News

The phishing attack uses infostealer malware to target saved passwords, credit cards & Bitcoin info

Manufacturing firm Orion revealed it has lost $60m in a business email compromise (BEC) scam, which targeted a non-executive employee

CVE-2024-38173 is a medium severity RCE flaw in Microsoft Outlook, similar to CVE-2024-30103

Sophos discovers the threat actors behind RansomHub ransomware using EDRKillShifter in attacks

270 IT/cybersecurity leaders share their ransomware experiences from the last year.

The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for

Deepfakes of Prince William and the UK Prime Minister are pushing investment scams on Facebook and Instagram.

Uncovered by Fenimore Harper Communications, a media research organization, the deepfakes take the form of ads that lead to a phony cryptocurrency platform.[i] According to Fenimore Harper, the equivalent of $27,000 U.S. dollars has been spent on these ads and they have reached more than 890,000 people.

In all, scammers fueled the ads with 14 different currencies as diverse as Columbian Pesos, Thai Bahm, Uruguayan Peso, Bangladeshi Taka, and United Arab Emirates Dirham.

In one of the ads, a fake Prime Minister Sir Keir Starmer announces a “national invest platform,” and “to make money on this official platform, all you need is a phone or computer.” Another ad claims that 45 individuals have been specially selected to earn “life-changing money” through a mysterious project.

Another ad features a fake Prince William saying, “I am pleased to announce that I, Prince William, and the entire royal family fully support Prime Minister Keir Starmer’s initiative and his new platform.”

Fenimore Harper says that some of the ads are still running. The organization said that it identified these ads using Meta’s own AI model, Llama 3.1 70B.

Prince William and UK Prime Minister deepfakes lead to a phony investment site

Fenimore Harper’s report then found that some of the ads directed people to a bogus cryptocurrency platform called “Immediate Edge.”

Once on the site, people were asked to provide basic contact info, followed by encouragement to make investments.

Fenimore Cooper found several negative reviews for the platform on Trustpilot, “mostly from victims complaining they lost their money or were hounded by scammers over the phone.”

Many of the links to the bogus platform appear to be dead now, even as some ads still appear to circulate.

As reported by The Independent, a spokesperson for Meta said, “Our systems detected and removed the vast majority of these adverts before this report was published. As part of our ads review process—which can include both automated and human reviews — we have several layers of analysis and detection, both before and after an ad goes live. It is against our policies to run ads that improperly use images of public or political figures for deceptive purposes, and we remove these ads when detected.”[ii]

A sophisticated scam hides behind low-quality deepfakes

A fake ad featuring Prime Minister Sir Keir Starmer in Fenimore Harper’s report shows that the deepfakes are low-grade. In their example, the scammers use previously aired footage of the Prime Minister dubbed over with AI voice-cloned audio. As in the case of many cheaper deepfakes, the lip-synching matches poorly.

With that, this scam echoes the Taylor Swift cookware deepfake scam we reported on earlier this year. It also used poorly dubbed AI voice-cloned audio atop clips of previously aired footage.

However, despite the low-quality deepfake, this scam sets itself apart with the way the scammers manipulated Google search results. Given that many people use search to research potential investments, the scammers made sure to give themselves favorable reviews.

According to Fenimore Harper, the scammers used SEO-hacking techniques so that the scammers could “place their own copy in Google’s ‘featured snippets’ … [making the] top result a glowing endorsement for the scam.”

Fenimore Harper says that the scammers further duped Google’s AI overview feature, which summarizes search results. In their example, people must scroll through several results that contain disinformation before they get to a credible source for reviews.

In all, it appears the scammers put extra thought and care into their scam. They did more than bank on a deepfake and a bogus site to lure in victims. They anticipated the next move for many victims, which was to hop on a search engine and see if the opportunity was legit.

Protecting yourself from online investment scams

Scammers have increasingly turned to AI deepfakes of celebrities and other public figures to push their scams. What’s new here is that we have a prime minister and a member of the royal family falling victim to a deepfake as part of the scam.

However, you can steer clear of online investment scams like these, whether they use AI deepfakes or not. Consider the following as apparent “opportunities” crop up online:

Go with a pro.

Working with an accredited financial adviser is always a sound step with any investment you choose to make, as is only investing funds you can afford to lose if the investment falls through.

Watch out for new, untried platforms.

Steer clear of investments that ask you to contribute money directly from one of your own accounts rather than via a reliable, verified platform.

Seek trusted research sources.

As we saw above, the top results in a search might not be the most credible source of info. When researching financial opportunities, look for established, trustworthy sources of review. Consult several sources as well.

Be wary of celebrity and pop culture tie-ins.

Regard any investment based on a pop culture reference like movies, memes, and shows with a highly critical eye. The same goes for public figures. It might very well be a scam built around buzz rather than a legitimate investment, such as it was with the Squid Game cryptocurrency scam we saw in 2021 and the more recent AI deepfake scams featuring a fake Elon Musk promoting bogus investments.

Use online protection software.

AI-powered online protection like you’ll find in our McAfee+ plans sniffs out links to suspicious sites that promote scams and contain malware. Scams like these take you to shady corners of the internet, and our protection will warn you before you tap or click — and block those sites if you tap or click by mistake.

[i] https://www.fenimoreharper.com/research/starmer-disinformation-meta-deepfakes

[ii] https://www.independent.co.uk/news/uk/home-news/starmer-prince-william-ai-deepfake-crypto-scam-b2595554.html

 

The post Deepfakes of Prince William Lure Social Media Users into an Investment Scam appeared first on McAfee Blog.

News of a major data breach that could affect nearly three billion people comes to light from a somewhat unusual source — a class-action complaint filed in Florida.

Even as details come to light, we advise people to act as if this is indeed a large and significant breach.

The National Public Data (NPD) breach

First, the details. The filed complaint concerns National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”

The complaint alleges that NPD was hit by a data breach in or around April 2024. [i] The complaint filed in the U.S. District Court further alleges:

• The company had sensitive info breached, such as full names; current and past addresses spanning at least the last three decades; Social Security numbers; info about parents, siblings, and other relatives (including some who have been deceased for nearly 20 years); and other personal info.
• The company “scraped” this info from non-public sources. This info was collected without the consent of the person who filed the complaint and the billions of others who might qualify to join in the class action complaint.
• The company “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.”

How did the NPD breach come to light?

Typically, companies self-report these breaches, thanks to regulations and legislation that require them to report them in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.

In this case, it appears that no notices were sent to potential victims. Further, we were unable to find any filings with state attorney generals.

As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)

Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web.[ii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.

From an online protection standpoint, this alleged breach could contain highly sensitive info that, if true, would put three billion people at risk of identity theft. The mere possibility of breached Social Security numbers alone makes it something worth acting on.

How to protect yourself against data breaches

This breach shows the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Either way, we’re often in the dark until we get hit with a case of identity theft ourselves.

Indeed, word of an attack that affects you might take some time to reach you. With that, a mix of measures offer the strongest protection from data breaches.

To fully cover yourself, we suggest the following:

Check your credit, consider a security freeze, and get ID theft protection.

With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:

• Credit monitoring keeps an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
• Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.
• ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​ This way, you can cover losses and repair your credit and identity with a licensed recovery expert.

Monitor your identity and transactions.

Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.​

Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.

Keep an eye out for phishing attacks.

With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.

If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.

For even more security, you can use our new Text Scam Detector. It puts a stop to scams before you click by detecting any suspicious links and sending you an alert. And if you accidentally tap a bad link, it blocks the sketchy sites they can take you to.

Update your passwords and use two-factor authentication.

Changing your password is a strong preventative measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.

Remove your personal info from data broker sites.

According to the filed complaint, National Public Data “scrapes” personal info from non-public sources. Further, the home page of the website mentions that it gathers info “from various public record databases, court records, state and national databases, and other repositories nationwide.” While we can’t confirm this ourselves, we can cautiously call out that these sources might include data broker sites.

While any damage here has already been done, we recommend removing your personal info from these data broker sites. This can prevent further exposure in the event of future breaches elsewhere. Our Personal Data Cleanup can do this work for you. It scans data broker sites and shows you which ones sell your personal info. From there, it shows how you can remove your data. And our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.

[i]https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS

[ii] https://www.theregister.com/2024/06/03/usdod_data_dump/

 

The post Data Breach Exposes 3 Billion Personal Information Records appeared first on McAfee Blog.

With a buzz, your phone lets you know you got a text. You take a peek. It’s from the U.S. Postal Service with a message about your package. Or is it? You might be looking at a smishing scam.

“Smishing” takes its form from two terms: SMS messaging and phishing. Effectively, smishing is a phishing attack on your phone. Scammers love these attacks year-round, and particularly so during holiday shopping rushes. The fact remains that we ship plenty of packages plenty often, and scammers use that to their advantage.

Smishing attacks try to slip into the other legitimate messages you get about shipments. The idea is that you might have a couple on the way and might mistake the smishing attack for a proper message. Scammers make them look and sound legit, posing as the U.S. Postal Service or other carriers like UPS, DHL, and FedEx.

Let’s dive into the details of this scheme and what you can do to protect yourself from SMS phishing.

Special delivery: suspicious text messages

To pull off these attacks, scammers send out text messages from random numbers saying that a delivery has an urgent transit issue. When a victim taps on the link in the text, it takes them to a form page that asks them to fill in their personal and financial info to “verify their purchase delivery.” With the form completed, the scammer can then exploit that info for financial gain.

However, scammers also use this phishing scheme to infect people’s devices with malware. For example, some users received links claiming to provide access to a supposed postal shipment. Instead, they were led to a domain that did nothing but infect their browser or phone with malware. Regardless of what route the hacker takes, these scams leave the user in a situation that compromises their smartphone and personal data.

You don’t have to fall for delivery scams

While delivery alerts are a convenient way to track packages, it’s important to familiarize yourself with the signs of smishing scams. Doing so will help you safeguard your online security without sacrificing the convenience of your smartphone. To do just that, take these straightforward steps.

Go directly to the source.

Be skeptical of text messages from companies with peculiar requests or info that seems too good to be true. Be even more skeptical if the link looks different from what you’d expect from that sender — like a shortened link or a kit-bashed name like “fed-ex-delivery dot-com.” Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check on your delivery status or contact customer service.

Enable the feature on your mobile device that blocks certain texts.

Many spammers send texts from an internet service to hide their identities. You can combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device. Head to “Settings,” tap on “Spam protection,” and then enable it. On iPhones, head to “Settings” > “Messages” and flip the switch next to “Filter Unknown Senders.”

One caveat, though. This can block legitimate messages just as easily. Say you’re getting your car serviced. If you don’t have the shop’s number stored on your phone, their updates on your repair progress will get blocked as well.

Block smishing texts with AI.

Our new AI-powered Text Scam Detector puts up a great defense. It automatically detects scams by scanning URLs in your text messages. If you accidentally tap? Don’t worry, it can block risky sites if you tap on a suspicious link in texts, emails, social media, and more.

Protect your privacy and identity all around.

While McAfee+ plans include Scam Protection, our plans offer strong protection for your identity, privacy, and finances. All the things those smishers are after. It includes credit and identity monitoring, social privacy management, and a VPN, plus several transaction monitoring features. Together, they spot scams and give you the tools to stop them dead in their tracks.

And if the unfortunate happens, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.

The post How Not to Fall for Smishing Scams appeared first on McAfee Blog.

The UK’s National Cyber Security Centre wants to test the effectiveness of cyber-deception tactics