Tag: Phishing

  • Beware of Steam Phishing Scam: Protect Your Login Credentials

    Beware of Steam Phishing Scam: Protect Your Login Credentials

    Phishing scams are on the rise. A new threat has emerged on Steam, where fake playtest invitations are being used to deceive users into giving away their login details. Reddit discussions are highlighting a case about a supposed playtest for Mafia: The Old Country, although the game involved might change with each phishing attempt. These invitations contain links that look like official Steam URLs but actually lead to fake sites asking users to log in, which results in stealing their credentials. Here is an example of a fake playtest invite below:

    Previous Phishing Attacks

    Phishing scams have also targeted other platforms, such as Facebook, Netflix, and PayPal. For example, Netflix users have received fraudulent emails that ask for billing information, directing them to fake websites. Additionally, during the pandemic, delivery scams impersonating companies like FedEx saw a significant increase, particularly due to the surge in online shopping at that time.

    Tips for Staying Safe

    To protect themselves, users should always check URLs to ensure they correspond to official domains like store.steampowered.com. It’s important to note that Steam will alert you when a URL attempts to open an external browser page. Using tools such as VirusTotal or URLScan can help verify links safely. Enabling two-factor authentication is also crucial. In the Reddit comments, Steam users have been urging Valve to take action by flagging harmful links and enhancing awareness through notifications across the platform. Community members have stressed the need to report suspicious links to help safeguard others.

    The Evolving Threat

    As phishing schemes keep changing, they will not only focus on gaming platforms but also target everyday online services. Being vigilant, examining links closely, and maintaining good digital practices are key to staying secure on the internet.

    Source:
    Link


     

  • Cybercriminals Target U-Haul Employees to Access Customer Data

    Cybercriminals Target U-Haul Employees to Access Customer Data

    Hackers have been taking advantage of U-Haul employee accounts to gather customer data for doxing, cyberattacks, and possible violence, as reported by 404 Media. A hacking group called “The Com” has been using phishing techniques to replicate U-Haul’s point-of-sale (POS) login pages, which allows them to access sensitive customer information like names, addresses, phone numbers, and billing data.

    Potential Risks of Stolen Information

    This sensitive information can lead to more attacks, such as social engineering tactics aimed at compromising online accounts or targeting individuals for harm. The Com mainly operates on platforms such as Telegram and Discord and has a history of engaging in SIM swapping, cryptocurrency theft, and corporate hacking.

    Tools Used for Hacking

    One phishing tool known as Suite, created by a hacker named Pontifex, helps in gathering U-Haul account credentials, as well as for services like Gmail and Coinbase. The hacked login information is frequently shared in Telegram channels that focus on fraud. Pontifex mentioned, “U-Haul has lots of information, it can be used for all sorts of stuff,” adding that the stolen data could also help in accessing email accounts from major ISPs like Comcast.

    Past Breaches and Current Silence

    This situation is not unprecedented; U-Haul has faced multiple attacks over the years. In 2022, hackers gained access to internal tools to fish customer contracts, and in 2024, attackers reportedly used valid credentials to breach dealer systems and view reservations and records.

    Despite several attempts to get a response, U-Haul has not commented on these matters, according to 404 Media. Such incidents are important reminders that any business can be a target for cybercriminals looking to steal personal information.

    Source: Link

  • iPhones More Vulnerable to Specific Cyberattacks Than Androids

    iPhones More Vulnerable to Specific Cyberattacks Than Androids

    As the cybersecurity firm Lookout Incorporated has identified, there is a growing trend of hackers trying to capture login information. They are using phishing techniques and harmful applications to achieve this. It is suggested that both companies and individual users should ensure their operating systems are regularly updated.

    Apple’s Security Reputation at Risk

    Apple devices have long been seen as secure and easy to manage. Because of these benefits, many businesses and some government agencies prefer Apple products. However, Lookout Incorporated’s findings indicate that this perception could change soon. Their latest Mobile Threat Report reveals that during the first three quarters of 2024, 19% of Apple devices employed in corporate environments were targeted by phishing attacks.

    Understanding Phishing Threats

    Phishing refers to a type of cybercrime where attackers try to appropriate money, sensitive information, or place malware on a target’s device. Such attacks often come disguised as authentic messages or alerts from trusted sources, like a business or a friend.

    Rising Risks for Android Users

    In the same period, 10.9% of Android smartphones experienced phishing attacks. The Mobile Threat Report also uncovered a concerning 17% rise in credential theft and phishing aimed at businesses since the last quarter, along with a staggering 32% increase in the identification of malicious apps. This information was collected from an analysis of over 220 million devices, 360 million applications, and billions of web resources.

    A significant issue lies in the use of outdated operating systems that do not receive the latest security updates, leaving them with exploitable vulnerabilities. In some instances, users neglect to enable device locks, which adds another layer of risk.

    Accountability of Tech Companies

    Lookout also points fingers at technology firms. There can be long delays between when vulnerabilities are identified and when they are resolved, providing potential attackers with opportunities to infiltrate devices. Thus, businesses are urged to apply updates as soon as they are released.

    In conclusion, optimal protection can only be achieved when IT systems are kept current and fortified with extensive security measures.

    Source: Link

  • AI Phishing Scams Target Corporate Executives

    AI Phishing Scams Target Corporate Executives

    According to the Financial Times, as reported by Gadgets360, there’s been a notable rise in phishing attacks that utilize AI technology to make them seem more human-like and slip past security measures.

    Targeting Corporate Executives

    These attacks primarily target high-level executives at companies such as eBay and the insurance provider Beazley. The fake emails are crafted with personal details about the employees, making them more appealing to open and click on.

    Understanding Phishing

    Phishing refers to deceptive emails or messages that aim to fool individuals into clicking on harmful links or downloading malware. A well-known instance of phishing is the Nigerian Prince scam, which claimed to offer a large financial reward in exchange for help.

    The Complexity of AI Attacks

    In contrast, these AI-driven phishing attempts appear more sophisticated. They seem to be built on extensive data regarding employees, which is gathered from social media and various other platforms, making them persuasive enough to bypass standard security systems.

    According to Check Point, Microsoft has been the most frequently impersonated brand in phishing activities, constituting 38% of all brand phishing attempts in the first quarter of 2024. Following Microsoft, Google and LinkedIn each accounted for 11% of the phishing attempts.

    Source: Link