a spam folder or delete them. This way, you avoid accidentally engaging with malicious content and keep your inbox clean.
2. Scambaiting: Create a separate email address using a free service like Gmail or Yahoo for scambaiting. This account should have no personal information that ties back to you. If you bait a scammer and they compromise this account, you can easily delete it and start anew without any impact on your personal or professional life.
3. Join Forces With Others: Look for online communities such as 419Eater or Scamwarners where members specialize in scambaiting and sharing information about scammers. Joining these communities can provide you with resources, support, and a group to coordinate collective action against common fraudsters.
4. Use an Anti-Spam Chatbot: Employ a chatbot service like Re:scam which can impersonate a human in email conversations and waste a scammer’s time. You can forward spam emails to the chatbot, which will then take over the conversation with the scammer, keeping them engaged with nonsensical yet believable replies.
5. Report Scams to Authorities: Document all interactions with the scammer including emails, times, and any other relevant information. Then, report these details to the Federal Trade Commission (FTC) at their official site or your local consumer protection office. This documentation helps authorities track and potentially prosecute fraudsters, and your report can aid in broader efforts to combat spam and scams.

Scambaiting

Scambaiting is the art of engaging with scammers to waste their time and resources, with the noble aim of preventing them from targeting real victims. This method is popular among digital vigilantes who use tactics of deception to keep scammers busy, often with humorous and satisfying results.

Strategies for spam email revenge

• Creating a Safe Identity: Begin by adopting a pseudonym and establishing a dedicated email account that cannot be traced back to your real identity. This is your shield against potential backlash.
• Using Virtual Machines: For those dealing with tech-savvy scammers, employing a virtual machine can safeguard your actual systems. This setup creates a safe sandbox for any malicious attempts from scammers.
• Long Communication Chains: The longer you can engage a scammer, the less time they have for real victims. Keep them hooked with endless questions and requests for more details.
• Fake Documentation: Escalate the bait by providing fake documents. Use tools to create fictional receipts or IDs that look real but are completely bogus.

Ethics and Legal Considerations

Scambaiting walks a fine line between helpful and harmful. It’s crucial to stay on the right side of the law and maintain high ethical standards:

• Legality: Ensure all actions are legal. Avoid crossing into harassment or engaging in illegal activities.
• Ethical Boundaries: While tempting, refrain from using threats, offensive language, or deceitful tactics that mimic scammer behavior.

Safety Measures

• Protect Your Information: Use robust security measures for your scambaiting activities, including unique, strong passwords for any accounts used.
• Stay Emotionally Detached: Engaging with aggressive or manipulative individuals can be taxing. Keep an emotional distance to safeguard your mental well-being.

Communities and Resources

Joining a scambaiting community can provide support and additional resources for your anti-scam activities. These communities offer a wealth of knowledge and are a great place to learn new tactics.

• 419Eater: A well-known forum where scambaiters share stories and strategies.
• Scamwarners: A community focused on raising awareness and providing information on scammers.

Scambaiting offers a proactive way to protect unsuspecting individuals from fraud. It requires a strategic, thoughtful approach to ensure it’s effective and ethical. If done correctly, it can be a rewarding way to contribute to the safety of the online community.

The post Spam Email Revenge appeared first on Gridinsoft Blog.

Emails are used daily by millions worldwide professionally. Over time, however, this beneficial tool has also become a potential threat. Like anything connected to the internet and technology, email is vulnerable, particularly email attachments seen in most messages. This susceptibility has heightened concerns about email security.

Common Threat Types for Email Security

Before exploring how to protect yourself from the dangers associated with email attachments, it is important to understand the basic types of malicious email threats to which we are all susceptible.

1. Ransomware: Ransomware is a prevalent threat typically delivered through email. In such attacks, the perpetrator hacks the victim’s data and demands a ransom for its return.
2. Phishing: Phishing involves criminals sending emails that appear trustworthy, containing links or attachments that prompt for login details. These credentials are then used for malicious purposes. Many people inadvertently trust and interact with these deceptive emails.
3. Spam: Despite various methods developed to filter out unwanted spam, the issue persists. While some spam is merely bothersome, much of it can carry malware.

Email Safety Tips

The dangers associated with email attachments, as mentioned above, are common challenges faced routinely by users. However, there are numerous ways that your emails could be carrying malware and other threats like ransomware.

To help you stay safe and secure your email communications, we’ve compiled a list of effective email security tactics. These strategies will help you recognize potential dangers and avoid them before they escalate into serious issues. Let’s explore these tips!

1. Check the Sender

Business professionals often receive emails daily from various contacts, necessitating them to open and review each one. However, during a phishing scam, the sender’s name may appear familiar or even if not, the nature of business may compel you to open it regardless. Despite this, there is a precaution you can take: always verify the sender’s email address. Unusual email addresses are a common indicator of scams. Remember, it’s not necessary to open every email. If an email is critical, the sender will likely follow up with a phone call if they don’t receive a response. Trust your instincts; if an email feels suspicious, it’s safer to avoid engaging with it.

2. The Message Inside the Email

Even when you recognize the sender or are anticipating an email, exercise caution before opening it and engaging with its contents. Before clicking on any attachments, consider the following to ensure the email’s legitimacy:

• The subject line of the email is critical. If it lacks a subject line or the subject line is vague, proceed with caution. For example, if the subject mentions an “invoice”, verify your recent purchases. If you haven’t ordered anything that matches the described item, do not open the email and consider marking it as spam.
• Emails that lack detail and use generic greetings like “Hi” are often indicative of phishing attempts. A legitimate email will include specific details about the company and a clear explanation of the email’s purpose. If these elements are missing, it’s best to disregard the email.

3. Digital Signature in Emails

For those engaged in corporate communications, verifying the presence of a digital signature is crucial. Before opening any attachments, check if the email purportedly from a company includes a digital signature at its end. For emails sent through Microsoft Outlook, a digital signature may be indicated by a red ribbon icon within the message, signaling corporate authenticity.

4. Check the Email Links

After confirming the internal contents of the email, including the presence of a digital signature, a relevant subject line, and the company’s logo, you might feel confident about the email’s legitimacy. However, it’s essential to remain vigilant by checking the links as well. Hover your mouse over any link or attachment to preview the destination address. If the address appears suspicious or unrelated to the expected content, it likely indicates a malicious intent such as ransomware or another type of scam. In such cases, it is advisable to delete the email immediately and avoid clicking on any links.

5. Use GridinSoft Anti-Malware for Enhanced Protection

To further secure your email communications from malware and other cyber threats, consider using GridinSoft Anti-Malware. This powerful tool offers robust protection against a wide array of threats, including those commonly disseminated through email, such as ransomware and phishing scams. GridinSoft Anti-Malware provides real-time protection by scanning incoming emails and their attachments for any malicious content before it can harm your system.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Conclusion

Email has undoubtedly simplified and accelerated communication, revolutionizing business operations and opening countless opportunities. However, as technology has advanced, so too has the susceptibility of email to scams and other security threats. Prioritizing email security is essential for both individuals and businesses. By implementing the straightforward security measures discussed above, you can protect yourself and your business data effectively. Paying attention to the finer details and practicing vigilance can take just a minute or two, but these efforts are crucial in safeguarding against potential dangers.

The post How to Stay Safe When Using Email? appeared first on Gridinsoft Blog.

Internet Is A Dangerous Place Scam Overview

“Internet is a dangerous place”, or “Security status not satisfied” are both names of the same email scam campaign. It falls under the category of sextortion/social engineering frauds, that aim at scaring the victim with the threats of public intimidation and making them send the money.

This scam can take different forms, but its essence remains the same: the so-called hacker claims to have infected the victim’s devices and obtained confidential information. This makes it similar to other email extortion scams. If the victim does not pay the ransom, the hacker will publish this information. Hacker also boasts of infecting the devices of people from victim’s contact list, and collecting similar intimidating information about them as well.

These scam emails are slightly different from each other, but their basic content remains the same. Here is our example:

Let’s get through each element of this scam; I will explain the social engineering tricks that the scammer uses to make the victim believe that all this is for real. Also, I will debunk the mystical AI malware and all the related nonsense, made up entirely for adding mysticality and complexity to the alleged hack.

Fear-inducing Introduction

The message usually begins with an alarming subject line like “Security Status Not Satisfied”. It aims to catch the recipient off-guard, making them more vulnerable to the ensuing threats. The statement “I already know you and all your loved ones very well” is meant to induce fear by suggesting that the sender has intimate knowledge of the recipient’s personal life. It hints at a deep invasion of privacy, which is a potent trigger for anxiety and panic. This is a classic social engineering tactic.

Overall, the header contains vague and general statements that could apply to anyone. There are no specific details that would lend credibility to the sender’s knowledge or threats. Claims about such the ability to infect all contacts and relatives’ devices are hard to prove and are barely realistic. Lastly, the email mentions advanced technologies like artificial intelligence and invulnerable malware. However, it lacks any technical specifics that would make the threats believable.

Collecting Sensitive Information

The scammer continues with claims to have “monitored all your activities” and that “AI-based malware” was used to gather compromising data and record video through the webcam. This is the most intimidating factor of the scam, especially considering the fraudster’s focus on the moment when the user was watching adult content.

One more piece of intimidation is the fact that the user’s supposed recklessness has taken other people’s private life as collateral. Hacker claims that the malware has spread to other devices, including those of the victim’s friends and family. As there’s no way to prove or disprove this, it’s not that hard to take this bait as well. And overall, at this point into the scam, the victim likely believes the text – an ideal point to switch to the main course.

Threats of Publishing Exposing Videos of You & All The Contact Book

The scam reaches its climax with claims that the so-called hacker accessed the device’s webcam and captured video of the victim in a compromising situation. If this were true, the attacker would have attached a short part of this video or a screenshot as proof. This is meant to coerce the victim into paying the ransom to avoid public humiliation.

Perhaps the most desperate move by the fake hacker is the threats to the victim’s relatives and contacts. While this is theoretically possible, in practice, if a hacker did this, they wouldn’t boast about it. Moreover, if the attacker had managed to hack the victim’s contacts, they would at least provide some proof of it.

AI As a Malware

The same applies to the claims about using AI. While it is possible for cybercriminals to use artificial intelligence, they certainly do not use it in the way the so-called hacker describes. A much more prevalent application for this new technology is to write more convincing phishing emails, clone voices, and create deepfake videos.

What the “hacker” supposes is that they used AI to hack into the computer and collect the information. As far as Google knows, there is not a single case of such an application. And believe me, the Web will be set abuzz shall someone pull such a trick.

Ransom Demands

The fraudulent email concludes with a ransom demand, asking for ~$1200-1400 in Bitcoin, with a 48-hour deadline for payment. The scammer threatens to make all collected information and videos public and notify the victim’s contacts, supposedly causing irreparable damage to their reputation.

Cryptocurrency wallet address that the hacker specifies reveals some interesting details about how effective this scam is. Emails are sent in thousands every day, but the wallet has only 2 transactions. One of the previously used addresses is naught on any money transfers whatsoever. Nonetheless, $2800 for effectively doing nothing, except for writing and mass-mailing a scary email like a “Internet Is A Dangerous Place”, is still quite a sum.

Is your system infected?

Of course, there is no reason to believe this email, and we just found out why. Nevertheless, to ensure there are no threats on your system, even if unrelated to this email, I recommend scanning your device for malware. You can use GridinSoft Anti-Malware and follow the instructions below.

The post Internet Is A Dangerous Place appeared first on Gridinsoft Blog.

What Are Geek Squad Email Scams? How Do They Work?

The Geek Squad scam is an imposter scam in which criminals pose as Best Buy Technical Support and offer “help” with devices, accounts, or apps. In reality, these scoundrels are trying to steal your personal information, get you to give them remote access to your devices, or pay for their fraudulent services. Here is the typical procedure of this scam:

• Scammers reach out in any way they can (via email, text messages, phone calls, or fake websites) and pretend to be Best Buy Geek Squad employees.
• They will then claim that your device has been compromised, you owe money for your subscription, or that you need to “prove” your identity by providing confidential information (e.g., credit card numbers, social security number SSN, etc.).
• Sometimes they may even make you download malware or apps to access your device remotely.
• If successful, they trick you into cheating you out of even more money by emptying your accounts, stealing sensitive information on your device, or demanding payment for their services.

Anyone who has dealt with Geek Squad or Best Buy may face a Geek Squad scam. Unfortunately, more than 60% of their victims are over 60.

Geek Squad subscription auto-renewal texts or emails

Perhaps one of the nastiest scams from Geek Squad is that scammers send emails or text messages claiming that you have signed up for the Geek Squad subscription service. You will be billed hundreds of dollars unless you cancel your subscription. The message has a phone number to call if the payment is a “mistake”. However, they will ask for your credit card or other banking information to “get your money back” if you call that phone. Fraudsters use this information to commit financial fraud.

This fraud can often turn into a “refund scam.” This happens when scammers use stolen accounts or credit cards to send you extra money and ask you to “reimburse” the difference. Unfortunately, when the original account holder reports the fraud, you will lose the entire amount and everything you sent to the fraudster.

Identifying a scam:

• You receive an invoice or automatic renewal notice for Geek Squad services you did not request.
• The message is not from a BestBuy.com email address, contains spelling or grammatical errors, and does not use the correct Geek Squad logo.
• The number listed in the message is not the official Best Buy number.

Emails pressuring to download fake antivirus software

In this scam, fraudsters pass themselves off as Geek Squad technicians and tell you that your device is infected with malware. So they force you to download the “antivirus software” or give them remote access to your device. In both cases, you give the hackers full access to your device and your sensitive information, photos, or videos. The “antivirus software” hides malware that allows hackers to spy on you and your computer. Giving hackers remote access means they can do whatever they want with your device.

How to identify a scam:

• You receive an unwanted phone call or e-mail claiming that your device is infected with a virus. No one can tell you if your computer has been hacked without access.
• Fraudsters request remote access to your device to “fix” the problem. Always be careful if someone asks you to download software or wants access to your computer.

Tech support phone call scams

Unfortunately, these nasty guys often annoy their victims over the phone. If you are on the phone, the scammers force you to send them money for their services or make you download malware onto your devices.

Here are the two main ways phone scammers call you:

1. Scammers call you, claiming that your device is infected with malware or that you owe money for services.
2. Scammers create fake Web sites that provide fraudulent phone numbers for Geek Squad. Then, when you call, they route the calls to their phones and start the scam.

Detecting the fraud:

• You receive an unsolicited phone call from Geek Squad or another tech support group. These companies will rarely contact you directly. So be careful of anyone who calls you unsolicited.
• Once you get on the phone, the scammer won’t let you get off. Instead, they will do and say anything to keep you talking.

Browser pop-ups with alerts that your device is infected

Sometimes scammers use pop-ups on websites (often adult websites and illegal streaming platforms) and claim that your device is infected and requires immediate action. If you click on the pop-up, you will automatically download what looks like antivirus but is malware, adware, keylogger, or ransomware.

Spotting the fraud:

• No browser plug-in can check your device for viruses. So if you get a message that your device is infected, it’s a scam.
• Beware of device cleaner apps, as they often contain malware. If you are unsure about an app or software, google its name + “scam” or “safe”. If you have an installation file, you can check it here.

BestBuy.com password reset scam

Scammers send emails purporting to be from Best Buy, claiming that your “password reset didn’t work. The email will appear genuine and contain a link to update your account, even if you don’t have one. If you click on the link, it will take you to a site identical to the “BestBuy.com” login page. It’s a phishing site whose purpose is to steal your personal information. So, if you enter your real username and password for your “BestBuy.com” account, fraudsters will get that information and use it to make fraudulent purchases, buy untraceable gift cards, or steal your financial information.

How to detect this scam:

• You get an email to reset the password for an account you don’t have.
• When you click on the link, you are taken to a site that is not secure or not in the official “BestBuy.com” domain.

Accidental refund or overpayment scams

Scammers send you more stolen money than you expected, then ask you to “refund” the extra amount. If you call support, they will ask you to complete a form to proceed with a refund. But the form doesn’t work, so the support agent will ask for remote access to your desktop to help you complete the refund. As a result, you will lose the entire amount of money – the supposed refund and the “accidental” extra money.

Detecting this trick:

• Fraudsters ask to access your computer remotely to facilitate a refund.
• You have been told about a “refund” for more than the amount on your bill. If this happens, do not send the money. Instead, wait a few days for the funds to be transferred, or contact your bank and let them know what happened.

Fake Offers: Protection Service Plan

Although not as dangerous as other Geek Squad scams, this useless protection plan can still cause damage. In this scheme, scammers posing as specialists contact you by phone or e-mail to sell you protection services, such as antivirus. But these “tools” either do nothing or contain malware.

How to understand this is a scam:

• The tool has no online reviews or is not listed on popular review sites.
• Scammers contact you to try to sell you digital security services. An unsolicited email or phone call indicates that you are dealing with a scammer.

What to do when you become the victim of the Geek Squad email scam

If you have been the victim of a Geek Squad email scam, here’s what you should do:

• Never do anything you are told if you have been in contact with scammers.
• Block the number you just dialed so that scammers won’t contact you again.
• If you have provided personal information, such as credit card information, contact your bank immediately and have your funds blocked.
• Immediately change your login information if you signed up through a link that scammers sent you from your email address. You should not use the same login information for multiple accounts, but unfortunately, many people do it anyway.
• If you’ve downloaded software or any files from email, delete them. Check your computer for viruses!

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

How to Avoid This Scam?

When you receive an email from Geek Squad and fear it may be a scam, you’ve done half the work of preventing it. Never send personal information by email or any other method. Likewise, don’t reply to the email or call the number listed. It would help if you remember some rules to avoid falling for scammers’ tricks: avoid clicking on links and do not download attachments. It’s better to delete the letter altogether, as well as to block the sender. To summarize, it can be said that ignoring a fraudulent Geek Squad email and blocking the sender is the best way to avoid many problems.

The post Geek Squad Email Scam appeared first on Gridinsoft Blog.

Since many of us are still isolated at home, losing access to Netflix is almost as unpleasant as shutting down the Internet. Thus, any email from Netflix claiming that your payment details didn’t go through can get your attention and encourage you to act hastily. Below, we explain how the Netflix trap works and how to recognize a Netflix scam email.

How to Spot Netflix Scam Email?

At first glance, the fraudulent letter looks pretty convincing. It begins with the Netflix logo and the phrase “Something went wrong,” which may seem familiar to those whose streaming show is interrupted at the most critical moment of the show. However, a closer look reveals clear signs that email has nothing to do with Netflix.

Signs of The Netflix Email Scam:

• The sender’s email address has a different domain and is different from the original Netflix.
• A generic address is used instead of your name, which signifies that fraudsters sent this email bulk to thousands of accounts.
• The email contains elements of urgency designed to create panic so that users act quickly. For example, losing access to Netflix could be a threat if you don’t update your payment details immediately.

Sometimes scammers make a decent attempt to mimic genuine Netflix messages, and they almost succeed. But, as with most fraudulent emails, one or two details are usually missing that show it’s not a genuine email. So let’s go over everything you need to know about Netflix scam text 2022, shall we?

How the Netflix Scam Email Works

There are several common scenarios, but it’s worth mentioning a few red flags, to begin with, that suggest how it works.

1. Netflix Payment / Subscription Issues

The email says you need to update your account status by clicking on the attached Netflix phishing email link. The link will take you to a fake Netflix login page, asking you to log in and provide your credit card information. This way, scammers get the credentials and can use them to hijack your account. You can also hover over the link (without clicking) to see the actual destination URL. Still, it may be hidden behind a short link, that says nothing about its content. That is not a common practice in machine-generated notifications, so you should not follow that link either. In some cases, an attachment is pinned to an email. Opening or downloading it can install malware on your computer. This could potentially be ransomware that can lock your device and encrypt files.

2. Netflix Reward / Gift Online Survey

Sometimes the message promises you an exclusive reward, but you must take an online survey to get it. This is how scammers lure you into clicking on a built-in button that takes you to a fake Netflix survey page. It goes on to say that you can win a free one-year Netflix subscription or other “exclusive reward” by taking a simple online survey. Sounds tempting. However, there is, of course, no gift. The ultimate goal of scammers is to elicit your personal information! They will record everything you enter on these fake pages and use it to do their dirty deeds. Don’t fall for this – NEVER share your credit card or other personal information online unless you are 100% sure the website is legitimate!

What Happens if You Click on the Email Scam Link?

First, an important note – do not try to do this from a work computer that has access to your company network and data. Such security mistakes, which are easy to avoid, usually cost companies dearly. The link from the fraudulent Netflix email leads to a landing page that looks very similar to the real one. Next, you are asked to log in with your login and password.

If you’ve entered your genuine credentials, the scammer will have everything they need to log into your account and take advantage of your personal information. This may not be critical for Netflix, but given how many of us are used to reusing the same old passwords repeatedly, it won’t take long for a scammer to try to log into more sensitive accounts. To prevent this from happening, we highly recommend using a password manager.

To ensure you are on a phishing page, you can do a simple trick – enter a non-existent username and password. The original site will give you an error that the account does not exist. In this case, even after entering random credentials, the website prompts you to update your payment details. However, nothing will change – all you typed or will type in the fields on that fraudulent page will be simply transferred to hackers.

What to Do If I Receive a Fraudulent Netflix Email Scam?

Fraudulent emails are an integral part of online life. Although the quality of spam email filters continues to improve, even with services like Gmail, Outlook, and sometimes it’s hard to stay ahead of every threat. However, a few simple actions can keep you safe.

Delete or report

The easiest thing to do is delete obvious fraudulent emails. However, if you feel like a good digital citizen, you can report them first. For example, you can use an exclamation mark icon or flag spam emails. You can also forward the email to the appropriate services, such as phishing@netflix.com. Finally, notify your IT administrator if you encounter fraudulent emails on your work email account.

Do not click the suspicious links

Never click on any of the links in a potentially fraudulent email. Instead, if you want to verify your account information, open a new window or tab and go to the actual website regardless of the links in the email. Clicking the scam message will notify the crooks that your account is active – and you will be spammed even more. Moreover, some tricky techniques include token stealing. If you go by a specifically designed link while being logged into your account on the device, crooks will intercept the token and will be free to manage your account.

Avoid attachments

It’s important to say that users are getting hooked on Netflix by phishing email, as sad as it sounds. Attachments are a clever way to disguise malware and spread threats. If you see an unusual attachment in an email that you don’t expect, never open it. Those are usually MS Office files that contain macros. They only contain a Netflix text scam that asks you to activate macros execution, which is disabled by default. Macros, in its turn, connect to the command and control server, and download malicious payload to your PC. Due to the vulnerability of macros execution mechanism, it easily circumvents the security solution.

Don’t update your payment information

Never update your financial or payment information when asked to do it in an email. Most companies warn you against this. For example, Netflix says: “We will never ask for your personal information in Netflix scam text 2022 messages or emails. This includes bank account details, credit or debit card numbers or Netflix passwords“. Services rarely break their own rules, so only these rows are enough to spot a scam.

Don’t reuse the same passwords

If you use the same password to log in to multiple accounts, attackers only need to crack one of your accounts to access all the others. The effective way is to use a password manager. All you need to remember is one master password. Then the password manager will store and enter complex passwords for you. It’s a simple, inexpensive, and secure way to manage multiple logins.

The post Trending Netflix Scam Email You Should Know appeared first on Gridinsoft Blog.

How Microsoft Email Scam happens?

There are different variants of Microsoft email scam. Let’s take a couple of the most common ones as an example. We’re all used to Microsoft, Apple, Google, and other companies notifying users via email when they find potentially unusual activity on their accounts. Unfortunately, scammers have taken advantage of this situation and started sending out fake notifications. Some people can easily fall for this scam. Such an email encourages recipients to secure their Microsoft accounts by logging into them using the link provided (the “Review recent activity” button or “Sign-in added details attached”).

Clicking the link loads a fake Microsoft account login page that looks very similar to the real one. Next, the user is asked to provide their credentials. When the data is entered, it is sent to fraudsters who misuse it, for example, to hijack Microsoft accounts or sell them on the Darknet. In addition, fraudsters can use stolen accounts to spam other people’s contact lists, share various files (including malicious ones), or make purchases. Thus, people can become victims of identity theft, suffer monetary losses, and face privacy issues online. Therefore, you should ignore such emails.

Spam emails are popular among scammers who aim to get the victim to provide sensitive information, such as credentials and credit card details, or transfer money to them. For that, cybercriminals attach malicious files or links to websites designed to download malicious files. These can be ransomware, Trojans, and other malicious programs.

How does a computer get infected?

The email itself, if left untouched, will not harm. The infection only occurs when recipients open (execute) a malicious attachment or open a file downloaded from a link the email contains. In most cases, such emails include a malicious Microsoft Office or PDF document, an executable (.exe) file, a JavaScript file, or an archive file such as ZIP or RAR. Usually, these emails are disguised as critical official messages from legitimate companies.

How Can I Tell If an Email from Microsoft Is Genuine?

Sometimes Microsoft email scams are so well-crafted that it’s hard to tell if the email is genuine or fake. For example, the sender’s name and the content of the email may appear natural, but if you look closely, you see a lot of red flags. Here are essential points to help spot fake Microsoft emails:

The sender’s address

To check the sender’s address, hover your mouse over the “from” field and see if it is legitimate. For example, when you receive an email from Microsoft, ensure that the email address has the domain @microsoft.com and not something suspicious like @m1crosoft.com, @microsfot.com, @account-security-noreply.com, etc. Mismatched email domains indicate that it is a fake email.

A link leading to a suspicious website

If the email contains a link, don’t rush to click on it. These links often lead to malicious or phishing sites. Instead, make sure it is secure. You can use many tools to ensure the security of a web page, e.g. VirusTotal service. However, the easiest one is to hover over the link and look below to see where it leads.

Urgent calls to action or threats

If the message you receive looks like a threat or tells you that your account will be shut down if you don’t do what you’re told, that’s a serious red flag. For example, cybercriminals often offer to update your version of Outlook, claiming that incoming emails will be stopped unless you install the update within 48 hours. This is probably a scam or phishing Microsoft email attempt. A sense of urgency is a common scam strategy.

Generic messages

If an email doesn’t address you by your first name but uses, for example, “Dear User,” “Dear @youremail.com,” or “Dear Dear Dear Customer”, this should make you suspicious. Usually, companies call you by your first name or nickname you used to register on the website. The absence of this information can signal a Microsoft email scam attempt.

Email attachments

Is this a phishing email from Microsoft? Often legitimate companies will ask you to log into their website and view or download any documents there. However, if you receive an email with an attachment, we do not recommend downloading it, much less opening it. You can, of course, download it and check it with an antivirus application. Unfortunately, infected email attachments are a common practice used by cybercriminals.

Grammatical and spelling mistakes

Beware of emails that contain grammatical and spelling errors. This is a clear sign of Microsoft scams. A company like Microsoft (or any severe organization) would never send an email containing mistakes. Also, Microsoft will never contact users by email to ask for more account information, send out emails about updates, or provide technical support. The company does not initiate communication. Users must initiate any contact with Microsoft. Refrain from trusting emails marked Microsoft that ask you to install the latest application updates. These are most likely phishing attempts. If you’ve noticed these signs, you’ve probably come across Microsoft account email scams.

Examples of Microsoft Email Scam

Failure of delivery emails

If you’ve tried sending an email to a full or non-existent mailbox, you’ve probably received a message that the email has not been delivered. Such an email is conventionally divided into two halves – the first contains details of the error, and the second contains the text of the email itself. For example, cybercriminals send a fake email that includes a “send again” button. When you click on the link, malware is downloaded to your computer.

Re-activation requests

Office 365 phishing attacks are successful because they are based on fear and reflexive reactions. Fake re-activation requests tell recipients that their accounts are deactivated. The user needs to follow an attached malicious link to re-activate their accounts. The link leads to a fake login website, where the victim’s credentials are sent to the cybercriminals.

Alert for hitting storage limits

This Microsoft phishing email is also supposedly sent from Microsoft. If you use a subscription service, you may believe you have reached your account’s storage limit. Fraudsters send fake emails telling you that the user must activate “Quota” to resolve storage problems. This is malware, as in the case of fake delivery error emails. Be careful to avoid stumbling upon signs of Microsoft hacking scams.

How to Report a Suspicious Email to Microsoft?

You can ignore or delete a fraudulent email, but being a decent Internet user, you can help fight this scam. To do so, you need to report a suspicious email to Microsoft. Please select the message, click Report message, and choose Phishing. If you are using the web-based version of Outlook, check the box next to the appropriate email address, select Junk, and then Phishing. Alternatively, you can create a new email and add junk@office365.microsoft.com or phish@office365.microsoft.com as recipients and drag and drop the spam email into the new message. Also, remember to add the sender’s address to the blocked list.

The post Microsoft Email Scam appeared first on Gridinsoft Blog.

Water Curupira’s Email Spam Campaigns

Water Curupira, one of the known operators behind Pikabot, have been instrumental in various campaigns. It primarily aims at deploying backdoors such as Cobalt Strike, that end up with Black Basta ransomware. Initially involved in DarkGate and IcedID spam campaigns, the group has since shifted its focus exclusively to Pikabot.

Pikabot’s Mechanism

Pikabot operates through two main components, a distinguishing feature that enhances its malicious capabilities. The loader and core module enable unauthorized remote access and execution of arbitrary commands through a connection with a command-and-control (C&C) server.

Pikabot’s primary method of system infiltration involves spam emails containing archives or PDF attachments. These emails are skillfully designed to imitate legitimate communication threads. They utilize thread-hijacking techniques to increase the likelihood of recipients interacting with malicious links or attachments. The attachments, designed either as password-protected archives with an IMG file or as PDFs, are crafted to deploy the Pikabot payload.

System Impact

Once inside the target system, Pikabot demonstrates a complex and multi-layered infection process. It employs obfuscated JavaScript and a series of conditional execution commands, coupled with repeated attempts to download the payload from external sources. The core module of Pikabot is tasked with collecting detailed information about the system, encrypting this data, and transmitting it to a C&C server for potential use in further malicious activities.

Another layer of Pikabot mischievous actions is the ability to serve as a loader/dropper. Malware uses several classic techniques, such as DLL hookup and shellcode injection. Also, it is capable of straightforward executable file launching, which is suitable for certain attack cases. Among other threats, Pikabot is particularly known for spreading Cobalt Strike backdoor.

Recommendations

To protect yourself against threats like Pikabot, which is spread by Water Curupira through email spam, here are some key recommendations:

• Always hover over links to see where they lead before clicking.
• Be cautious of unfamiliar email addresses, mismatches in email and sender names, and spoofed company emails.
• For emails claiming to be from legitimate companies, verify both the sender’s identity and the email content before interacting with any links or downloading attachments.
• Keep your operating system and all software updated with the latest security patches.
• Consistently backup important data to an external and secure location, ensuring that you can restore information in case of a cyber attack.
• Educate yourself and your company. Keep up to date with the latest cyber news to stay ahead of the curve.

The post Water Curupira Hackers Spread PikaBot in Email Spam appeared first on Gridinsoft Blog.