Spam Email Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Wed, 11 Sep 2024 05:26:53 +0000 en-US hourly 1 https://wordpress.org/?v=66813 200474804 McAfee Scam Email https://gridinsoft.com/blogs/mcafee-scam-email/ https://gridinsoft.com/blogs/mcafee-scam-email/#respond Tue, 10 Sep 2024 14:51:29 +0000 https://gridinsoft.com/blogs/?p=11280 The McAfee email scam is a dangerous form of phishing fraud targeting users’ accounts at this antivirus vendor. Fraudsters lure users with appealing offers or urgent notifications about changes in terms, requiring immediate attention. This scam exhibits many variations and can have numerous consequences. McAfee Email Scam Targets Your Credentials This phishing scheme involves emails… Continue reading McAfee Scam Email

The post McAfee Scam Email appeared first on Gridinsoft Blog.

]]>
The McAfee email scam is a dangerous form of phishing fraud targeting users’ accounts at this antivirus vendor. Fraudsters lure users with appealing offers or urgent notifications about changes in terms, requiring immediate attention. This scam exhibits many variations and can have numerous consequences.

McAfee Email Scam Targets Your Credentials

This phishing scheme involves emails that guide users to a malicious webpage, mimicking the design of a simple login site. While scams involving email messages from strangers may employ various tactics, this particular scam impersonates routine notifications from McAfee concerning account details or user licenses. Offers might include a free license for one year, a prompt to approve changes to McAfee policies, or a reminder to renew a soon-to-expire license. However, the phrasing of these messages often renders them suspicious, as genuine communications from McAfee would not include such claims. Is there a specific McAfee scam email circulating in 2023 within the cybersecurity community?

McAfee scam email
The example of a fake renewal message

At the bottom of the email, or within the text itself, there is a link or button you can click to get more details. Regardless of the lure, it leads to a phishing page—one that mimics the McAfee login page or a fraudulent survey site. The former is typical of more alarming messages, while the latter usually accompanies offers of gifts. Does McAfee send these types of emails?

The phishing login page features only two states: the default one and a “wrong login/password” notification beneath the credential fields. No matter what you enter, the information is sent directly to fraudsters who can then take control of your account. Additionally, from the phishing page designed to steal your credentials, the site may also include a download button. This button could install software that you would never willingly download, such as adware or rogue applications, which are commonly linked to such scams.

McAfee email scam giveaway
McAfee scam: Fake giveaway messages looks like this

Pseudo-giveaway that promises you a gift will likely ask you for your personal information. Shady persons on the Darknet are willing to pay a lot for a database of users’ information. The pack of name/surname/physical address/email address/system information et cetera gives a lot of advantages for other scams.

Rarely, the message may contain the attached file, and the text allows you to open it instead of following the link. In this file, you’re supposed to see details about the changes in the terms or other stuff they used as a disguise for a letter. This attachment (often a .docx or .xlsx document) contains a virus.

How Dangerous is the McAfee Email Scam?

The main risk associated with following the instructions in a scam email is the theft of your account credentials and personal information. While sharing information with various online services might seem commonplace, these services are typically bound by GDPR rules to keep your data confidential. However, cybercriminals obtaining your information through phishing do not adhere to any rules or laws. Often, this stolen information is compiled into databases and sold on the Darknet, where the new owners are unlikely to have benevolent intentions.

Your McAfee account credentials are particularly valuable as they serve dual purposes. Possession of your account allows a criminal to steal your license key, which might be used to activate a pirated copy of the software or sold online at a fraction of the price you originally paid. If your license covers multiple devices, prepare for potential unauthorized users, or “squatters“, on your account. Additionally, stolen credentials can be added to databases of leaked passwords and logins, which are often utilized in brute force attacks to crack other accounts.

The injection of malware via an email attachment represents another significant threat. Unlike identity theft or account hacking, which may not have immediate effects, malware begins to operate as soon as it is launched. Phishing scams, such as those mimicking McAfee, have become a primary method for distributing malware, posing a serious risk to both individual users and corporations due to human vulnerabilities. The most common types of malware distributed this way include stealers, spyware, and ransomware, which can lead to compromised accounts and encrypted data—a highly undesirable outcome.

How to Protect Yourself from McAfee Email Scams?

The good news about most email scams is that they can easily be mitigated by simple attentiveness. Upon receiving a suspicious email, it is crucial to scrutinize both the body and header of the message. Even the most sophisticated forgeries will contain discrepancies that don’t match the original communications. Simpler scams often exhibit other telltale signs that can help you identify the deceit. So, how can you stop McAfee scam emails?

Typos and Grammatical Errors

Despite the prevalence of online spell checkers, scammers often neglect to use them, resulting in numerous errors in their messages. Poor English, missing punctuation, and subpar design are not features of official communications. The presence of these errors is a clear indicator of a fraudulent email.

McAfee email scam
That message does not look like a regular McAfee invoice

Link address

Genuine messages may contain links to their website – for instructions, for example. However, they always belong to the original sender’s domain (mcafee.com for the genuine McAfee email message case). If you see the link to a dubious page, like WebProtectionProgram, or a short link, that is the reason to avoid clicking it. Official mailing never contains links to external sites and never applies using short links.

While using the Internet is impossible without the annoying forwarding of letters over the network. How to legally get spam email revenge?

Sender’s email address

There are official email addresses companies use for mailing or conversations. They are often listed on their website. Receiving a letter that pretends to be sent by McAfee support, but the sender is mikey19137@aol.com does not look trustworthy. In complicated situations, crooks may try to use email addresses that look related to the sender. That’s why it is better to review the contacts on the website. For McAfee, those are the following:

info@authenticate.mcafee.com
Info@notification.mcafee.com
info@protect.mcafee.com
info@smmktg.mcafee.com
info@smtx.mcafee.com
info@mailing.mcafee.com
info@communication.mcafee.com
info@protect.mcafee.com.cname.campaign.adobe.com
donotreply@authentication.mcafee.com
donotreply@mcafee.com
consumersupport@mcafee.com
donotreply@authentication.mcafee.com
mcafeeinc-mkt-prod2@adobe-campaign.com
noreply@mail.idtheftprotection.mcafee.com
research@mcafee.com
mcafee@mail.email-ssl.com
no_reply@mcafee.com
no-reply@mcafeemobilesecurity.com

Strange Offers and Unusual Notifications

Giveaways, quizzes, or notifications about account blocking are not typical for reputable companies. They may contact you if there are issues with your account that need resolving, but you would likely be aware of these issues beforehand. Conversely, offers that require you to share personal information in exchange for a prolonged license are never legitimate. Coupled with the other signs we’ve discussed, these offers clearly indicate a fraudulent message.

What is Geek Squad email scam, and how to avoid and stay safe? It informs you about the transaction made in your account, but you don’t remember anything about the purchase.

Is it Possible to Avoid Email Spam in the Future?

Receiving email spam does not necessarily mean something bad has already happened. Scammers often buy databases filled with random email addresses and send out mass emails hoping to lure someone into a scam. If you do not respond or click on any links, scammers will likely remove you from their list eventually. However, any engagement, such as replying or clicking a link, signals to them that your account is active and susceptible to scams. Experts note that any interaction with a fraudulent email can lead to a significant increase in spam.

Several strategies can help reduce the amount of spam you receive and make it easier to differentiate between genuine and fraudulent emails. First, use a separate email address for registrations on websites or at events where you have concerns about their credibility. Some sites may not prioritize protecting their clients’ data and might sell their databases to third parties. While not always malicious, this practice can lead to unwanted exposure for your primary email address. Using a secondary email address as a buffer can help protect your main accounts from suspicious activities, ensuring greater security for your personal or work emails.

Report suspicious email
Report about suspicious email

Another tip involves reporting suspicious emails. While most email services employ advanced anti-spam engines to filter out the bulk of spam, no system is perfect. You might still find McAfee phishing emails in your inbox. Reporting these deceptive messages is straightforward: simply click the button with three dots on the message and select “Report Spam.”

Conclusion

In the fight against email scams, especially sophisticated ones like the McAfee email scam, proactive protection is key. While following the tips outlined above can significantly reduce your risk of falling victim to these scams, having robust antivirus software can provide an additional layer of security. We recommend using Anti-Malware for its effective detection and removal of malware threats.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post McAfee Scam Email appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mcafee-scam-email/feed/ 0 11280
How to Prevent Email Spoofing https://gridinsoft.com/blogs/prevent-email-spoofing/ https://gridinsoft.com/blogs/prevent-email-spoofing/#respond Fri, 19 Jul 2024 15:20:27 +0000 https://gridinsoft.com/blogs/?p=9471 Types of Email Spoofing Email spoofing, also known as spoofing email, involves forging the sender’s email address. Often, the address in the sender’s field is fake; any responses sent to this address will likely reach a third party. The primary goal of this scam is to deceive the user. Fraudsters deploy a variety of tactics… Continue reading How to Prevent Email Spoofing

The post How to Prevent Email Spoofing appeared first on Gridinsoft Blog.

]]>
Types of Email Spoofing

Email spoofing, also known as spoofing email, involves forging the sender’s email address. Often, the address in the sender’s field is fake; any responses sent to this address will likely reach a third party. The primary goal of this scam is to deceive the user.

Fraudsters deploy a variety of tactics to execute a successful spoofing attack 1. Below, we explore the most common methods they use.

1. Sharing a Similar Domain

To successfully spoof an email, fraudsters meticulously imitate sender addresses that appear similar to those of well-known organizations or companies. They typically:

  • Alter the top-level domain, for example, from support@spotify.com to support@spotify.co
  • Change the domain to include a country code, for example, support@spotify.com.ru
  • Modify a single character in the domain name, turning support@spotify.com into support@spatify.com
  • Use a variant of the domain that still references the brand, such as support@spotifyinfo.com
  • Create an email address that incorporates the company’s name, like support.spotify@gmail.com

2. Substituting the Sender’s Name

This tactic involves falsifying the sender’s name, with the “From” and “Reply-To” headers displaying the fraudster’s address instead. This method is particularly prevalent on mobile mail clients, which typically only display the sender’s name. Fraudsters may use:

  • Misleading variations of the company’s name.
  • Fabricated names paired with deceptive email addresses.

Imagine that you receive an email like this:

Preventing Email Spoofing - Example 1

Notice that all fields are correct, but the From and Reply-To fields are not. When Dude1 receives this email, he may think it’s from his boss. When he hits “Reply,” all he’ll see in the To: field is the name “BossMan,” but it will actually go back to his friend who spoofed the email, Dude2.

3. Changes the significance of the From and Reply-to fields

Because the SMTP protocol does not authenticate headers, fraudsters can easily forge addresses in the From and Reply fields without being noticed. Thus, they have the privilege of not being caught, as a fake is almost no different from the original.

Protection from Email Spoofing

To effectively guard against email spoofing, it’s essential to configure email security protocols such as SPF, DKIM, and DMARC. Below, you’ll find step-by-step guides on how to set up these protocols for popular email platforms:

1. Setting Up SPF (Sender Policy Framework)

SPF helps to verify that incoming mail from a domain comes from a host authorized by that domain’s administrators.

  • Gmail: Go to the Google Admin console, navigate to ‘Domains’, and then ‘Add a domain or a domain alias’. Add the SPF record in your DNS settings: v=spf1 include:_spf.google.com ~all
  • Outlook: In the Microsoft 365 admin center, go to ‘Settings’ → ‘Domains’, select your domain, and add the SPF record to your DNS settings: v=spf1 include:spf.protection.outlook.com -all

2. Implementing DKIM (DomainKeys Identified Mail)

DKIM (DomainKeys Identified Mail) adds an encrypted signature to outgoing emails, allowing the receiver to verify that an email was indeed sent and authorized by the owner of the sending domain. Setting up DKIM correctly can help prevent email spoofing by verifying the authenticity of the sender. Here’s how to set up DKIM for Gmail and Outlook:

Implementing DKIM for Gmail:

Setup DKIM for Gmail - Prevent Email Spoofing

To configure DKIM for Gmail, use the following steps:

  1. Sign in to the Google Admin console.
  2. Navigate to AppsGoogle WorkspaceGmailAuthenticate email.
  3. Select the domain for which you want to set up DKIM and click GENERATE NEW RECORD. You might see this option only if you haven’t already set up DKIM for your domain.
  4. Choose a key length of 2048 bits for better security (1024 bits is also available but less secure).
  5. After generating the DKIM key, Google will provide you with a TXT record to add to your domain’s DNS. It will look something like this:
    google._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSq...AB"

    This is your public key.

  6. Add this record to your DNS settings at your domain host. Keep in mind that DNS propagation can take up to 48 hours.
  7. Once the DNS has propagated, return to the Admin console and click START AUTHENTICATION.

When DKIM is set up correctly, Gmail will sign outgoing emails automatically, allowing recipient servers to verify their authenticity.

Implementing DKIM for Outlook:

For users of Microsoft 365 or Outlook, the setup process involves similar steps:

  1. Login to the Microsoft 365 Defender portal.
  2. Go to Email & collaborationPolicies & rulesThreat policiesDKIM.
  3. Choose the domain you wish to enable DKIM for and click Enable.
  4. If no DKIM keys exist, Microsoft will prompt you to create them. Click on Create to generate the keys.
  5. Microsoft will then provide two CNAME records to add to your domain’s DNS. These records delegate the DKIM signing authority to Microsoft. They typically look like this:
    selector1._domainkey.YOURDOMAIN.com CNAME selector1-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
    selector2._domainkey.YOURDOMAIN.com CNAME selector2-YOURDOMAIN-com._domainkey.OURDOMAIN.onmicrosoft.com
  6. Add these CNAME records to your DNS. Again, allow up to 48 hours for DNS changes to take effect.
  7. Once DNS propagation is complete, go back to the Defender portal and confirm the DKIM status to ensure it is active.

Implementing DKIM for your domain significantly improves your email security by enabling email authenticity verification at the recipient’s end.

3. Configuring DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication, policy, and reporting protocol. It builds on SPF and DKIM protocols, helping email receivers determine if a given message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle these discrepancies. Here’s a step-by-step guide to setting up DMARC:

Understanding DMARC Policy:

Before setting up DMARC, you need to understand the policies you can apply:

None: This policy allows all emails, regardless of authentication status, to be delivered (used for monitoring and reporting purposes).
Quarantine: Emails that fail DMARC authentication will be moved to the spam folder or a similar location.
Reject: Fully blocks delivery of emails that fail DMARC authentication.

Steps to Configure DMARC:

  1. Create a DMARC record: A DMARC policy is published as a DNS TXT record. The typical format of a DMARC record looks like this:
    v=DMARC1; p=none; rua=mailto:admin@yourdomain.com

    In this example, ‘p=none’ specifies the policy, and ‘rua’ indicates where aggregate reports of DMARC failures will be sent.

  2. Choose Your Policy: Decide which policy (none, quarantine, reject) fits your needs based on your security posture and the maturity of your SPF and DKIM setups.
  3. Specify Email Reporting: Determine where you want reports of pass/fail to be sent. These reports are crucial for understanding the types of attacks targeting your domain and observing how your emails are being received on the internet. Use ‘rua’ for aggregate reports and ‘ruf’ for forensic reports:
    rua=mailto:aggregate@yourdomain.com; ruf=mailto:forensic@yourdomain.com
  4. Publish the DMARC Record: Add the DMARC TXT record to your domain’s DNS. This is similar to adding SPF or DKIM records. You typically enter the record into your DNS management dashboard.
  5. Monitor and Adjust: After implementing DMARC, monitor the reports you receive and adjust your policy as needed. Initially starting with a ‘none’ policy and moving to ‘quarantine’ or ‘reject’ as you confirm that legitimate emails are passing SPF and DKIM checks is a common approach.

Additional DMARC Tags:

DMARC records can include several optional tags to refine its operation:

  • aspf: Alignment mode for SPF (strict or relaxed).
  • adkim: Alignment mode for DKIM (strict or relaxed).
  • fo: Forensic options to specify conditions under which forensic reports should be generated.
  • rf: The format to be used in forensic reports.
  • ri: Reporting interval for how often you want to receive the aggregate reports.

How to Prevent Email Spoofing

The post How to Prevent Email Spoofing appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/prevent-email-spoofing/feed/ 0 9471
How to Stop and Block Spam Emails https://gridinsoft.com/blogs/avoid-spam-email/ https://gridinsoft.com/blogs/avoid-spam-email/#respond Thu, 04 Jul 2024 12:32:03 +0000 https://blog.gridinsoft.com/?p=747 Spam refers to the flood of unwanted emails that clutter your inbox, often from unknown and dubious sources. These emails not only waste your time but can also pose serious security threats by attempting to install malware or steal your personal information. Spam has been a nuisance since the early days of the Internet, making… Continue reading How to Stop and Block Spam Emails

The post How to Stop and Block Spam Emails appeared first on Gridinsoft Blog.

]]>
Spam refers to the flood of unwanted emails that clutter your inbox, often from unknown and dubious sources. These emails not only waste your time but can also pose serious security threats by attempting to install malware or steal your personal information. Spam has been a nuisance since the early days of the Internet, making it a persistent problem to tackle. This is why it’s crucial to understand the benefits of using malware protection to safeguard your data.

How can you identify a suspicious email as “Spam”? What steps can you take to protect your computer from potential spam infections? Is it safe to open such emails?

In this article, we will address all these questions, helping you decipher the overwhelming number of mysterious emails in your inbox, understand their origins, and provide practical tips to avoid falling prey to spam emails.

10 working tips to protect your personal data. Data protection includes any measures we take to protect data, no matter where it is stored.

How to Identify Spam Emails

If you have never heard of this type of message or have not encountered a particular moment with “Spam”, then we will tell you about some signs:

  • Check the sender’s address. Look carefully at the sender’s address bar. If there is some incomprehensible set of letters and numbers, move the cursor to the address to see it in full. If he alerts you, enter him into the search engine and try to find something about this address.
  • Follow the intended query. Think logically that large companies will not ask you for personal information, registration, bank account number, insurance details, and other confidential data. If you assume for what reason this service or the company, then yes, but if it all looks as inappropriate as possible – do not fall for it, it is SpamSpam!
  • Be careful if the message creates the appearance of something urgent. Do not fall for such phrases: “Urgently,” “does not require a delay,” and others like that. The intruders are trying to put pressure on you in this way. They want these headlines to make you make your decisions quickly and rashly.
  • Check whether the email uses your name. The company that will send you an email will probably know your details, at least your first and last name. Such phrases like “Dear Customer” or “Dear Reader” should make you doubt their legitimacy.
  • Checks grammar and spelling. What does that mean? The strange wording in the article, miswritten words, and no system can give you the idea that there is something wrong.
Fraudsters are just trying to keep you on their ads, or something, by sending out a huge number of letters, but sometimes they manage to achieve their intended goal due to this. How to legally retaliate for email spam

Examples of Spam Emails

All spam emails have different types; you need to know and understand where you can meet them.

  • Spoofed emails – in this case, the attacker attempts to deceive you by stealing confidential data and impersonating a different person.
  • Ads are the most common form of SpamSpam. These are often scammers, although sometimes it can be an actual advertisement or product.
  • Malware warnings – TI messages suggest you click on a predefined link to protect your PC from malware.
  • Money scams – in this case, the pretenders, by deception, in the form of volunteers and good virtues, try to draw money from you.
  • Over-the-top promises – this you often could see on the Internet. These are promises about quick winning, fast losing weight, big payouts, and other lies.
  • Forced or accidental subscriptions – you probably bought something on the Internet and know that you offered to subscribe to the newsletter about new updates after the purchase. But some companies do this secretly; after the purchase, you automatically subscribe to a hundred emails from them.
  • Chain letters – this is a made-up, where you press psychologically, frightening you that something will happen to you.

How to Stop Spam Emails

If your Inbox is already crowded, making it difficult to navigate and understand where messages come from and why, follow these steps to rid yourself of the massive number of spam emails:

  1. Report the email as spam. Use your email provider’s option to mark emails as spam. This helps improve spam filters and keeps your inbox clean.
  2. Block spam email addresses. Block addresses that frequently send you spam. This prevents further emails from those addresses from reaching your inbox.
  3. Use an email alias. Create an alias for situations where you might not want to share your main email address. This helps protect your primary inbox from spam.
  4. Change your email privacy settings. Adjust your email privacy settings to limit who can send you emails and prevent your address from being publicly accessible.
  5. Unsubscribe from unwanted newsletters or mailing lists. Use the unsubscribe link typically found at the bottom of newsletters and marketing emails to stop receiving them.
  6. Check if your email is on the dark web. Use services that can check if your email address has been compromised or is being circulated on the dark web.
  7. Use SPF and DKIM email authentication. Ensure your email provider uses SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to authenticate emails and reduce spam.

Report the Email as Spam

Reporting spam emails helps improve the spam filters of your email provider and reduces the amount of spam you receive. Here’s a step-by-step guide on how to report an email address that is sending spam:

GmailOutlookYahoo MailApple Mail (iCloud)ProtonMail

Gmail

  1. Open Gmail and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the three vertical dots (More) in the top-right corner of the email.
  4. Select “Report spam” from the dropdown menu.
  5. A confirmation message will appear. Click “Report spam” again to confirm.

Outlook

  1. Open Outlook and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the three horizontal dots (More actions) in the top-right corner of the email.
  4. Select “Mark as junk” from the dropdown menu.
  5. Confirm by clicking “Report” in the pop-up window.

Yahoo Mail

  1. Open Yahoo Mail and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the three horizontal dots (More) in the top-right corner of the email.
  4. Select “Report spam” from the dropdown menu.
  5. Confirm by clicking “Report” in the pop-up window.

Apple Mail (iCloud)

  1. Open Apple Mail and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the Flag icon at the top of the email.
  4. Select “Move to Junk” from the dropdown menu.

ProtonMail

  1. Open ProtonMail and go to your inbox.
  2. Find the spam email you want to report and open it.
  3. Click on the three vertical dots (More) in the top-right corner of the email.
  4. Select “Mark as spam” from the dropdown menu.

Block Spam Email Addresses

Blocking spam email addresses prevents further emails from those addresses from reaching your inbox. Here’s a step-by-step guide on how to block an email address:

GmailOutlookYahoo MailApple Mail (iCloud)ProtonMail

Gmail

  1. Open Gmail and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the three vertical dots (More) in the top-right corner of the email.
  4. Select “Block [sender’s name]” from the dropdown menu.
  5. Click “Block” again in the confirmation box.

Outlook

  1. Open Outlook and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the three horizontal dots (More actions) in the top-right corner of the email.
  4. Select “Block [sender’s name]” from the dropdown menu.
  5. Confirm by clicking “OK” in the pop-up window.

Yahoo Mail

  1. Open Yahoo Mail and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the three horizontal dots (More) in the top-right corner of the email.
  4. Select “Block sender” from the dropdown menu.
  5. Confirm by clicking “OK” in the pop-up window.

Apple Mail (iCloud)

  1. Open Apple Mail and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the sender’s name or email address at the top of the email.
  4. Select “Block Contact” from the dropdown menu.
  5. Confirm by clicking “Block” in the pop-up window.

ProtonMail

  1. Open ProtonMail and go to your inbox.
  2. Find the email from the address you want to block and open it.
  3. Click on the three vertical dots (More) in the top-right corner of the email.
  4. Select “Block sender” from the dropdown menu.

Use an Email Alias

Using an email alias can help protect your primary email address from spam and keep your inbox organized. Here’s a step-by-step guide on how to create and use an email alias:

GmailOutlookYahoo MailApple Mail (iCloud)ProtonMail

Gmail

  1. Open Gmail and go to your inbox.
  2. Click on the gear icon in the top-right corner and select “See all settings”.
  3. Go to the “Accounts and Import” tab.
  4. In the “Send mail as” section, click “Add another email address”.
  5. Enter your alias email address and click “Next Step”.
  6. Verify the alias by following the instructions sent to the alias email address.
  7. To use the alias when composing an email, click on the “From” field in the compose window and select your alias email address.

Outlook

  1. Open Outlook and go to your inbox.
  2. Click on the gear icon in the top-right corner and select “View all Outlook settings”.
  3. Go to “Email” and then “Sync email”.
  4. In the “Manage or choose a primary alias” section, click “Add email”.
  5. Select “Create a new email address and add it as an alias” and enter your desired alias.
  6. Click “Add alias” and follow the verification steps.
  7. To use the alias, compose a new email and select the alias from the “From” dropdown menu.

Yahoo Mail

  1. Open Yahoo Mail and go to your inbox.
  2. Click on the gear icon in the top-right corner and select “More Settings”.
  3. Go to the “Mailboxes” tab.
  4. In the “Email alias” section, click “Add”.
  5. Enter your desired alias and click “Set up”.
  6. Verify the alias by following the instructions sent to your primary email address.
  7. To use the alias, compose a new email and select the alias from the “From” dropdown menu.

Apple Mail (iCloud)

  1. Open iCloud.com and sign in with your Apple ID.
  2. Click on “Mail” and then the gear icon in the lower-left corner.
  3. Select “Preferences” and go to the “Accounts” tab.
  4. Click on “Add an alias”.
  5. Enter your desired alias, full name, and label, then click “OK”.
  6. To use the alias, compose a new email and select the alias from the “From” dropdown menu.

ProtonMail

  1. Open ProtonMail and go to your inbox.
  2. Click on the gear icon in the top-right corner and select “Go to settings”.
  3. Go to the “Addresses/Users” tab.
  4. Click on “Add address”.
  5. Enter your desired alias and follow the on-screen instructions to verify and set up the alias.
  6. To use the alias, compose a new email and select the alias from the “From” dropdown menu.

Check if Your Email is on the Dark Web

Checking if your email is on the dark web can help you take proactive measures to protect your information. Here’s a step-by-step guide on how to check if your email is compromised:

Have I Been PwnedSecurity FeaturesThird-Party Services

Using Have I Been Pwned

  1. Open your web browser and go to the Have I Been Pwned website.
  2. Enter your email address in the search bar and click on “pwned?”.
  3. Review the results to see if your email address has been compromised in any data breaches.
  4. If your email is found, the site will list the breaches and provide details about what information was exposed.

Using Your Email Provider’s Security Features

  1. Log in to your email account (Gmail, Outlook, Yahoo, etc.).
  2. Go to the security or privacy settings.
  3. Look for an option that checks if your email is compromised or if there are any suspicious activities. Some providers have built-in features to alert you if your email is found on the dark web.
  4. Follow the on-screen instructions to check your email’s security status.

Using Third-Party Services

Several third-party services can help you check if your email is on the dark web. Here are a few reliable options:

  • Identity Guard: Offers dark web monitoring as part of their identity theft protection services.
  • Experian Dark Web Scan: A free tool provided by the credit reporting agency Experian.

Steps to Take if Your Email is Found on the Dark Web


Change Your Passwords: Immediately change the passwords for your compromised email account and any other accounts that use the same password.

Enable Two-Factor Authentication (2FA): Add an extra layer of security by enabling 2FA on your accounts.

Monitor Your Accounts: Keep a close eye on your email and other accounts for any suspicious activity.

Use a Password Manager: Use a password manager to generate and store strong, unique passwords for each of your accounts.

Consider Identity Theft Protection: Enroll in an identity theft protection service for ongoing monitoring and support.

Use SPF and DKIM Email Authentication

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are email authentication methods that help protect your domain from email spoofing and ensure that your emails are delivered securely. Here’s a step-by-step guide on how to use SPF and DKIM:

Setting Up SPFSetting Up DKIM

Setting Up SPF

1. Access Your Domain’s DNS Settings:
  • Log in to your domain registrar or hosting provider’s control panel.
  • Navigate to the DNS settings or DNS management section.
2. Create an SPF Record:
  • Add a new TXT record to your DNS settings.
  • In the Name field, enter @ or leave it blank (depending on your provider).
  • In the Type field, select TXT.
  • In the Value field, enter your SPF record. A typical SPF record looks like this:
    v=spf1 include:_spf.google.com ~all
    This example allows Google to send emails on your behalf. Modify the value based on your email provider’s recommendations.
  • Save the changes.
3. Verify the SPF Record:

Use an SPF validation tool, such as MXToolbox or SPF Record Checker, to verify your SPF record is set up correctly.

Setting Up DKIM

1. Generate a DKIM Key Pair:
  • Log in to your email service provider’s control panel (e.g., Google Workspace, Office 365).
  • Navigate to the DKIM settings section and generate a DKIM key pair (public and private keys).
2. Add the DKIM Public Key to Your DNS:
  • Log in to your domain registrar or hosting provider’s control panel.
  • Navigate to the DNS settings or DNS management section.
  • Add a new TXT record for DKIM.
  • In the Name field, enter the DKIM selector and your domain name. It often looks like this: google._domainkey.yourdomain.com.
  • In the Type field, select TXT.
  • In the Value field, paste the DKIM public key provided by your email service provider. It looks something like:
    v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa...
  • Save the changes.
3. Enable DKIM Signing:
  • Go back to your email service provider’s control panel.
  • Navigate to the DKIM settings section.
  • Enable DKIM signing for your domain. This will ensure outgoing emails are signed with the private key.
4. Verify the DKIM Record:

Use a DKIM validation tool, such as MXToolbox or DKIM Record Checker, to verify your DKIM record is set up correctly.

Monitoring and Maintenance

  1. Regularly Check Your DNS Records: Ensure your SPF and DKIM records are up-to-date and correctly configured.
  2. Monitor Email Deliverability: Use email deliverability tools to monitor how well your emails are being delivered and check for any issues related to SPF or DKIM.
  3. Update Records as Needed: If you change email providers or add new sending sources, update your SPF and DKIM records accordingly.

How to Stop and Block Spam Emails

The post How to Stop and Block Spam Emails appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/avoid-spam-email/feed/ 0 747
Spam Email Revenge https://gridinsoft.com/blogs/legally-get-spam-email-revenge/ https://gridinsoft.com/blogs/legally-get-spam-email-revenge/#comments Wed, 03 Jul 2024 13:51:44 +0000 https://gridinsoft.com/blogs/?p=8720 Spam email revenge is a rather expected though nowadasy, as it is impossible to avoid the annoying onslaught of malicious network letters. Scammers persistently attempt to engage you with their ads or worse, by inundating you with a plethora of emails. Occasionally, they manage to achieve their intended goals, such as installing malware on your… Continue reading Spam Email Revenge

The post Spam Email Revenge appeared first on Gridinsoft Blog.

]]>
Spam email revenge is a rather expected though nowadasy, as it is impossible to avoid the annoying onslaught of malicious network letters. Scammers persistently attempt to engage you with their ads or worse, by inundating you with a plethora of emails. Occasionally, they manage to achieve their intended goals, such as installing malware on your device, spreading viruses, or stealing data.

It is crucial to thwart fraudulent attacks and learn how to protect yourself and your PC. If you have already fallen victim to a fraudulent attack, consider whether you should take action to protect yourself or seek revenge on the intruder.

Spam Email Revenge: Ways to Seek Retribution

Vengeance is not always the wisest choice, though it might gratify your ego. Users sometimes attempt to retaliate, but it often results in wasted time. It’s essential to understand that hackers and scammers are not naive individuals. They meticulously choose their targets for fake emails with malicious attachment. Attempting to outsmart them and expose their activities may lead to increased attacks on you. Users frequently encounter scams, and one particularly bothersome example is the McAfee scam email.

Spam Email Revenge

It’s advisable not to harm the fraudster. Attempting to retaliate might expose your phone number, leading to an influx of calls. Additionally, engaging in retaliatory spam may violate privacy policies and lead to legal consequences. If you are knowledgeable in privacy protection, we provide some points on how to retaliate against fraud.

How to Get Revenge: Some Tips

Here are practical steps to retaliate against spam emails:

  1. Ignore: Ignoring spam messages is the simplest and most effective retaliation. Set up email filters to automatically move these messages to a spam folder or delete them. This way, you avoid accidentally engaging with malicious content and keep your inbox clean.
  2. Scambaiting: Create a separate email address using a free service like Gmail or Yahoo for scambaiting. This account should have no personal information that ties back to you. If you bait a scammer and they compromise this account, you can easily delete it and start anew without any impact on your personal or professional life.
  3. Join Forces With Others: Look for online communities such as 419Eater or Scamwarners where members specialize in scambaiting and sharing information about scammers. Joining these communities can provide you with resources, support, and a group to coordinate collective action against common fraudsters.
  4. Use an Anti-Spam Chatbot: Employ a chatbot service like Re:scam which can impersonate a human in email conversations and waste a scammer’s time. You can forward spam emails to the chatbot, which will then take over the conversation with the scammer, keeping them engaged with nonsensical yet believable replies.
  5. Report Scams to Authorities: Document all interactions with the scammer including emails, times, and any other relevant information. Then, report these details to the Federal Trade Commission (FTC) at their official site or your local consumer protection office. This documentation helps authorities track and potentially prosecute fraudsters, and your report can aid in broader efforts to combat spam and scams.

Scambaiting

Scambaiting is the art of engaging with scammers to waste their time and resources, with the noble aim of preventing them from targeting real victims. This method is popular among digital vigilantes who use tactics of deception to keep scammers busy, often with humorous and satisfying results.

Strategies for spam email revenge

  • Creating a Safe Identity: Begin by adopting a pseudonym and establishing a dedicated email account that cannot be traced back to your real identity. This is your shield against potential backlash.
  • Using Virtual Machines: For those dealing with tech-savvy scammers, employing a virtual machine can safeguard your actual systems. This setup creates a safe sandbox for any malicious attempts from scammers.
  • Long Communication Chains: The longer you can engage a scammer, the less time they have for real victims. Keep them hooked with endless questions and requests for more details.
  • Fake Documentation: Escalate the bait by providing fake documents. Use tools to create fictional receipts or IDs that look real but are completely bogus.

Ethics and Legal Considerations

Scambaiting walks a fine line between helpful and harmful. It’s crucial to stay on the right side of the law and maintain high ethical standards:

  • Legality: Ensure all actions are legal. Avoid crossing into harassment or engaging in illegal activities.
  • Ethical Boundaries: While tempting, refrain from using threats, offensive language, or deceitful tactics that mimic scammer behavior.

Safety Measures

  • Protect Your Information: Use robust security measures for your scambaiting activities, including unique, strong passwords for any accounts used.
  • Stay Emotionally Detached: Engaging with aggressive or manipulative individuals can be taxing. Keep an emotional distance to safeguard your mental well-being.

Communities and Resources

Joining a scambaiting community can provide support and additional resources for your anti-scam activities. These communities offer a wealth of knowledge and are a great place to learn new tactics.

  • 419Eater: A well-known forum where scambaiters share stories and strategies.
  • Scamwarners: A community focused on raising awareness and providing information on scammers.

Scambaiting offers a proactive way to protect unsuspecting individuals from fraud. It requires a strategic, thoughtful approach to ensure it’s effective and ethical. If done correctly, it can be a rewarding way to contribute to the safety of the online community.

Discover what to do if a scammer has your email address and learn how to respond to fake messages from trusted addresses.

The post Spam Email Revenge appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/legally-get-spam-email-revenge/feed/ 4 8720
How to Stay Safe When Using Email? https://gridinsoft.com/blogs/email-security-tactics/ https://gridinsoft.com/blogs/email-security-tactics/#respond Fri, 28 Jun 2024 03:46:33 +0000 https://blog.gridinsoft.com/?p=2481 Email has been a staple in the internet world for over two decades, significantly enhancing communication. It has simplified the exchange of critical information for people within and beyond the business sector, allowing discussions from any global location. This tool has particularly revolutionized the business landscape. However, securing email communications has become crucial with the… Continue reading How to Stay Safe When Using Email?

The post How to Stay Safe When Using Email? appeared first on Gridinsoft Blog.

]]>
Email has been a staple in the internet world for over two decades, significantly enhancing communication. It has simplified the exchange of critical information for people within and beyond the business sector, allowing discussions from any global location. This tool has particularly revolutionized the business landscape. However, securing email communications has become crucial with the rise of cybercrime.

Emails are used daily by millions worldwide professionally. Over time, however, this beneficial tool has also become a potential threat. Like anything connected to the internet and technology, email is vulnerable, particularly email attachments seen in most messages. This susceptibility has heightened concerns about email security.

Common Threat Types for Email Security

Before exploring how to protect yourself from the dangers associated with email attachments, it is important to understand the basic types of malicious email threats to which we are all susceptible.

  1. Ransomware: Ransomware is a prevalent threat typically delivered through email. In such attacks, the perpetrator hacks the victim’s data and demands a ransom for its return.
  2. Phishing: Phishing involves criminals sending emails that appear trustworthy, containing links or attachments that prompt for login details. These credentials are then used for malicious purposes. Many people inadvertently trust and interact with these deceptive emails.
  3. Spam: Despite various methods developed to filter out unwanted spam, the issue persists. While some spam is merely bothersome, much of it can carry malware.
Fake email with phishing link mimic Zoom mailing
Fake email with phishing link mimic Zoom mailing

Email Safety Tips

The dangers associated with email attachments, as mentioned above, are common challenges faced routinely by users. However, there are numerous ways that your emails could be carrying malware and other threats like ransomware.

To help you stay safe and secure your email communications, we’ve compiled a list of effective email security tactics. These strategies will help you recognize potential dangers and avoid them before they escalate into serious issues. Let’s explore these tips!

1. Check the Sender

Business professionals often receive emails daily from various contacts, necessitating them to open and review each one. However, during a phishing scam, the sender’s name may appear familiar or even if not, the nature of business may compel you to open it regardless. Despite this, there is a precaution you can take: always verify the sender’s email address. Unusual email addresses are a common indicator of scams. Remember, it’s not necessary to open every email. If an email is critical, the sender will likely follow up with a phone call if they don’t receive a response. Trust your instincts; if an email feels suspicious, it’s safer to avoid engaging with it.

Fraudsters mimic FedEx email. Pay attention to the email address
Fraudsters mimic FedEx email. Pay attention to the email address.

2. The Message Inside the Email

Even when you recognize the sender or are anticipating an email, exercise caution before opening it and engaging with its contents. Before clicking on any attachments, consider the following to ensure the email’s legitimacy:

Attachment with unknown content tries to look like an invoice
Attachment with unknown content tries to look like an invoice
  • The subject line of the email is critical. If it lacks a subject line or the subject line is vague, proceed with caution. For example, if the subject mentions an “invoice”, verify your recent purchases. If you haven’t ordered anything that matches the described item, do not open the email and consider marking it as spam.
  • Emails that lack detail and use generic greetings like “Hi” are often indicative of phishing attempts. A legitimate email will include specific details about the company and a clear explanation of the email’s purpose. If these elements are missing, it’s best to disregard the email.

3. Digital Signature in Emails

For those engaged in corporate communications, verifying the presence of a digital signature is crucial. Before opening any attachments, check if the email purportedly from a company includes a digital signature at its end. For emails sent through Microsoft Outlook, a digital signature may be indicated by a red ribbon icon within the message, signaling corporate authenticity.

4. Check the Email Links

After confirming the internal contents of the email, including the presence of a digital signature, a relevant subject line, and the company’s logo, you might feel confident about the email’s legitimacy. However, it’s essential to remain vigilant by checking the links as well. Hover your mouse over any link or attachment to preview the destination address. If the address appears suspicious or unrelated to the expected content, it likely indicates a malicious intent such as ransomware or another type of scam. In such cases, it is advisable to delete the email immediately and avoid clicking on any links.

Link inside of SMS is barely able to be legit
Link inside of SMS is barely able to be legit

5. Use GridinSoft Anti-Malware for Enhanced Protection

To further secure your email communications from malware and other cyber threats, consider using GridinSoft Anti-Malware. This powerful tool offers robust protection against a wide array of threats, including those commonly disseminated through email, such as ransomware and phishing scams. GridinSoft Anti-Malware provides real-time protection by scanning incoming emails and their attachments for any malicious content before it can harm your system.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

Conclusion

Email has undoubtedly simplified and accelerated communication, revolutionizing business operations and opening countless opportunities. However, as technology has advanced, so too has the susceptibility of email to scams and other security threats. Prioritizing email security is essential for both individuals and businesses. By implementing the straightforward security measures discussed above, you can protect yourself and your business data effectively. Paying attention to the finer details and practicing vigilance can take just a minute or two, but these efforts are crucial in safeguarding against potential dangers.

The post How to Stay Safe When Using Email? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/email-security-tactics/feed/ 0 2481
Internet Is A Dangerous Place https://gridinsoft.com/blogs/internet-is-a-dangerous-place-email-scam/ https://gridinsoft.com/blogs/internet-is-a-dangerous-place-email-scam/#respond Tue, 25 Jun 2024 19:29:36 +0000 https://gridinsoft.com/blogs/?p=23026 The “Internet Is A Dangerous Place” scam is a novel type of threatening email message that targets people with threats of intimidation and exposure. In this fraudulent email, the scammer claims to have obtained some compromising information and recordings. They further demand a ransom to prevent publishing the data to the public. Internet Is A… Continue reading Internet Is A Dangerous Place

The post Internet Is A Dangerous Place appeared first on Gridinsoft Blog.

]]>
The “Internet Is A Dangerous Place” scam is a novel type of threatening email message that targets people with threats of intimidation and exposure. In this fraudulent email, the scammer claims to have obtained some compromising information and recordings. They further demand a ransom to prevent publishing the data to the public.

Internet Is A Dangerous Place Scam Overview

“Internet is a dangerous place”, or “Security status not satisfied” are both names of the same email scam campaign. It falls under the category of sextortion/social engineering frauds, that aim at scaring the victim with the threats of public intimidation and making them send the money.

This scam can take different forms, but its essence remains the same: the so-called hacker claims to have infected the victim’s devices and obtained confidential information. This makes it similar to other email extortion scams. If the victim does not pay the ransom, the hacker will publish this information. Hacker also boasts of infecting the devices of people from victim’s contact list, and collecting similar intimidating information about them as well.

"Internet Is A Dangerous Place" scam mail screenshot
“Internet Is A Dangerous Place” scam mail

These scam emails are slightly different from each other, but their basic content remains the same. Here is our example:

Click to expand the scam email text
Subject: Security status not satisfied.

I was planning to say hello, but now I think greetings are unnecessary.

Firstly, I already know you and all your loved ones very well.
Secondly, the occasion for which I’m writing to you is not the happiest one for a friendly greeting.

You’ve heard that the Internet s a dangerous place, infested with malicious links and hackers like me?
Of course, you’ve heard, but what’s the point in it if you are so dismissive of your internet security and don’t care what websites you visit?
Times have changed. You read about AI, judging by your browser history, and still didn’t understand anything?

Technologies have stepped far forward, and now hackers like me use artificial intelligence.
Thanks to it, I can get not only access to your webcam and record your fun with highly controversial video
(I recorded it also, but now that’s not the point), but also to all your devices and not only yours.
And I saved a special sauce for this dish. I went further and sent malicious links to all your contacts from your account.

Yes, someone was smarter and realized that this was a trap and you were hacked, but believe me,
about 70% of your contact list (and these are your friends, colleagues, and family) bought into my scam.
They have as many skeletons in their closet as you do. Some turn out to be hidden homosexuals…

I have accumulated and analyzed a huge amount of compromising data on you and those with whom you communicate.
Very soon I’ll start a crossfire – everyone will receive the full history of correspondence
(and there are enough of “sensitive moments”) and recordings from the other contact’s webcam.
I can go further and put all these files, as well as the recorded fun of you and your hacked contacts with “hardcore videos” into the public domain.

You can imagine, it will be a real sensation!
And everyone will understand where it came from – from you.
For all your contacts and, you will be enemy number one. Even your relatives will take a long time to forgive you and forget such a family shame…

It will be the real end of the world. The only difference is that there will be not four horsemen of the apocalypse, but only one – (=
But there is no such thing as a completely black stripe without any white dots.
Luckily for you, in my case the “Three M Rule” comes into play – Money, Money and Money again.

I’m not interested in your worthless life, I’m interested in people from whom I can profit.
And today you are one of them.

That’s why: Transfer $1390 in Bitcoin to: 1PPJpvSPbbMwbESJZXGS8VtKiFQkmm7DvK …within 48 hours!

You don’t know how to use cryptocurrencies? Use Google, everything is simple.

Once payment is received, I will delete all information associated with you and you will never hear from me again.
Remember one thing: my crypto address is anonymous, and I generated this letter in your mailbox and sent it to you.
You can call the cops, do whatever you want – they won’t find me, my demands won’t change, but you’ll just waste precious time.

The clock is ticking. Tick tock, a minute out of 48 hours has passed right now. An hour will soon pass, and in two days your old life will pass forever.
Either goodbye forever (if I get my payment), or hello to a brave new world in which there will be no place for you.

Hasta La Vista, Baby!
P.S. Almost forgot. Finally learn what incognito tabs, two-factor authentication, and the TOR browser are, for God’s sake!

Let’s get through each element of this scam; I will explain the social engineering tricks that the scammer uses to make the victim believe that all this is for real. Also, I will debunk the mystical AI malware and all the related nonsense, made up entirely for adding mysticality and complexity to the alleged hack.

Fear-inducing Introduction

The message usually begins with an alarming subject line like “Security Status Not Satisfied”. It aims to catch the recipient off-guard, making them more vulnerable to the ensuing threats. The statement “I already know you and all your loved ones very well” is meant to induce fear by suggesting that the sender has intimate knowledge of the recipient’s personal life. It hints at a deep invasion of privacy, which is a potent trigger for anxiety and panic. This is a classic social engineering tactic.

Overall, the header contains vague and general statements that could apply to anyone. There are no specific details that would lend credibility to the sender’s knowledge or threats. Claims about such the ability to infect all contacts and relatives’ devices are hard to prove and are barely realistic. Lastly, the email mentions advanced technologies like artificial intelligence and invulnerable malware. However, it lacks any technical specifics that would make the threats believable.

Collecting Sensitive Information

The scammer continues with claims to have “monitored all your activities” and that “AI-based malware” was used to gather compromising data and record video through the webcam. This is the most intimidating factor of the scam, especially considering the fraudster’s focus on the moment when the user was watching adult content.

One more piece of intimidation is the fact that the user’s supposed recklessness has taken other people’s private life as collateral. Hacker claims that the malware has spread to other devices, including those of the victim’s friends and family. As there’s no way to prove or disprove this, it’s not that hard to take this bait as well. And overall, at this point into the scam, the victim likely believes the text – an ideal point to switch to the main course.

Threats of Publishing Exposing Videos of You & All The Contact Book

The scam reaches its climax with claims that the so-called hacker accessed the device’s webcam and captured video of the victim in a compromising situation. If this were true, the attacker would have attached a short part of this video or a screenshot as proof. This is meant to coerce the victim into paying the ransom to avoid public humiliation.

Perhaps the most desperate move by the fake hacker is the threats to the victim’s relatives and contacts. While this is theoretically possible, in practice, if a hacker did this, they wouldn’t boast about it. Moreover, if the attacker had managed to hack the victim’s contacts, they would at least provide some proof of it.

AI As a Malware

The same applies to the claims about using AI. While it is possible for cybercriminals to use artificial intelligence, they certainly do not use it in the way the so-called hacker describes. A much more prevalent application for this new technology is to write more convincing phishing emails, clone voices, and create deepfake videos.

What the “hacker” supposes is that they used AI to hack into the computer and collect the information. As far as Google knows, there is not a single case of such an application. And believe me, the Web will be set abuzz shall someone pull such a trick.

Ransom Demands

The fraudulent email concludes with a ransom demand, asking for ~$1200-1400 in Bitcoin, with a 48-hour deadline for payment. The scammer threatens to make all collected information and videos public and notify the victim’s contacts, supposedly causing irreparable damage to their reputation.

Cryptocurrency wallet address that the hacker specifies reveals some interesting details about how effective this scam is. Emails are sent in thousands every day, but the wallet has only 2 transactions. One of the previously used addresses is naught on any money transfers whatsoever. Nonetheless, $2800 for effectively doing nothing, except for writing and mass-mailing a scary email like a “Internet Is A Dangerous Place”, is still quite a sum.

List of transactions for this wallet screenshot
List of transactions for this wallet

Is your system infected?

Of course, there is no reason to believe this email, and we just found out why. Nevertheless, to ensure there are no threats on your system, even if unrelated to this email, I recommend scanning your device for malware. You can use GridinSoft Anti-Malware and follow the instructions below.

Internet Is A Dangerous Place

The post Internet Is A Dangerous Place appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/internet-is-a-dangerous-place-email-scam/feed/ 0 23026
Geek Squad Email Scam https://gridinsoft.com/blogs/geek-squad-email-scam/ https://gridinsoft.com/blogs/geek-squad-email-scam/#comments Thu, 20 Jun 2024 08:09:21 +0000 https://gridinsoft.com/blogs/?p=10560 Suppose you receive an email from someone claiming to be from Geek Squad. He informs you about a transaction made in your account, but you don’t remember buying anything. This is probably part of the Geek Squad email scam. You may have heard about it somewhere before, so below, we’ll find out how this scam… Continue reading Geek Squad Email Scam

The post Geek Squad Email Scam appeared first on Gridinsoft Blog.

]]>
Suppose you receive an email from someone claiming to be from Geek Squad. He informs you about a transaction made in your account, but you don’t remember buying anything. This is probably part of the Geek Squad email scam. You may have heard about it somewhere before, so below, we’ll find out how this scam works, how to avoid it, and what you can do if you’ve already fallen victim to it

What Are Geek Squad Email Scams? How Do They Work?

The Geek Squad scam is an imposter scam in which criminals pose as Best Buy Technical Support and offer “help” with devices, accounts, or apps. In reality, these scoundrels are trying to steal your personal information, get you to give them remote access to your devices, or pay for their fraudulent services. Here is the typical procedure of this scam:

  • Scammers reach out in any way they can (via email, text messages, phone calls, or fake websites) and pretend to be Best Buy Geek Squad employees.
  • They will then claim that your device has been compromised, you owe money for your subscription, or that you need to “prove” your identity by providing confidential information (e.g., credit card numbers, social security number SSN, etc.).
  • Sometimes they may even make you download malware or apps to access your device remotely.
  • If successful, they trick you into cheating you out of even more money by emptying your accounts, stealing sensitive information on your device, or demanding payment for their services.

Anyone who has dealt with Geek Squad or Best Buy may face a Geek Squad scam. Unfortunately, more than 60% of their victims are over 60.

Geek Squad scams can take many forms, so it’s important to know what they look like so you can detect and avoid them. Below are the most common methods of this scam and ways to identify them.

Geek Squad subscription auto-renewal texts or emails

Perhaps one of the nastiest scams from Geek Squad is that scammers send emails or text messages claiming that you have signed up for the Geek Squad subscription service. You will be billed hundreds of dollars unless you cancel your subscription. The message has a phone number to call if the payment is a “mistake”. However, they will ask for your credit card or other banking information to “get your money back” if you call that phone. Fraudsters use this information to commit financial fraud.

Fake renewal Geek Squad Email Scam
An example of subscription renewal scam, even if there was no subscription.

This fraud can often turn into a “refund scam.” This happens when scammers use stolen accounts or credit cards to send you extra money and ask you to “reimburse” the difference. Unfortunately, when the original account holder reports the fraud, you will lose the entire amount and everything you sent to the fraudster.

Identifying a scam:

  • You receive an invoice or automatic renewal notice for Geek Squad services you did not request.
  • The message is not from a BestBuy.com email address, contains spelling or grammatical errors, and does not use the correct Geek Squad logo.
  • The number listed in the message is not the official Best Buy number.

Emails pressuring to download fake antivirus software

In this scam, fraudsters pass themselves off as Geek Squad technicians and tell you that your device is infected with malware. So they force you to download the “antivirus software” or give them remote access to your device. In both cases, you give the hackers full access to your device and your sensitive information, photos, or videos. The “antivirus software” hides malware that allows hackers to spy on you and your computer. Giving hackers remote access means they can do whatever they want with your device.

How to identify a scam:

  • You receive an unwanted phone call or e-mail claiming that your device is infected with a virus. No one can tell you if your computer has been hacked without access.
  • Fraudsters request remote access to your device to “fix” the problem. Always be careful if someone asks you to download software or wants access to your computer.

Tech support phone call scams

Unfortunately, these nasty guys often annoy their victims over the phone. If you are on the phone, the scammers force you to send them money for their services or make you download malware onto your devices.

Here are the two main ways phone scammers call you:

  1. Scammers call you, claiming that your device is infected with malware or that you owe money for services.
  2. Scammers create fake Web sites that provide fraudulent phone numbers for Geek Squad. Then, when you call, they route the calls to their phones and start the scam.

Detecting the fraud:

  • You receive an unsolicited phone call from Geek Squad or another tech support group. These companies will rarely contact you directly. So be careful of anyone who calls you unsolicited.
  • Once you get on the phone, the scammer won’t let you get off. Instead, they will do and say anything to keep you talking.

Browser pop-ups with alerts that your device is infected

Sometimes scammers use pop-ups on websites (often adult websites and illegal streaming platforms) and claim that your device is infected and requires immediate action. If you click on the pop-up, you will automatically download what looks like antivirus but is malware, adware, keylogger, or ransomware.

Malicious browser pop-up
Pop-ups may look different, but the essence is the same.

Spotting the fraud:

  • No browser plug-in can check your device for viruses. So if you get a message that your device is infected, it’s a scam.
  • Beware of device cleaner apps, as they often contain malware. If you are unsure about an app or software, google its name + “scam” or “safe”. If you have an installation file, you can check it here.

BestBuy.com password reset scam

Scammers send emails purporting to be from Best Buy, claiming that your “password reset didn’t work. The email will appear genuine and contain a link to update your account, even if you don’t have one. If you click on the link, it will take you to a site identical to the “BestBuy.com” login page. It’s a phishing site whose purpose is to steal your personal information. So, if you enter your real username and password for your “BestBuy.com” account, fraudsters will get that information and use it to make fraudulent purchases, buy untraceable gift cards, or steal your financial information.

Phishing Geek Squad Email Scam With Mistakes
The writing contains many grammatical mistakes.

How to detect this scam:

  • You get an email to reset the password for an account you don’t have.
  • When you click on the link, you are taken to a site that is not secure or not in the official “BestBuy.com” domain.

Accidental refund or overpayment scams

Scammers send you more stolen money than you expected, then ask you to “refund” the extra amount. If you call support, they will ask you to complete a form to proceed with a refund. But the form doesn’t work, so the support agent will ask for remote access to your desktop to help you complete the refund. As a result, you will lose the entire amount of money – the supposed refund and the “accidental” extra money.

Detecting this trick:

  • Fraudsters ask to access your computer remotely to facilitate a refund.
  • You have been told about a “refund” for more than the amount on your bill. If this happens, do not send the money. Instead, wait a few days for the funds to be transferred, or contact your bank and let them know what happened.

Fake Offers: Protection Service Plan

Although not as dangerous as other Geek Squad scams, this useless protection plan can still cause damage. In this scheme, scammers posing as specialists contact you by phone or e-mail to sell you protection services, such as antivirus. But these “tools” either do nothing or contain malware.

How to understand this is a scam:

  • The tool has no online reviews or is not listed on popular review sites.
  • Scammers contact you to try to sell you digital security services. An unsolicited email or phone call indicates that you are dealing with a scammer.

What to do when you become the victim of the Geek Squad email scam

If you have been the victim of a Geek Squad email scam, here’s what you should do:

  • Never do anything you are told if you have been in contact with scammers.
  • Block the number you just dialed so that scammers won’t contact you again.
  • If you have provided personal information, such as credit card information, contact your bank immediately and have your funds blocked.
  • Immediately change your login information if you signed up through a link that scammers sent you from your email address. You should not use the same login information for multiple accounts, but unfortunately, many people do it anyway.
  • If you’ve downloaded software or any files from email, delete them. Check your computer for viruses!
GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

How to Avoid This Scam?

When you receive an email from Geek Squad and fear it may be a scam, you’ve done half the work of preventing it. Never send personal information by email or any other method. Likewise, don’t reply to the email or call the number listed. It would help if you remember some rules to avoid falling for scammers’ tricks: avoid clicking on links and do not download attachments. It’s better to delete the letter altogether, as well as to block the sender. To summarize, it can be said that ignoring a fraudulent Geek Squad email and blocking the sender is the best way to avoid many problems.

The post Geek Squad Email Scam appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/geek-squad-email-scam/feed/ 2 10560
Trending Netflix Scam Email You Should Know https://gridinsoft.com/blogs/netflix-email-scam/ https://gridinsoft.com/blogs/netflix-email-scam/#comments Wed, 15 May 2024 18:17:55 +0000 https://gridinsoft.com/blogs/?p=11266 These days, phishing Netflix scam email are gaining momentum because they target the human factor, which is the most vulnerable part of the security system. Scammers often masquerade as reputable, easily identifiable organizations. To understand the magnitude of the problem, it’s worth noting that Netflix customers are warned to beware of phishing emails purportedly sent… Continue reading Trending Netflix Scam Email You Should Know

The post Trending Netflix Scam Email You Should Know appeared first on Gridinsoft Blog.

]]>
These days, phishing Netflix scam email are gaining momentum because they target the human factor, which is the most vulnerable part of the security system. Scammers often masquerade as reputable, easily identifiable organizations. To understand the magnitude of the problem, it’s worth noting that Netflix customers are warned to beware of phishing emails purportedly sent by Netflix. These emails look so convincing that recipients don’t hesitate to click on the links supposedly to update their Netflix account information and fall victim to these emails, risking massive data and financial loss.

Since many of us are still isolated at home, losing access to Netflix is almost as unpleasant as shutting down the Internet. Thus, any email from Netflix claiming that your payment details didn’t go through can get your attention and encourage you to act hastily. Below, we explain how the Netflix trap works and how to recognize a Netflix scam email.

How to Spot Netflix Scam Email?

At first glance, the fraudulent letter looks pretty convincing. It begins with the Netflix logo and the phrase “Something went wrong,” which may seem familiar to those whose streaming show is interrupted at the most critical moment of the show. However, a closer look reveals clear signs that email has nothing to do with Netflix.

Signs of The Netflix Email Scam:

  • The sender’s email address has a different domain and is different from the original Netflix.
  • A generic address is used instead of your name, which signifies that fraudsters sent this email bulk to thousands of accounts.
  • The email contains elements of urgency designed to create panic so that users act quickly. For example, losing access to Netflix could be a threat if you don’t update your payment details immediately.
Example of a Netflix Scams
Example of a scam message

Sometimes scammers make a decent attempt to mimic genuine Netflix messages, and they almost succeed. But, as with most fraudulent emails, one or two details are usually missing that show it’s not a genuine email. So let’s go over everything you need to know about Netflix scam text 2022, shall we?

How the Netflix Scam Email Works

There are several common scenarios, but it’s worth mentioning a few red flags, to begin with, that suggest how it works.

1. Netflix Payment / Subscription Issues

The email says you need to update your account status by clicking on the attached Netflix phishing email link. The link will take you to a fake Netflix login page, asking you to log in and provide your credit card information. This way, scammers get the credentials and can use them to hijack your account. You can also hover over the link (without clicking) to see the actual destination URL. Still, it may be hidden behind a short link, that says nothing about its content. That is not a common practice in machine-generated notifications, so you should not follow that link either. In some cases, an attachment is pinned to an email. Opening or downloading it can install malware on your computer. This could potentially be ransomware that can lock your device and encrypt files.

2. Netflix Reward / Gift Online Survey

Sometimes the message promises you an exclusive reward, but you must take an online survey to get it. This is how scammers lure you into clicking on a built-in button that takes you to a fake Netflix survey page. It goes on to say that you can win a free one-year Netflix subscription or other “exclusive reward” by taking a simple online survey. Sounds tempting. However, there is, of course, no gift. The ultimate goal of scammers is to elicit your personal information! They will record everything you enter on these fake pages and use it to do their dirty deeds. Don’t fall for this – NEVER share your credit card or other personal information online unless you are 100% sure the website is legitimate!

Netflix Scam Email: Top Netflix Scams 2022 (Phishing Texts, Emails)
Scammers offer to take an online survey

What Happens if You Click on the Email Scam Link?

First, an important note – do not try to do this from a work computer that has access to your company network and data. Such security mistakes, which are easy to avoid, usually cost companies dearly. The link from the fraudulent Netflix email leads to a landing page that looks very similar to the real one. Next, you are asked to log in with your login and password.

If you’ve entered your genuine credentials, the scammer will have everything they need to log into your account and take advantage of your personal information. This may not be critical for Netflix, but given how many of us are used to reusing the same old passwords repeatedly, it won’t take long for a scammer to try to log into more sensitive accounts. To prevent this from happening, we highly recommend using a password manager.

Trending Netflix Scam Email You Should Know

To ensure you are on a phishing page, you can do a simple trick – enter a non-existent username and password. The original site will give you an error that the account does not exist. In this case, even after entering random credentials, the website prompts you to update your payment details. However, nothing will change – all you typed or will type in the fields on that fraudulent page will be simply transferred to hackers.

Netflix Scam: Fake Netflix Card Request
Whatever you entered earlier, you will eventually be asked for your card information

What to Do If I Receive a Fraudulent Netflix Email Scam?

Fraudulent emails are an integral part of online life. Although the quality of spam email filters continues to improve, even with services like Gmail, Outlook, and sometimes it’s hard to stay ahead of every threat. However, a few simple actions can keep you safe.

Delete or report

The easiest thing to do is delete obvious fraudulent emails. However, if you feel like a good digital citizen, you can report them first. For example, you can use an exclamation mark icon or flag spam emails. You can also forward the email to the appropriate services, such as phishing@netflix.com. Finally, notify your IT administrator if you encounter fraudulent emails on your work email account.

Do not click the suspicious links

Never click on any of the links in a potentially fraudulent email. Instead, if you want to verify your account information, open a new window or tab and go to the actual website regardless of the links in the email. Clicking the scam message will notify the crooks that your account is active – and you will be spammed even more. Moreover, some tricky techniques include token stealing. If you go by a specifically designed link while being logged into your account on the device, crooks will intercept the token and will be free to manage your account.

Avoid attachments

It’s important to say that users are getting hooked on Netflix by phishing email, as sad as it sounds. Attachments are a clever way to disguise malware and spread threats. If you see an unusual attachment in an email that you don’t expect, never open it. Those are usually MS Office files that contain macros. They only contain a Netflix text scam that asks you to activate macros execution, which is disabled by default. Macros, in its turn, connect to the command and control server, and download malicious payload to your PC. Due to the vulnerability of macros execution mechanism, it easily circumvents the security solution.

Netflix Scam Email
Take your time to see what’s in this attachment

Don’t update your payment information

Never update your financial or payment information when asked to do it in an email. Most companies warn you against this. For example, Netflix says: “We will never ask for your personal information in Netflix scam text 2022 messages or emails. This includes bank account details, credit or debit card numbers or Netflix passwords“. Services rarely break their own rules, so only these rows are enough to spot a scam.

Don’t reuse the same passwords

If you use the same password to log in to multiple accounts, attackers only need to crack one of your accounts to access all the others. The effective way is to use a password manager. All you need to remember is one master password. Then the password manager will store and enter complex passwords for you. It’s a simple, inexpensive, and secure way to manage multiple logins.

The post Trending Netflix Scam Email You Should Know appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/netflix-email-scam/feed/ 1 11266
Microsoft Email Scam https://gridinsoft.com/blogs/microsoft-email-scam/ https://gridinsoft.com/blogs/microsoft-email-scam/#respond Tue, 14 May 2024 09:31:56 +0000 https://gridinsoft.com/blogs/?p=12428 Hackers are constantly finding new ways to infect your computer with malware and steal your data. With over 1.3 billion devices running Windows worldwide, hackers are more likely to impersonate Microsoft. Unfortunately, Microsoft email scams are more common than you might imagine. Scammers ask you to install the latest updates, confirm your account information, or… Continue reading Microsoft Email Scam

The post Microsoft Email Scam appeared first on Gridinsoft Blog.

]]>
Hackers are constantly finding new ways to infect your computer with malware and steal your data. With over 1.3 billion devices running Windows worldwide, hackers are more likely to impersonate Microsoft. Unfortunately, Microsoft email scams are more common than you might imagine. Scammers ask you to install the latest updates, confirm your account information, or contact customer support. This article will tell you how to identify fake Microsoft emails and not fall victim to them.

How Microsoft Email Scam happens?

There are different variants of Microsoft email scam. Let’s take a couple of the most common ones as an example. We’re all used to Microsoft, Apple, Google, and other companies notifying users via email when they find potentially unusual activity on their accounts. Unfortunately, scammers have taken advantage of this situation and started sending out fake notifications. Some people can easily fall for this scam. Such an email encourages recipients to secure their Microsoft accounts by logging into them using the link provided (the “Review recent activity” button or “Sign-in added details attached”).

Opened Microsoft email scam message
An actual email from Microsoft will not be in the junk folder.

Clicking the link loads a fake Microsoft account login page that looks very similar to the real one. Next, the user is asked to provide their credentials. When the data is entered, it is sent to fraudsters who misuse it, for example, to hijack Microsoft accounts or sell them on the Darknet. In addition, fraudsters can use stolen accounts to spam other people’s contact lists, share various files (including malicious ones), or make purchases. Thus, people can become victims of identity theft, suffer monetary losses, and face privacy issues online. Therefore, you should ignore such emails.

Spam emails are popular among scammers who aim to get the victim to provide sensitive information, such as credentials and credit card details, or transfer money to them. For that, cybercriminals attach malicious files or links to websites designed to download malicious files. These can be ransomware, Trojans, and other malicious programs.

Fake Microsoft mail login page
A fake Microsoft email login page is visually similar to the real one, but its address is usually different.

How does a computer get infected?

The email itself, if left untouched, will not harm. The infection only occurs when recipients open (execute) a malicious attachment or open a file downloaded from a link the email contains. In most cases, such emails include a malicious Microsoft Office or PDF document, an executable (.exe) file, a JavaScript file, or an archive file such as ZIP or RAR. Usually, these emails are disguised as critical official messages from legitimate companies.

How Can I Tell If an Email from Microsoft Is Genuine?

Sometimes Microsoft email scams are so well-crafted that it’s hard to tell if the email is genuine or fake. For example, the sender’s name and the content of the email may appear natural, but if you look closely, you see a lot of red flags. Here are essential points to help spot fake Microsoft emails:

The sender’s address

To check the sender’s address, hover your mouse over the “from” field and see if it is legitimate. For example, when you receive an email from Microsoft, ensure that the email address has the domain @microsoft.com and not something suspicious like @m1crosoft.com, @microsfot.com, @account-security-noreply.com, etc. Mismatched email domains indicate that it is a fake email.

A link leading to a suspicious website

If the email contains a link, don’t rush to click on it. These links often lead to malicious or phishing sites. Instead, make sure it is secure. You can use many tools to ensure the security of a web page, e.g. VirusTotal service. However, the easiest one is to hover over the link and look below to see where it leads.

Suspicious link
When you hover your cursor over a link, its address is displayed at the bottom left

Urgent calls to action or threats

If the message you receive looks like a threat or tells you that your account will be shut down if you don’t do what you’re told, that’s a serious red flag. For example, cybercriminals often offer to update your version of Outlook, claiming that incoming emails will be stopped unless you install the update within 48 hours. This is probably a scam or phishing Microsoft email attempt. A sense of urgency is a common scam strategy.

Exclamation marks
The message is in the junk folder and contains exclamation marks.

Generic messages

If an email doesn’t address you by your first name but uses, for example, “Dear User,” “Dear @youremail.com,” or “Dear Dear Dear Customer”, this should make you suspicious. Usually, companies call you by your first name or nickname you used to register on the website. The absence of this information can signal a Microsoft email scam attempt.

Email attachments

Is this a phishing email from Microsoft? Often legitimate companies will ask you to log into their website and view or download any documents there. However, if you receive an email with an attachment, we do not recommend downloading it, much less opening it. You can, of course, download it and check it with an antivirus application. Unfortunately, infected email attachments are a common practice used by cybercriminals.

Grammatical and spelling mistakes

Beware of emails that contain grammatical and spelling errors. This is a clear sign of Microsoft scams. A company like Microsoft (or any severe organization) would never send an email containing mistakes. Also, Microsoft will never contact users by email to ask for more account information, send out emails about updates, or provide technical support. The company does not initiate communication. Users must initiate any contact with Microsoft. Refrain from trusting emails marked Microsoft that ask you to install the latest application updates. These are most likely phishing attempts. If you’ve noticed these signs, you’ve probably come across Microsoft account email scams.

Examples of Microsoft Email Scam

Failure of delivery emails

If you’ve tried sending an email to a full or non-existent mailbox, you’ve probably received a message that the email has not been delivered. Such an email is conventionally divided into two halves – the first contains details of the error, and the second contains the text of the email itself. For example, cybercriminals send a fake email that includes a “send again” button. When you click on the link, malware is downloaded to your computer.

Re-activation requests

Office 365 phishing attacks are successful because they are based on fear and reflexive reactions. Fake re-activation requests tell recipients that their accounts are deactivated. The user needs to follow an attached malicious link to re-activate their accounts. The link leads to a fake login website, where the victim’s credentials are sent to the cybercriminals.

Alert for hitting storage limits

This Microsoft phishing email is also supposedly sent from Microsoft. If you use a subscription service, you may believe you have reached your account’s storage limit. Fraudsters send fake emails telling you that the user must activate “Quota” to resolve storage problems. This is malware, as in the case of fake delivery error emails. Be careful to avoid stumbling upon signs of Microsoft hacking scams.

How to Report a Suspicious Email to Microsoft?

You can ignore or delete a fraudulent email, but being a decent Internet user, you can help fight this scam. To do so, you need to report a suspicious email to Microsoft. Please select the message, click Report message, and choose Phishing. If you are using the web-based version of Outlook, check the box next to the appropriate email address, select Junk, and then Phishing. Alternatively, you can create a new email and add junk@office365.microsoft.com or phish@office365.microsoft.com as recipients and drag and drop the spam email into the new message. Also, remember to add the sender’s address to the blocked list.

Microsoft Email Scam

The post Microsoft Email Scam appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/microsoft-email-scam/feed/ 0 12428
Water Curupira Hackers Spread PikaBot in Email Spam https://gridinsoft.com/blogs/water-curupira-spreads-pikabot-email-spam/ https://gridinsoft.com/blogs/water-curupira-spreads-pikabot-email-spam/#respond Thu, 11 Jan 2024 19:46:24 +0000 https://gridinsoft.com/blogs/?p=18967 Notorious group known as Water Curupira has unleashed a new wave of threats through their sophisticated malware, Pikabot. This menacing campaign, primarily spread through email spam, highlights an alarming escalation in cyber attacks. It targets unsuspecting victims with deceptive emails, leading to unauthorized access and potential data breaches. Water Curupira’s Email Spam Campaigns Water Curupira,… Continue reading Water Curupira Hackers Spread PikaBot in Email Spam

The post Water Curupira Hackers Spread PikaBot in Email Spam appeared first on Gridinsoft Blog.

]]>
Notorious group known as Water Curupira has unleashed a new wave of threats through their sophisticated malware, Pikabot. This menacing campaign, primarily spread through email spam, highlights an alarming escalation in cyber attacks. It targets unsuspecting victims with deceptive emails, leading to unauthorized access and potential data breaches.

Water Curupira’s Email Spam Campaigns

Water Curupira, one of the known operators behind Pikabot, have been instrumental in various campaigns. It primarily aims at deploying backdoors such as Cobalt Strike, that end up with Black Basta ransomware. Initially involved in DarkGate and IcedID spam campaigns, the group has since shifted its focus exclusively to Pikabot.

Pikabot’s Mechanism

Pikabot operates through two main components, a distinguishing feature that enhances its malicious capabilities. The loader and core module enable unauthorized remote access and execution of arbitrary commands through a connection with a command-and-control (C&C) server.

Pikabot’s Mechanism

Pikabot’s primary method of system infiltration involves spam emails containing archives or PDF attachments. These emails are skillfully designed to imitate legitimate communication threads. They utilize thread-hijacking techniques to increase the likelihood of recipients interacting with malicious links or attachments. The attachments, designed either as password-protected archives with an IMG file or as PDFs, are crafted to deploy the Pikabot payload.

System Impact

Once inside the target system, Pikabot demonstrates a complex and multi-layered infection process. It employs obfuscated JavaScript and a series of conditional execution commands, coupled with repeated attempts to download the payload from external sources. The core module of Pikabot is tasked with collecting detailed information about the system, encrypting this data, and transmitting it to a C&C server for potential use in further malicious activities.

Another layer of Pikabot mischievous actions is the ability to serve as a loader/dropper. Malware uses several classic techniques, such as DLL hookup and shellcode injection. Also, it is capable of straightforward executable file launching, which is suitable for certain attack cases. Among other threats, Pikabot is particularly known for spreading Cobalt Strike backdoor.

Recommendations

To protect yourself against threats like Pikabot, which is spread by Water Curupira through email spam, here are some key recommendations:

  • Always hover over links to see where they lead before clicking.
  • Be cautious of unfamiliar email addresses, mismatches in email and sender names, and spoofed company emails.
  • For emails claiming to be from legitimate companies, verify both the sender’s identity and the email content before interacting with any links or downloading attachments.
  • Keep your operating system and all software updated with the latest security patches.
  • Consistently backup important data to an external and secure location, ensuring that you can restore information in case of a cyber attack.
  • Educate yourself and your company. Keep up to date with the latest cyber news to stay ahead of the curve.

Water Curupira Hackers Spread PikaBot in Email Spam

The post Water Curupira Hackers Spread PikaBot in Email Spam appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/water-curupira-spreads-pikabot-email-spam/feed/ 0 18967