Tech support scams from India has recently been found to play with new tricks – scammers send phishing emails to Apple users, if users access them to fake Apple sites, and then call the Apple Care customer service phone.
Because it is difficult for ordinary users to understand the complexity of phishing and the format of web pages, it is easy to mistakenly believe that their devices have been “locked for illegal activity.” After the victim clicks to complete the call, the scammer will follow to get money.
In recent years, due to the rise of the mobile Internet and smartphones, technical support scam have begun to focus on the mobile field. Because many people’s lives are closely linked to mobile devices, these goals have become “new grease.”
Jeremy Richards, a threat intelligence researcher at mobile security service provider Lookout, said:
“People are just more distracted when they’re using their mobile device and trust it more.”
Email addresses associated with Apple’s iCloud service are vulnerable to this type of phishing scam. The security researcher tried to dial the Apple “security service” prompting on the page, and the person answering the call claimed to be “Lance Roger from Apple Care.”
According to the routine script, the user will receive a message with a headline horror, such as “[username], Critical alert for your account ID 7458” It tries to imitate the official format, but the discerning person will always find something unnatural.
For example, this fraudulent email may warn that your login attempt for your account (email address) has been blocked and someone has just tried to log in to your profile with your password.
However, after clicking the ‘Check Activity’ button below, it will be redirected to a fraudulent website in somewhere in India. This page uses JavaScript to obfuscate the code and redirect the victim to another website. The site then jumps to applesecurityrisks.xyz again – a fake Apple Care support page.
Even worse, it uses the ‘tel’ event to activate dialing. When the user clicks, they try to initiate a FaceTime call on the iOS device.
The animated dialog on the screen will urge the victim to confirm the call after all their devices have been “locked for illegal activity.” But in fact, the website script will determine the user’s device type through the browser’s UA:
“window.defaultText=’Your |%model%| has been locked due to detected illegal activity! Immediately call Apple Support to unlock it!’;”
Fortunately, security researchers have passed the technical details of the phishing scam site to Apple security team members. Although the malicious site is still active, both Google and Apple have marked it as a phishing site.
Source, Image: arstechnica
What is Phishing?
Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims.
Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than trying to break through a computer's defenses.
How phishing works
Phishing attacks typically rely on social networking techniques applied to email or other electronic communication methods, including direct messages sent over social networks, SMS text messages and other instant messaging modes.
Phishers may use social engineering and other public sources of information, including social networks like LinkedIn, Facebook and Twitter, to gather background information about the victim's personal and work history, his interests, and his activities.
Pre-phishing attack reconnaissance can uncover names, job titles and email addresses of potential victims, as well as information about their colleagues and the names of key employees in their organizations. This information can then be used to craft a believable email. Targeted attacks, including those carried out by advanced persistent threat (APT) groups, typically begin with a phishing email containing a malicious link or attachment.
Although many phishing emails are poorly written and clearly fake, cybercriminal groups increasingly use the same techniques professional marketers use to identify the most effective types of messages -- the phishing hooks that get the highest open or click-through rate and the Facebook posts that generate the most likes. Phishing campaigns are often built around major events, holidays and anniversaries, or take advantage of breaking news stories, both true and fictitious.
Typically, a victim receives a message that appears to have been sent by a known contact or organization. The attack is carried out either through a malicious file attachment that contains phishing software, or through links connecting to malicious websites. In either case, the objective is to install malware on the user's device or direct the victim to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.
Successful phishing messages, usually represented as being from a well-known company, are difficult to distinguish from authentic messages: a phishing email can include corporate logos and other identifying graphics and data collected from the company being misrepresented. Malicious links within phishing messages are usually also designed to make it appear as though they go to the spoofed organization. The use of subdomains and misspelled URLs (typosquatting) are common tricks, as is the use of other link manipulation techniques.
Types of phishing
As defenders continue to educate their users in phishing defense and deploy anti-phishing strategies, cybercriminals continue to hone their skills at existing phishing attacks and roll out new types of phishing scams. Some of the more common types of phishing attacks include the following:
Spear phishing attacks are directed at specific individuals or companies, usually using information specific to the victim that has been gathered to more successfully represent the message as being authentic. Spear phishing emails might include references to coworkers or executives at the victim's organization, as well as the use of the victim's name, location or other personal information.
Whaling attacks are a type of spear phishing attack that specifically targets senior executives within an organization, often with the objective of stealing large sums. Those preparing a spear phishing campaign research their victims in detail to create a more genuine message, as using information relevant or specific to a target increases the chances of the attack being successful.
Pharming is a type of phishing that depends on DNS cache poisoning to redirect users from a legitimate site to a fraudulent one, and tricking users into using their login credentials to attempt to log in to the fraudulent site.
Voice phishing, also known as vishing, is a form of phishing that occurs over voice communications media, including voice over IP (VoIP) or POTS (plain old telephone service). A typical vishing scam uses speech synthesis software to leave voicemails purporting to notify the victim of suspicious activity in a bank or credit account, and solicits the victim to respond to a malicious phone number to verify his identity -- thus compromising the victim's account credentials.
Another mobile device-oriented phishing attack, SMS phishing -- also sometimes called SMishing or SMShing -- uses text messaging to convince victims to disclose account credentials or to install malware.
How to prevent phishing
Phishing defense begins with educating users to identify phishing messages, but there are other tactics that can cut down on successful attacks.
A gateway email filter can trap many mass-targeted phishing emails and reduce the number of phishing emails that reach users' inboxes.
Enterprise mail servers should make use of at least one email authentication standard to verify that inbound email is verified. These include the Sender Policy Framework (SPF) protocol, which can help reduce unsolicited email (spam); the DomainKeys Identified Mail (DKIM) protocol, which enables users to block all messages except for those that have been cryptographically signed; and the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol, which specifies that both SPF and DKIM be in use for inbound email, and which also provides a framework for using those protocols to block unsolicited email -- including phishing email -- more effectively.
A web security gateway can also provide another layer of defense by preventing users from reaching the target of a malicious link. They work by checking requested URLs against a constantly updated database of sites suspected of distributing malware.
There are several resources on the internet that provide help in combating phishing. The Anti-Phishing Working Group Inc. and the federal government's OnGuardOnline.gov website both provide advice on how to spot, avoid and report phishing attacks. Interactive security awareness training aids, such as Wombat Security Technologies' Anti-Phishing Training Suite or PhishMe, can help teach employees how to avoid phishing traps, while sites like FraudWatch International and MillerSmiles publish the latest phishing email subject lines that are circulating the internet.
How phishing got its name
The history of the term phishing is not entirely clear.
One common explanation for the term is that phishing is a homophone of fishing, and is so named because phishing scams use lures to catch unsuspecting victims, or fish.
Another explanation for the origin of phishing comes from a string -- <>< -- which is often found in AOL chat logs because those characters were a common HTML tag found in chat transcripts. Because it occurred so frequently in those logs, AOL admins could not productively search for it as a marker of potentially improper activity. Black hat hackers, the story goes, would replace any reference to illegal activity -- including credit card or account credentials theft -- with the string, which eventually gave the activity its name because the characters appear to be a simple rendering of a fish.
Hello, Viewers We offer timely analysis and in-person experiences that form the basis of our professional articles. Our editorial section is a reflection of the emerging technology trends. Our tagline “Fresh News of Technology and More” tries to address the same diversity. 
No comments:
Post a Comment