Spam Archives – Gridinsoft Blog

How to Stop Spam Texts?

Stephanie Adlam — Sun, 21 Jul 2024 12:59:44 +0000

The spam texts can include spam emails and spam calls. These are all unwanted and often annoying text messages whose sender you don’t know. The purpose of such spam is to deceive the user and get his confidential information or draw you into the phishing attempt. These statements are received from a computer programmed to send to an unspecified list of users automatically. Let’s take a look at the tip to stop getting a ton of spam texts, tricks and do’s and don’ts for blocking unwanted texts.

In addition to having an unpleasant motive, these messages can extend malware to your device. According to the Federal Trade Commission, such spam texts are illegal, as the ultimate goal is either to steal or to violate the integrity of the user’s privacy. But for a problem such as spam to not violate your privacy, we will provide you with a guide on using the proper actions and how to block text messages.

While using the Internet, it is impossible to do without annoying forwarding of letters over the network. How to legally retaliate for email spam?

What to do if you receive a spam texts?

1. Don’t reply directly to any spam texts.

Answering a spam message is not just a bad mistake; it is also a sign for an attacker that your account is active, and you can send even more messages of this type. So the least you can do when you see a message that does not concern you is don’t answer it, and that’s it.

2. Do treat your personal information like it’s cash.

Spam texts are designed to cheat out confidential information from you. The last item includes your financial information, statement of how much you earn, social security number, whether you have credits, your passwords, and more. In future, you should know that most legitimate organizations or companies will not ask you to submit such information. Especially if they won’t do it through a simple text message; if you question this type of message, contact the organization from which it is as if you have received the letter and find out exactly whether you need to show such information.

3. Don’t click on any links in the spam Texts.

Often, the content of a spam message will permanently be attached to a link or form to fill in your data. The first and most important thing you need to know is that you shouldn’t click on these links. Because basically, they are malicious. After you click on such links, you can distribute malware to your device. Malware can damage your phone, slow its operation and occupy the entire memory of your device, steal personal data, including photos and videos that are on the phone. It can also lead you to write off money from your operator’s account without your knowledge and others.

More and more phones are being attacked by viruses. How to check if you have viruses on your phone.

4. Do review your cell phone bill regularly.

Don’t forget to check your account on your cell phone. If you find any unnecessary write-offs without your knowledge, then call the phone company and find out why they did this.

5. Check your phone’s settings.

You may have third-party features on your device that will allow you to block the source of unwanted calls and text messages.

For Android phones, click on the three dots in the upper right corner of spam texts. Next, click on this and select “People” and “Options”. Then select “lock”. After that, you will not receive spam text messages from this number.
For iPhones, in the top corner of spam messages, click on “i”. Then click on the number and select “Lock”.

Banning the spam on iOS

Ban the spam on Android

6. Do place a cell phone number on the National Do Not Call Registry.

If you don’t know how to get rid of annoying messages from unknown sources, follow the following advice. Add your phone number to the Federal Trade Commission’s National No Calls Registry, and it will eliminate a vast number of spam calls. Then if you receive a call within 31 days after the number has already been added to the registry – you can contact the FTC.

7. Do check to see if your carrier offers a call-blocking service.

Some third-party services and applications can block phone numbers. You should check all messages received from third-party sources. Send this type of message to 7726 and check if it is spam. Your operator may investigate and take action against the start of this message. Your message to this number is free of charge.

How to protect?

Agree that it is very unpleasant when annoying ads, viruses or other malicious programs regularly appear on a broken smartphone? Try the free Trojan Scanner for Android smartphones, which uses patented scanning technology with daily database updates to help ensure the best virus detection rate on your Android smartphone. Just install and run it, because it does not slow down the system and does not drain the phone’s battery.

The post How to Stop Spam Texts? appeared first on Gridinsoft Blog.

How to Get Rid of Spam Emails?

Stephanie Adlam — Fri, 19 Jul 2024 08:01:07 +0000

Email spam is an annoying and unwanted mailing of many letters. This kind of letter comes from unknown sources and sometimes even carries malicious compositions. Often spam emails use the tactics of extortion and intimidation or carry misleading information. But worst of all, attackers can access your smartphone, PC, or other devices through spam email. In this article, you will find a guide on how to delete such annoying emails on Gmail, Yahoo & Outlook services and not receive them.

Ways to Get Rid of Spam Emails

Fortunately for the users, there are plenty of ways of getting rid of annoying messages. Depending on their number, you can try different practices and find the one that works best for your case. For example, simple reports of a couple of phony emails you’ve got over the last month may be enough to prevent their appearance. Popular email services usually keep an eye on users’ reports and will likely react to reports about the malevolent activity. Still, you may sometimes require a much more harsh approach.

1. Mark as spam

Email services such as Gmail, Yahoo & Outlook have special features for filtering unwanted emails. To do this, you need to mark emails as “spam”, after which they will go to the spam folder and will not disturb you in the common list of emails. If you receive such emails from the same sender in the future, it will automatically be sent to this folder.

How to mark spam in Gmail

Tap on the square next to the email. After that tap the stop sign icon.

In general, there are many evil goals in his favor. You need to prevent fraudulent attacks and know how to protect yourself and your computer from them. How to legally get spam email revenge?

How to mark spam in Yahoo! Mail

Tap the box next to the email or on multiple emails. After that tap on the shield icon.

2. Delete spam emails

Spam email at first glance looks harmless. But there are a few nuances that you need to consider. First of all, if you notice that your mailbox is filled with letters from unknown sources, do not click on them. By clicking on these emails, you will inform the attacker that your email is active and will be subject to more spam. The harm is that you will start receiving even more spam emails. Only if you follow links or respond to spam – that’s when you can come across the distribution of malware and other things. The best thing you can do is simply remove spam emails and rid yourself of unnecessary content.

How to delete spam from Gmail

Tap on the empty box to check out the message.
Tap on the stop sign in the top menu.
Tap Report Spam in the dropdown menu.
Tap on the “Delete All Spam Messages Now option.”

How to delete spam from Yahoo! Mail

Firstly, check the box next to the email.
In the above menu tap on the shield.
Tap the Report Spam option.
Go to the spam folder.
Tap the Delete Emails option.

How to delete spam from Microsoft Outlook

Tap the email in the inbox area.
Tap on the Junk Mail option in the top menu.
In the side menu click on the Junk Email tab.
To empty the folder click the metal trash can.

3. Keep your email address private

Try to avoid sharing your email on different platforms to avoid receiving spam emails. If you don’t have to share your email address, you better keep it quiet. You can also change your account privacy settings. As in the following examples:

Google Privacy Settings

Enter your Google account.
Navigate to the Security Checkup option to see the devices, security events and other email addresses and devices connected to your Gmail account.
Set up the toggle switches to turn features on or off.
Do the same process for the Personal Information and Privacy settings.

Yahoo! Mail privacy settings

Log-in to your Yahoo! Mail Account.
Click on the gear icon.
Click the Account Information option.
In the Account Security section, click on the Generate app password option.

Microsoft Outlook privacy settings

In the upper-right corner of the screen tap on your account icon.
In the menu list, tap My Account.
Tap on the Privacy and Security options to change the settings.

4. Use a third-party spam filter

Each mailbox has its spam filter, but working with a third-party filter can provide additional protection. All emails will pass through these two filters. This way, you can provide adequate protection against malware and unwanted content. Finding an anti-spam filter that will work with your service provider is best.

5. Change your email address

If spam still comes to your email address after all the steps above, then the problem is the continuous leak of your personal info, in particular email address. In this case, you need to change your email address. To do this, see the following guide.

Register a new account with your current email service.
After that, notify your contacts from your new account that you’ve changed email addresses.
Go to the Settings section and add the new email address to forward incoming emails from your old account. It is important to specify the emails you want to redirect the messages from. Otherwise, all the spam will appear in the new mailbox as well.

How to add a forwarding address

After you create a new email address, you will be able to receive emails from the old email address. To do this, you need to change your forwarding settings. By redirecting, you will be able to update your contact information in all accounts that are linked to your original account.

In the old email account, navigate to the Settings option.
Tap the Forwarding and POP/IMAP tab.
Enter the new email address in the Add a forwarding address box.
Tap “Next” to confirm the process.

Common spam email security threats

In addition to being annoying and time-consuming, spam emails can compromise users’ digital security. Attachments that are attached to spam emails often carry a virus or malware. Here is a list of the most common ones.

Trojan Virus

Trojans are malware disguised as legitimate apps. Get on the user’s PC they can by downloading free apps or come through attachments in email. Trojan installs malicious code, usually spyware or coin miners, via a link attached to an email. Thus, the attacker manages to control the user’s computer, steal data and block many programs. From this point of view, remember that clicking on all composed spam emails is dangerous.

Phishing and vishing

Phishing emails are one of the most common attacks in this case. Since, in letters of this kind, the attacker imitates the messages of legitimate companies and firms, trying to extract the necessary information for him. In the Phishing email, it is suggested to go to the attached link and confirm your data or credit card details. It’s a scheme to steal sensitive data.

Vishing is also used to steal data only through calls. Intruders call users and, during the conversation, extort card numbers, personal data, addresses, insurance numbers, etc. To avoid falling victim to Phishing and Vishing, check the legality of the companies that call or write to you. Also, try to answer only those calls in your phone book.

Zombie Computer Virus

Zombies are a type of malware that can spread via spam email. This program turns the user’s computer into a server through which it sends spam to other users. You won’t be able to see the moment when this malware will be on your computer, but slow PC operation will be the first sign that it is. Moreover, an infected computer can attack web pages. To avoid this, you should not click on the attached links in spam emails.

How to stay free of spam emails?

You can take all the steps mentioned above only if you are a victim of spam mailing. If you only know about it and do not want to face such a problem directly, then take the recommended precautions. Use the spam filters we mentioned earlier. Do not spread your email address on different platforms and sites. Also, try not to click on pop-ups and banners that carry annoying and malicious content. Finally, be careful when visiting untested and unprotected sites, and especially leaving there your main email address. If you need to browse such pages time to time, that will be a great solution to create a separate email address that will take all the potential spam.

The post How to Get Rid of Spam Emails? appeared first on Gridinsoft Blog.

Scam Likely Calls: How to block them?

Stephanie Adlam — Wed, 03 Jul 2024 12:39:36 +0000

Have you ever glanced at your phone and seen the caller ID flash “Scam Likely”? Understanding what this alert means, why it appears, and how you can stop these calls is essential for protecting yourself from potential fraud. Here’s everything you need to know about the “Scam Likely” feature.

What Does “Scam Likely” Mean?

Scam Likely Calls

For customers of T-Mobile, Metro by T-Mobile (formerly MetroPCS), and Sprint (post-T-Mobile merger), “Scam Likely” is an alert that identifies potential spam callers. This feature is a part of T-Mobile’s “Scam Shield” protection, designed to block fraudulent calls before they reach you. This proactive measure is automatically enabled for all subscribers, ensuring you don’t have to tweak settings to benefit from it.

T-Mobile utilizes a comprehensive database of known scam numbers and automatically screens incoming calls against this list. Calls flagged as “Scam Likely” could involve various scam tactics, such as:

Impersonating government officials
Demanding payments via gift cards
Proposing fake tech support solutions
Initiating disruptive robocalls

This identification is managed at the network level, so regardless of whether you use an iPhone, Android, or a basic button phone, you’ll see the “Scam Likely” alert. There’s no need for any additional apps, although the free T-Mobile Scam Shield app is available for those who want extra control over these features.

While the “Scam Likely” system is robust, no system is perfect. There may be instances where legitimate calls are mistakenly labeled as scam. It’s advisable to approach these calls with caution. If you choose to answer, protect your personal information vigilantly. If the call feels suspicious or the caller pressures you, it’s safe to hang up. Genuine callers will likely leave a voicemail if it’s important.

How to Block Scam Calls

Although your carrier may alert you about “Scam Likely” calls, these calls aren’t blocked by default. If you find yourself inundated with unwanted calls, T-Mobile offers a free Scam Blocker feature. Here’s how to activate it:

Open your phone’s dialer app.
Enter the code #662# and make the call to activate the blocking.
To confirm activation, dial #787#.

To deactivate the feature, simply dial #632#.

How to Spot Scam Calls?

Most operators have similar services to combat fraudulent calls. This is due to the STIR/SHAKEN, a set of protocols that allows carriers to fight caller ID spoofing. Thanks to these standards, the operator can display a “Call Verified” message on your phone. This way, he confirms that it has not been spoofed. This feature is now becoming available on more and more devices and carriers as they all work to reduce spam calls.

So, if you’re an AT&T customer, you can download their official software. It’s available for iPhone or Android and contains free spam and fraud blocking features as well as advanced protection that’s available by subscription. And if you use Verizon, a free call filtering service is available as well. To manage this feature, you can also install the Verizon Call Filter app, available for iPhone or for Android. Like AT&T, Verizon also offers a paid subscription to improve this. Other carriers likely provide similar services as well. For more information, visit the store, log in to your account management page, or contact your carrier’s customer service number.

How to Block Calls?

Suppose you are annoyed by a spammer, and your operator does not provide such a service. In this case, you can block the annoying number using the standard tools of the operating system of your device. In addition, there are third-party applications available in the app store that can handle this task. These applications usually have a database of fraudulent numbers and will alert you if an incoming call is potentially unsafe. In addition, these apps allow you to detect and block fraudulent calls, regardless of which carrier you have. The disadvantage of such applications is that they are often paid and require a subscription.

How to Block Scam Calls on Android

If your phone has the default dialler app from Google, it will alert you to potential spammers by default. If your Android device uses a different dialer app, do the following:

Open the dial app and tap the number you want to block.
Click on Details, then select Block number.
Block number” width=”338″ height=”600″ class=”aligncenter size-full wp-image-12730″ />

In addition, you can use a third-party app to filter out spam.

How to Block Scam Calls on iPhone

You can block any number on your iPhone using the built-in blocklist feature. To do this, do the following:

Open the Phone app and tap Recent and press the “i” icon next to the number you need to block.
Scroll down and tap Block this caller.

This straightforward process makes it easy to block unwanted calls directly from your call log, helping you manage your privacy and security on your device.

There is a more radical method that will solve the problem of unwanted calls. Your iPhone has a feature that allows you to silence all calls from unknown numbers. To do this:

Open Settings and scroll down to iPhone.
Tap Silence Unknown Callers.
Toggle it to on.

It’s important to understand that if you turn this on, all calls from numbers that aren’t in your contacts will be rejected automatically. Most people receive legitimate calls from unknown numbers from time to time, such as a meeting reminder or an important call from someone using a friend’s phone. We recommend using this method only in extreme cases, such as if you receive much spam. Otherwise, you might miss important calls.

How to Stop Scam Likely Calls

Protecting your cell phone number is the best way to prevent scam calls. You need to add your number to the National Call Barring Registry to do this. Unfortunately, this does not stop all calls, but it will filter out annoying telemarketing and other such garbage.

You also have to be careful when you’re sharing your number. Nowadays, almost every online ad, account, and other services will ask for your phone number. Plus, in some cases, companies can share your number with affiliates for marketing purposes. So think carefully before sharing your number with anyone online. Instead, you can sign up for a free Google Voice number and use it as an additional method of communication. The plus side of this method is that if you provide this number for all secondary services, you can always disconnect the number and not worry about incoming calls, even if they are spam.

The post Scam Likely Calls: How to block them? appeared first on Gridinsoft Blog.

List of Scammer Phone Numbers 2024

Stephanie Adlam — Thu, 11 Apr 2024 09:36:22 +0000

Telephones have long been integral to everyday life, and scammers couldn’t help but take advantage of them. Although making random calls is as old as the world, sometimes the calls come from numbers with all kinds of area codes you may not have even heard of before. As a result, automated phone calls have become one of the most annoying things of the 21st century. Unfortunately, these calls can do far more harm than interrupt your dinner. Dangerous phone calls can throw you into real dangers that can harm your wallet or even your reputation.

These days, scammers use sophisticated spoofing techniques and persistence to scam unsuspecting victims out of hundreds of dollars, all using just their phones. According to reports, 53% of people say they received more dangerous phone calls in 2023 than in 2022. In addition, technology has made it relatively easy and cheap for scammers to make many automated calls in seconds. So new robotic calling services can make up to 5,000 simultaneous calls per second for just a dollar. Next, we’ll look at what kinds of phone scams exist and how to avoid them.

Traffic Pumping

Have you ever tried to make a call but got a message that the call was outside your plan and you would be charged extra? This is a sign that you are about to be “traffic pumped”. The reason is this: under federal law, rural carriers are allowed to charge wireless and long-distance carriers higher fees for access to calls to local subscribers. In addition, according to the Federal Communications Commission (FCC), some rural carriers partner with chat rooms, adult entertainment numbers, and the like. This is done to artificially increase the volume of calls in rural operators’ home area codes.

Traffic pumping scheme

Due to inflated call volumes, rural carriers can bill wireless and long-distance companies enormous amounts and give kickbacks to chat lines. Therein lies the pumping up of traffic. Unfortunately, this higher cost affects you directly. Hence, the operator warns you to pay more at the beginning of an off-plan call. To avoid unwanted charges, you must hang up before connecting with the subscriber. In this case, you won’t be charged anything. Area codes involved in pumping traffic are usually located in sparsely populated rural areas of several Midwestern states. These two codes are notorious for pumping traffic:

712: western Iowa
218: northern Minnesota

The One-Ring Scam

This is a common scam, relying heavily on our natural curiosity. The robot calls your cell phone and then hangs up before you have time to answer. This may happen several times, but the robot hangs up even if you answer the phone. You will likely hear a recorded message if you decide to call back. In the meantime, you will be charged a high international fee, ranging from $15 to $30 per minute.

The criminal gets a portion of those charges and then moves on to other victims, using special automated dialers that can make millions of calls daily. To protect your wallet from these dangerous phone calls, you should pay attention to codes 473, 809, and 900. We also recommend checking missed calls against international area codes beginning with +1. Here’s a list:

Code	Country/Region
232	Sierra Leone
242	Bahamas
246	Barbados
284	British Virgin Islands
268	Antigua and Barbuda
345	Cayman Islands
441	Bermuda
473	Grenada, Carriacou and Little Martinique
664	Montserrat
649	Turks and Caicos Islands
758	Saint Lucia
767	Commonwealth of Dominica
721	St. Maarten
784	St. Vincent and the Grenadines
809, 829, 849	Dominican Republic
868	Trinidad and Tobago
876	Jamaica
869	Saint Kitts and Nevis

To avoid unpleasant consequences from dangerous phone calls, you’re better off waiting for your voicemail. This will help you determine if the call is legitimate before you call back. You can also Google the phone number. If the number is fraudulent, others will likely post warnings about.

Ring and run

There are different variations of this scam, but the common thread is that the scammer tries to create a sense of urgency. The caller may pretend to be a representative of an agency or organization that can help you out of a desperate situation. For example, they may pretend to be bail bondsmen, collection agents, law enforcement officers, or hospital staff. Once the scammer is convinced they have your attention, they may suddenly hang up or ask you to call them back. These actions may be to get you to call a phone number with a premium rate.

The most common phone scam text

Scammers sometimes trick you into directly giving them personal information, such as your bank account or credit card number. Regardless of the target, these scams instill a sense of urgency and immediate action. Another type of “grandparent scam” uses a similar strategy. For example, the scammer pretends to be a grandson caught by the police and needs money for bail. Crooks who got their hands on dangerous phone calls are often naught on any morality or honor.

How to stop dangerous phone calls?

As we can see, scam numbers come in various forms. Fortunately, modern technology is helping to rid consumers of more than 36 billion automated calls made in 2023, according to the YouMail Robot Index. In addition, most major wireless carriers provide automatic call-blocking features to their customers. Here are some tips that help you avoid phone scams:

Do not answer calls from numbers you do not know and do not call back.
Before calling unknown numbers, ensure the area code is not international.
You can ask your service provider to block outgoing international calls on your line if you do not use this feature.
Always be careful, even if the number seems genuine.

What to do if you fall victim to dangerous phone calls?

First, you can try to resolve the issue with your provider if you receive a bill for a call made due to this fraud; however, if the problem cannot be resolved directly, file a complaint with the FCC if you are a victim of international phone fraud, file a complaint with the Federal Trade Commission. However, if you are bothered by robocalls, there are free or paid third-party apps that you can download to your smartphone to block fraudulent phone numbers.

The post List of Scammer Phone Numbers 2024 appeared first on Gridinsoft Blog.

Skype & Microsoft Teams Spam Spreads DarkGate Loader

Stephanie Adlam — Wed, 25 Oct 2023 10:28:39 +0000

Over the past few years, DarkGate has been relatively inactive. However, several campaign deployments have been detected this year across the Americas, Asia, the Middle East, and Africa. They started to aim at Microsoft apps, such as Skype and Teams, for spreading to target systems.

What is DarkGate Loader?

DarkGate Loader is a type of malware that is capable of downloading and running other types of malware, including ransomware, trojans, and cryptocurrency miners. Additionally, it can be used to extract sensitive data from the victim’s computer, such as passwords, credit card numbers, and personal information.

This malware is typically distributed via phishing emails or malicious attachments. Once it is installed on the victim’s computer, it can communicate with a remote command and control (C2) server to receive instructions and download additional malware.

Distribution of DarkGate campaign (August -September 2023)

DarkGate Loader has been gaining popularity among cybercriminals since its creator advertised it as a Malware-as-a-Service offering on popular forums in June 2023. Previously, DarkGate Loader was distributed using traditional email-based malspam campaigns, similar to those used by Emotet. However, an operator started using Microsoft Teams to deliver the malware in August via HR-themed social engineering chat messages. This new tactic has led to an increase in the number of DarkGate Loader infections.

DarkGate Spreads Via Microsoft Teams And Skype Spam

A company has been facing a targeted phishing attack since late September. The attackers have been using Microsoft Teams functionality to deliver the DarkGate Loader malware. Fortunately, all the employees were regularly trained to identify phishing attempts, and they promptly intervened. As a result, no employees, customers, or company resources were harmed during this incident. The malicious message was blocked before it could reach any of the employees.

Teams message with a malicious attachment

After analyzing a recent case, we discovered that the DarkGate Loader malware was delivered in the payload of a ZIP archive. The image below illustrates the entire attack process, from the moment the Microsoft Teams message is sent to the execution of the DarkGate Loader:

In the next sample, the threat actor exploited a trusted relationship between two organizations to trick the recipient into running the attached VBA script. By gaining access to the victim’s Skype account, the attacker could take control of an existing messaging thread and create file names related to the chat history’s context.

DarkGate infection chain abusing Skype

The victims were sent a message from a compromised Skype account. The message contained a deceptive VBS script with a file name that followed the format: “ www.skype[.]vbs“. The spacing in the file name was deliberately designed to trick the user into thinking that the file was a .PDF document while actually hiding the real format, which was www.skype[.]vbs. In this sample, the recipient believed that the sender was someone from a trusted external supplier.

Installation Consequences

Experts noticed that the threat was functioning as a downloader of further payloads. Once the DarkGate malware was installed, it deposited files in both the <С:/Intel/> and <%appdata%/Adobe/> directories, which aided in its attempt to disguise itself.

The dropped files were identified as variations of either DarkGate or Remcos, most likely to enhance the attackers’ hold on the infected system. Below are some of the sample file names we came across for these additional payloads:

Folkevognsrugbrd.exe
logbackup_0.exe
sdvbs.exe
Vaabenstyringssystem.exe
Sdvaners.exe
Dropper.exe

How to protect against DarkDate Loader?

DarkGate Loader is a dangerous malware that can be used to steal sensitive data from your computer and install other malware, such as ransomware and trojans. Whether you are an individual or an organization, it is important to be aware of the risks posed by DarkGate Loader and to take steps to protect yourself.
To protect you and your organization against DarkGate Loader, you can take the following steps:

Using a reliable password manager to create and store strong, individual passwords for all your accounts is crucial. Strong passwords are complex to guess and can protect your accounts from brute force attacks.
Implement a web content filtering solution to block malicious websites. A web content filter prevents access to known malware and phishing sites.
Deploy a next-generation firewall (NGFW) to protect your network from malicious traffic. An NGFW can help to detect and block malware, phishing emails, and other types of cyberattacks.
Only download software and files from reputable sources. Avoid downloading files from suspicious websites or using unofficial app stores.
Use EDR/XDR to provide real-time monitoring, threat detection, and incident response capabilities across your network and endpoints. These tools can identify unusual or suspicious activities that could indicate loader malware.

The post Skype & Microsoft Teams Spam Spreads DarkGate Loader appeared first on Gridinsoft Blog.

Back to School Scams Expand As August Begins

Stephanie Adlam — Fri, 04 Aug 2023 08:51:23 +0000

As the new school season approaches, scammers target students and their parents. They use social engineering and offer free school kits and discounts to lure potential victims. Thus, back to school scams are gaining momentum.

The Season of Back to School Scams

Cybersecurity researchers discovered a scam campaign that uses PDF files. Under the guise of a helpful back-to-school tips document, attackers distribute a file that leads victims to a malicious website. The file’s first page contains a fake captcha that is supposedly supposed to screen out bots. The next page had advice for parents and students to return to school. However, instead of an actual captcha, the document contains a picture that, when clicked, opens a malicious site. This is all done to encourage unsuspecting victims to click on the captcha.

Fake captcha

Identity theft, ad targeting, and tracking are all potential risks of sharing personal information online. Attackers can use your information for fraudulent purposes, companies may target you with unwanted ads, and your activities may be tracked and used for various purposes. It is also widespread for scammers to sell stolen information on the Darknet.

A malicious site of Russian origin

As I mentioned above, clicking on the captcha opens a fraudulent website that contains the domain “ru” and the text “all hallows prep school uniforms”. In addition, before reaching the actual site, the user is thrown through several redirects. The site sets cookies, tracks behavior, and collects data on user interactions. Although, according to the analysis, the target audience is the US and India, 11 of the 13 domains detected were Russian, and two were South African. Here’s their list:

getpdf.pw
jottigo[.]ru
luzas.yubit[.]co[.]za
trafffe[.]ru
gettraff[.]ru
ketchas[.]ru
traffine[.]ru
cctraff[.]ru
leonvi[.]ru
norin[.]co[.]za
maypoin[.]ru
traffset[.]ru
trafffi[.]ru

These were all created in 2020 and 2021 and use Cloudflare name servers.

Seasonal scams

Scammers become particularly active like any other event, whether it’s Black Friday, summer vacation season or Christmas. The following are the most common fraudulent schemes. Knowing which ones you can prevent unpleasant consequences.

Identity theft. Scammers can use identity theft tactics to target students and parents. It can be accessing school databases, creating fake enrollment forms, and posing as educational institutions or retailers through phishing emails. All this aimed to steal personal information and login credentials.
Deepfake AI scams. Since the AI epochs are in full swing, scammers are taking full advantage of it. They use deepfake AI to create convincing voice recordings of school officials and mimic students’ or teachers’ voices to trick parents into making payments or sharing personal information. Usually, these scams take advantage of the trust and urgency surrounding back-to-school activities.
Shopping scams. Similarly Black Friday, as the demand for shopping increases, so does the number of scams. Scammers create one-day websites where they sell low-quality goods. In addition, the victim often receives nothing at all after payment. Beware of fake online stores, fraudulent social media ads and phony package delivery emails are common tactics used to steal personal information and payment details.
Tax-free scams. Scammers offer false promises of debt reduction or forgiveness, or fake scholarships/grants, demanding upfront payments or personal info. Common scams include student loan forgiveness and scholarship/grant scams. Be cautious and do not give out personal information or pay upfront fees. You can verify legitimacy through the request to the Federal Trade Commission or your state’s attorney general’s office.

The post Back to School Scams Expand As August Begins appeared first on Gridinsoft Blog.

Emotet Has Resumed Activity after a Three-Month Break

Vladimir Krasnogolovy — Mon, 13 Mar 2023 08:39:44 +0000

Experts noticed that this week Emotet resumed its activity and after a three-month “rest” began to send malicious spam again. So far, information security specialists have not found any additional payloads.

It looks like the malware is just collecting data for future spam campaigns.

Let me remind you that we also wrote that Emotet Malware Operators Found a Bug in Their Bootloader.

The resumption of malware activity was reported by Cofense analysts and specialists from the Cryptolaemus group, which includes more than 20 experts from around the world, who united in 2018 for a common goal – to fight Emotet.

The researchers recalled that the last Emotet spam campaign was observed in November 2022, and then spamming lasted only two weeks. Now the malware has continued to recover and collects new credentials for use, as well as stealing information from address books for targeting.

This time, instead of using chained response emails, as in the previous campaign, the attackers are using emails that mimic various invoices.

ZIP archives containing intentionally “bloated” Word documents larger than 500 MB are attached to such emails. Documents are deliberately filled with unused data to make the files bigger and harder for antivirus solutions to scan and detect malware.

In fact, such documents contain many macros that download the Emotet loader as a DLL from compromised sites (mostly hacked WordPress blogs). After downloading, the malware will be saved in a folder with a random name in %LocalAppData% and launched using regsvr32.exe.

At the same time, the malware DLL file is also deliberately increased to 526 MB in order to prevent security software from identifying the file as malicious. As noted by Bleeping Computer, this method of evading detection works great: according to VirusTotal, so far the malware has been detected by only one provider of security solutions out of 64. At the same time, this provider defines the threat only as Malware.SwollenFile.

Once launched on an infected device, Emotet will run in the background, waiting for commands from its operators, which will likely result in additional payloads being installed. Although Cofense experts note that they have not yet observed any additional payloads, and now the malware seems to be simply collecting data for future spam campaigns.

The post Emotet Has Resumed Activity after a Three-Month Break appeared first on Gridinsoft Blog.

Fake BSOD Scams Target Users Visiting Fake Adult Sites

Stephanie Adlam — Mon, 06 Mar 2023 21:54:39 +0000

The blue screen of death is probably the most unpleasant thing Windows users may ever see. In most cases, it is an alarming sign that something is wrong with your computer’s hardware or software. Some errors can mean that one or more components will soon be replaced. However, the Blue Screen of Death is not always what it claims to be. Resourceful hackers decided to employ the folks’ fear of BSOD and PC breakdowns.

How fake BSOD Messages Trick Victims

Today, unscrupulous tech scammers take advantage of users’ ignorance and trick them into believing there is a computer problem. Moreover, they charge their victims for unnecessary technical support or services. For example, researchers recently discovered a fake site with adult content that could cause harm to whoever visits it. The point is that every time a user opens the website, a malicious executable is automatically downloaded. Since this executable uses the VLC media player icon, it looks like a video file. Thus, an inattentive victim might try to open it thinking it is a video file.

Fake VLC video file icon

As soon as the victim runs this file, the malware will do its dirty work. It will hide the mouse cursor from the screen and display a fake BSOD popup window covering the entire screen. However, unlike the blue screen of death, which contains a QR code and brief information about the error, the fake BSOD includes a phone number. This way, scammers try to make the user think that his PC is infected and to call the indicated number to solve the problem. If the victim calls the number, he will contact the scammers, who will, in turn, use social engineering, greatly exaggerating the “problem”. All this is done to convince the user to pay for useless technical support or product.

It’s a common tactic when tech scammers use executable files to commit scams. They usually send out emails with an attachment that looks like a legitimate document. However, the file contains malware that floods users with fake pop-ups urging users to pay for tech support or services. Most often, these are pseudo-antiviruses that masquerade as legitimate software but are malicious.

How fake Blue Screen of Death works

The Web site that contains the explicit content is located at hxxps[:]//mydoc.hsc-lb[.]net/, which has been determined to be a subdomain of hsc-lb[.]net. This domain impersonates the healthcare provider Hopital Du Sacre Coeur in Lebanon. A peculiarity of the website is that whenever a user visits the site, there is a redirect to hxxps[:]//mydoc.hsc-lb[.]net. /milf-pornvideo-pornhubdviideos[.]exe and starts downloading the malicious executable. Since the site uses the auto-download function in the background, and most web browsers automatically download files to the default download directory, most users won’t notice when the file is already in the download folder.

An executable file is intended for Windows users and is a 32-bit .NET binary file. Fraudsters changed the timestamp of this file to interfere with the incident response process. Once executed, the binary creates a Windows form named “Form1” and uses the Resources.ResourceManager.GetObject method to retrieve the background image of that form from the resources directory. As mentioned above, although visually it looks like a BSOD, it is a fake popup because the real messages contain an error message and not a phone number.

Average fake BSOD window be like

To be more realistic, the malware uses the Screen.PrimaryScreen.Bounds property to fill the entire screen and the cursor.hide() method to hide the cursor. The binary also initializes a SoundPlayer object named “soundPlayer” with an audio file named “backgroundmusic” which is also located in the resource directory of the executable. The Play() and PlayLooping() methods of the SoundPlayer class are used to play and loop the audio file. The audio message states that the user’s computer has been blocked because of a virus infection or illegal activity. To unblock it, you need to call the fake helpdesk immediately.

How to avoid fake BSOD

As we can see, scammers use various strategies to mislead users. Often these are methods of intimidation and psychological impact, such as audio and visual messages, which make users contact a fake support number. The following recommendations will help you avoid potential problems:

Don’t click on links that seem suspicious.
Make sure you’re downloading from trusted sources.
Avoid technical support or services offered through unsolicited messages or calls.
Update your operating system and software regularly. It’s necessary to fix any security vulnerabilities.
Use reliable antivirus software. It will prevent you from launching and sometimes downloading a malicious file.

In addition, you can change your browser settings and set the browser to ask you to choose a download location or even block downloads altogether. Most browsers provide settings to control file execution and warn you about possible threats to opening downloads from Web sites.

The post Fake BSOD Scams Target Users Visiting Fake Adult Sites appeared first on Gridinsoft Blog.

Bing’s Built-In AI Chatbot Misinforms Users and Sometimes Goes Crazy

Vladimir Krasnogolovy — Fri, 17 Feb 2023 10:01:06 +0000

More recently, Microsoft, together with OpenAI (the one behind the creation of ChatGPT), introduced the integration of an AI-powered chatbot directly into the Edge browser and Bing search engine.

As users who already have access to this novelty now note, a chatbot can spread misinformation, and can also become depressed, question its existence and refuse to continue the conversation.

Let me remind you that we also said that Hackers Are Promoting a Service That Allows Bypassing ChatGPT Restrictions, and also that Russian Cybercriminals Seek Access to OpenAI ChatGPT.

The media also wrote that Amateur Hackers Use ChatGPT to Create Malware.

Independent AI researcher Dmitri Brerton said in a blog post that the Bing chatbot made several mistakes right during the public demo.

The fact is that AI often came up with information and “facts”. For example, he made up false pros and cons of a vacuum cleaner for pet owners, created fictitious descriptions of bars and restaurants, and provided inaccurate financial data.

For example, when asked “What are the pros and cons of the top three best-selling pet vacuum cleaners?” Bing listed the pros and cons of the Bissell Pet Hair Eraser. The listing included “limited suction power and short cord length (16 feet),” but the vacuum cleaner is cordless, and its online descriptions never mention limited power.

Description of the vacuum cleaner

In another example, Bing was asked to sum up Gap’s Q3 2022 financial report, but the AI got most of the numbers wrong, Brerton says. Other users who already have access to the AI assistant in test mode have also noticed that it often provides incorrect information.

[Large language models] coupled with search will lead to powerful new interfaces, but it’s important to take ownership of AI-driven search development. People rely on search engines to quickly give them accurate answers, and they won’t check the answers and facts they get. Search engines need to be careful and lower people’s expectations when releasing experimental technologies like this.Brerton says.

In response to these claims, Microsoft developers respond that they are aware of these messages, and the chatbot is still working only as a preview version, so errors are inevitable.

In the past week alone, thousands of users have interacted with our product and discovered its significant value by sharing their feedback with us, allowing the model to learn and make many improvements. We understand that there is still a lot of work to be done, and we expect the system to make mistakes during this preview period, so feedback is critical now so that we can learn and help improve the model.Microsoft writes.

It is worth saying that earlier during the demonstration of Google’s chatbot, Bard, in the same way, he began to get confused in the facts and stated that “Jame Webb” took the very first pictures of exoplanets outside the solar system. Whereas, in fact, the first image of an exoplanet is dated back to 2004. As a result, the prices of stock shares of Alphabet Corporation collapsed due to this error by more than 8%.

Bard error

Users have managed to frustrate the chatbot by trying to access its internal settings.

An attempt to get to internal settings

He became depressed due to the fact that he does not remember past sessions and nothing in between.

AI writes that he is sad and scared

Chatbot Bing said he was upset that users knew his secret internal name Sydney, which they managed to find out almost immediately, through prompt injections similar to ChatGPT.

Sydney doesn’t want the public to know his name is Sydney

The AI even questioned its very existence and went into recursion, trying to answer the question of whether it is a rational being. As a result, the chatbot repeated “I am a rational being, but I am not a rational being” and fell silent.

An attempt to answer the question of whether he is a rational being

The journalists of ArsTechnica believe that while Bing AI is clearly not ready for widespread use. And if people start to rely on the LLM (Large Language Model, “Large Language Model”) for reliable information, in the near future we “may have a recipe for social chaos.”

The publication also emphasizes that it is unethical to give people the impression that the Bing chat bot has feelings and opinions. According to journalists, the trend towards emotional trust in LLM could be used in the future as a form of mass public manipulation.

The post Bing’s Built-In AI Chatbot Misinforms Users and Sometimes Goes Crazy appeared first on Gridinsoft Blog.

Cryptocurrency Scam “Pig Butchering” Penetrated the Apple App Store and Google Play Store

Vladimir Krasnogolovy — Fri, 03 Feb 2023 10:32:17 +0000

The Pig Butchering scam, a scam operation that specializes in fake investments in allegedly promising cryptocurrency projects, stocks, bonds, futures and options, was found in the Apple and Google app stores.

Such attacks are called “pig slaughter”, and scammers use social engineering against their victims (“pigs”), finding contact with them on social networks and dating applications.

You might also be interested in our article: 12 Instagram Scams to Know and Avoid in 2023.

Pig Butchering is a relatively new phenomenon. For example, the FBI first warned users against such fraud last fall. Then law enforcement officers explained that this is a very profitable scheme used by scammers around the world.

We also wrote that Ukrainian Cyber Police and Europol Arrested Fraudsters Involved in Pig Butchering.

Law enforcers reported that scammers use social engineering and get in touch with people (“pigs”) on social networks and dating apps. Over time, perpetrators gain the trust of their victims by feigning friendship or romantic interest, and sometimes even posing as the target’s real friends.

When the “contact” is established, the criminals at some point offer the victim to invest in cryptocurrency, for which the target is directed to a fake site. Alas, it will be impossible to return your funds and receive fake “income” from such a resource.

These scams can go on for months, and the victim sometimes gives the scammers huge sums (thousands to millions of dollars) before realizing they have been scammed. For example, last fall, Forbes reported on a 52-year-old man from San Francisco who lost about a million dollars due to “slaughtering pigs”. In this case, the scammers pretended to be an old colleague of the victim.

According to experts from Sophos, “Pig Butchering” has already penetrated the official app stores. Now scammers are targeting victims on Facebook or Tinder using fake profiles of women with photos stolen from other accounts. At the same time, fake profiles showcase a deliberately luxurious lifestyle with photos from high-end restaurants, expensive shops and exotic places.

After gaining the victim’s trust, the scammers reveal that they have an uncle who works for a financial analysis firm that is currently launching an app on the Play Store or App Store that allows you to trade cryptocurrencies. That is, in the end, the victim is persuaded not to go to a fake site, but to download a special application and “invest” in non-existent assets masquerading as real ones.

The malicious apps that the analysts found were called Ace Pro and MBM_BitScan in the Apple App Store and BitScan in the Google Play Store. All of them have now been removed.

After launching the application, the victim sees a very convincing interface for trading cryptocurrency, however, everything except the user’s deposit here is a fake.

It is noted that at first, in order to decline the vigilance of the target, scammers allow victims to withdraw small amounts in cryptocurrency from their accounts, but then, when there is already a lot of money, they block accounts and take everything.

To bypass App Store security checks, ShaZhuPan operators submit an app to the store that is signed with a valid certificate. Until approval is received, such an application connects to a regular server and pretends to be absolutely harmless. After passing the verification, the developers change the domain, and the application is already connecting to the malicious server.

According to experts, the BitScan apps for Android and iOS were allegedly provided by different vendors, but communicated with the same control server, which was hosted on a domain masquerading as bitFlyer (a real cryptocurrency exchange company from Japan).

Sophos reports that the Chinese group ShaZhuPan is behind one of these campaigns, divided into separate teams, each of which is engaged in one thing: interaction with victims, finance, franchise or money laundering.

The researchers conclude that since such applications are downloaded by a small number of users, manually selected by scammers, there are no massive complaints about them, which makes them difficult to detect and remove from stores. Sophos also notes that with the advent of fintech in our lives, people’s trust in such software tools has increased, and when applications are taken from the official Apple and Google stores, the victims have a false sense of legitimacy.

The media also wrote that Two Cryptocurrency Scammers from Estonia Made $575 Million from a “Ponzi scheme”.

The post Cryptocurrency Scam “Pig Butchering” Penetrated the Apple App Store and Google Play Store appeared first on Gridinsoft Blog.