iTunes
Deezer
Apple Podcasts
Stitcher
SoundCloud
Episode 51: March 27 2023
Links
https://blog.avast.com/shein-instagram-scam
https://cyberscoop.com/breachforums-arrest-cybercrime-underground/
Instagram scam uses fake SHEIN gift cards as lure
- Old Scam
- Based off a tried-and-true method
- Avast Researchers
- targeting Instagram users from various countries including the UK, Australia, France, Spain, and Poland
- Scam
- comment from a random account on a user’s post
- congratulates the victim saying they’re one of the 2023 lucky ones selected to receive a SHEIN gift card.
- offers the user a link to their Instagram profile, and at the end, they mention a long list of Instagram users that will be notified about the mention to be lured as victims to this scam.
- The scammers Instagram has a link to use for the giftcard
- Victim is given 3 questions and timer.
- No matter how the answer their answered are checked
- The victim is presented with nine closed boxes to choose from.
- it doesn’t matter which ones are chosen.
- the first one will always be a failure.
- second one will always be a winner
- the victim is asked for a small amount of money:
- After entering their personal details
- the victim is asked for their credit card details
- The goal here is to hide the real Terms and Conditions.
- The victim is expecting a gift card valued in several hundreds of euros or dollars.
- It seems that they have to pay a small amount of money to receive it, but what’s really happening is that they’re subscribing to a service
- In Australia, for example, the victim is charged AUD $2 plus AUD $69 every two weeks.
- In France, the amount charged is €2 plus €33 every two weeks. For some countries, the money that will be charged isn’t even disclosed. And of course, none of them will receive the gift card.
- it doesn’t matter which ones are chosen.
- comment from a random account on a user’s post
Linus Tech Tips Hacked
- Linus
- a Canadian YouTuber.
- Linus Tech Tips
- TechLinked
- Techquickie
- Creating and hosting YouTube channels
- Most known for Linus Tech Tips (LTT).
- channels have a combined subscriber base of over 26 million.
- a Canadian YouTuber.
- Attack
- bypassed things like password and two-factor protections
- targeted the session tokens
- that keep you logged in to websites.
- Malware
- Linus Media Group’s team member downloaded a PDF
- “what appeared to be a sponsorship offer from a potential partner”
- included malware
- accessed “all user data from both their installed browsers”
- including session tokens
- Access without needing to enter security credentials.
- Damage
- Over a decade of videos were deleted
- streamed two videos featuring Elon Musk talking about cryptocurrency
- One is named “OpenAI ChatGPT-4: The Game-Changing AI Technology”
- Stream went down after around 35 minutes of broadcasting.
- other is called “LinusTechTips & Elon Musk Special Crypto Giveaway”.
- Taken down after around 20 minutes of broadcasting.
- both livestreams appear to be identical
- In the chat, a link to a presumably malicious “Crypto Giveaway” is present.
- Appears to be a phishing attempt
- get cryptocurrency wallet details
- Appears to be a phishing attempt
- In the chat, a link to a presumably malicious “Crypto Giveaway” is present.
- One is named “OpenAI ChatGPT-4: The Game-Changing AI Technology”
- accessed “all user data from both their installed browsers”
- Linus Media Group’s team member downloaded a PDF
Another one bites the dust
- Breach Forums
- Taken down
- History
- Darkweb
- March 16, 2022 came online
- Replaced RaidForums that was taken down a month prior
- First post was a simple “Welcome”
- administered by “pompompurin”
- hosted Hacked Data of 1 billions globally
- according to FBI
- 7 million robinhood customers
- 23 TB of Shanghai National Police Data
- 60,000 records from DC Health Link Insurance Exchange
- Congress
- Breached was initially met with “skepticism from the cybercrime underground,” but “persisted and became the largest English-speaking data broker forum anywhere across the deep or darkweb.”
- News
- FBI arrested a 20-year-old named Conor Fitzpatrick
- Admitted to being Pompompurin
- Claimed to earn $1,000/day selling information
- Peekskill, New York
- accused of just one crime: conspiracy to commit access device fraud.
- appeared in a federal court in New York on March 16 and was released on a $300,000 bond
- If he’s convicted he faces a maximum penalty of five years in prison
- FBI and the U.S. Department of Health and Human Services Office of Inspector general
- conducted a disruption operation that caused BreachForums to go offline.
- FallOut
- hackers looking to sell data have to find a new venue
- may need to rebuild reputation
- Researchers who track illicit activity by cross-referencing posts and monikers across sites will have to find new ways in, too.
- BreachForums team build new, or a whole new forum and even some temporarily looking to Telegram channels already popping up
- hackers looking to sell data have to find a new venue
- FBI arrested a 20-year-old named Conor Fitzpatrick
Fake IRS tax email delivers Emotet malware
- MalwareBytes
- Director of Threat Intelligence, Jerome Segura
- W-9 Email Danger
- form you fill in to confirm certain personal details with the IRS. Name, address, and Tax Identification Number
- used as a lure for people to download emotet malware
- “IRS Tax Forms W-9” which appears to have been sent from “IRS Online Center”. The email, which contains an attachment
- Let me know if you would like a hard copy mailed as well.
Respectifully [SIC]Barbara LaCosta
Inspector
Department of Treasure - Attachment W-9 Forms.zip
- 709KB in size
- Opened contains W-9 form.doc
- 548 MB size
- Opened will display
- This document is protected
Previewing is not available for protected documents. You have to press “enable editing” and “enable content” buttons to preview this document.
- This document is protected
- Macros run then Emotet is installed.
- Let me know if you would like a hard copy mailed as well.