by titanadmin | Apr 11, 2017 | Email Scams, Industry News, Phishing & Email Spam, Spam News |
Yesterday, the U.S. Department of Justice announced that one of the leading email spammers has been arrested as part of an operation to disrupt and dismantle the infamous Kelihos botnet.
The Kelihos botnet is a network of tens of thousands of computers that are used to launch massive spamming campaigns comprising millions of emails. Those spam emails are used for a variety of nefarious purposes including the distribution of ransomware and malware. The botnet has been extensively used to spread fake antivirus software and spread credential-stealing malware.
Computers are added to the Kelihos botnet using malware. Once installed, Kelihos malware runs silently and users are unaware that their computers have been hijacked. The Kelihos botnet can be quickly weaponized and used for a variety of malicious purposes. The botnet has previously been used for spamming campaigns that artificially inflate stock prices, promote counterfeit drugs and recruit people to fraudulent work-at-home schemes.
Pyotr Levashov is believed to operate the botnet in addition to conducting a wide range of cybercriminal activities out of Russia. In what turned out to be an unwise move, Levashov left the relative safety of his home country and travelled to Barcelona, Spain on holiday. Levashov was arrested on Sunday, April 9 by Spanish authorities acting on a U.S. issued international arrest warrant.
Levashov is suspected of playing a role in the alleged Russian interference in the U.S. presidential election in 2016, although Levashov is best known for his spamming activities, click fraud and DDoS attacks.
Levashov, or Peter Severa as he is otherwise known, is heavily involved in distributing virus spamming software and is believed to have written numerous viruses and Trojans. Spamhaus lists Levashov in seventh place on the list of the 10 worst spammers.
Levashov is believed to have run multiple operations that connected virus developers with spamming networks, and is suspected of running the Kelihos botnet, the Waledac botnet – which was taken down in 2010 – and the Storm botnet. Levashov was indicted for his role in the latter in 2009, although he managed to avoid extradition to the United States. At the time, Storm was the biggest spamming botnet in operation and was used to send millions of emails every day. Levashov also moderates many spamming forums and is well known in underground circles. Levashov is believed to have been extensively involved in spamming and other cybercriminal activities for the past 20 years; although to date he has avoided prosecution.
A statement released by the U.S. Department of Justice reads, “The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks.”
The DOJ operation also involved the takedown of domains associated with the Kelihos botnet starting on April 8, 2017. The DOJ says shutting down those domains was “an extraordinary task.”
While it is certainly good news that such a high profile and prolific spammer has been arrested and the Kelihos botnet has been severely disrupted, other spammers are likely to soon take Levashov’s place. Vitali Kremez, director of research at Flashpoint said his firm had seen chatter on underground forums indicating other major spammers are responding to the news of the arrest by taking acting to secure their own operations. There may be a blip in email spam volume, but that blip is only likely to be temporary.
by titanadmin | Apr 7, 2017 | Email Scams, Spam News |
The importance of anti-phishing training for staff members has been highlighted this week following a major incident in Denver. A targeted Denver Public Schools phishing scam saw at least 30 members of staff divulge their usernames and passwords to scammers.
The Denver Public Schools phishing scam enabled attackers to gain access to accounts, which allowed information to be gained to access to the school district’s payroll system. The attackers changed the routing numbers for payments to employees and directed the payments to their own accounts. More than $40,000 that had been set aside to pay staff wages was stolen.
Staff members have now been paid and efforts are continuing to recover the stolen funds. At least 14 direct deposits were made and have not been recovered. The school district is hoping that the payments will be covered by an insurance policy. The incident has been reported to the Colorado Bureau of Investigation and the incident is being investigated to try to identify the individuals behind the scam.
The Denver Public Schools phishing scam was highly convincing; however, questions will be asked about how so many employees fell for the scam and disclosed their login credentials. The school district has confirmed that efforts were made to educate its employees on the risk of phishing prior to the attack taking place.
Denver Public Schools employs 13,991 members of staff. The response percentage was therefore very low, but it can only take one individual to respond to such a scam for serious financial harm to be caused.
A Bad Year for Phishing Attacks on Schools
Phishing attacks on schools are commonplace, but this year has seen attacks soar. For instance, in 2017, there have been 141 reported W-2 phishing scams, 33 of which affected schools, colleges and universities.
While phishing scams used to be fairly easy to detect, now they are becoming much more sophisticated. It is now not easy to tell a phishing email from a real email request. The attackers use spoofing techniques to make the emails appear as if they have been sent from within the organization. Genuine email accounts may even be compromised and used for phishing attacks. Last month, the Digital Citizens Alliance reported finding millions of .edu email addresses listed for sale on the dark web. Those email addresses are often used for phishing scams as they are trusted.
Phishing emails are often free from the spelling and grammatical errors that were commonly seen in spam emails in years gone by. The emails often contain lifted branding, images and formatting, which makes them highly convincing. The requests for information may also seem reasonable.
How to Prevent Phishing Attacks
Providing anti-phishing training for staff is now an essential cybersecurity defense; however, it is also important to ensure that training has had the desired effect and has been taken onboard. Schools should therefore conduct dummy phishing exercises to identify the effectiveness of their training programs. Research has shown that with practice, employees get much better at identifying phishing scams.
Technological solutions should also be implemented to prevent spam emails from reaching end users’ inboxes. Advanced anti-spam solutions such as SpamTitan do not rely on blacklists to identify emails as spam. Blacklists are used along with a host of front end controls and emails are subjected to Bayesian analyses to identify common spam signatures. Rules can be set to reduce the risk of email spoofing.
If you are interested in finding out more about the range of technological solutions that can be employed to reduce the risk of phishing attacks, contact the TitanHQ team today.
by titanadmin | Apr 6, 2017 | Email Scams, Phishing & Email Spam, Spam News |
A recent report from IBM X-Force has highlighted the massive growth in tax-related email spam this year. Between December 2016 and February 2017, tax-related email spam increased by an incredible 6,000%.
A rise in tax-related email spam is to be expected during tax season. It is the time of year when tax returns are submitted and criminals can make substantial profits. If tax information is stolen and a fraudulent tax return is submitted prior to the individual submitting their own return, thousands of dollars in refunds can be obtained. With such high returns from each set of tax information, it is no surprise that tax-related scams are so prevalent.
This year, has seen many different scams detected, although one of the most successful is the W-2 phishing scam. The scam involves a tax fraudster impersonating the CEO, CFO or another executive, and emailing a request for W-2 Forms to members of the payroll department.
As we have seen on numerous occasions this year, the emailed lists can contain thousands of employees’ sensitive information. Usually, every employee that has taxable earnings for the previous fiscal year. To date, there have been 141 reports of successful scams. The largest breach was reported by American Senior Communities. The tax information of more than 17,000 members of staff were emailed to scammers.
The IRS said it was one of the most dangerous email phishing scams seen in recent years. It’s too early to tell how much in fraudulent refunds have been paid out by the IRS, although last year the total was around $5.8 billion. This year that total is expected to rise.
W-2 form phishing scams may be the most common type of tax-related email scams seen this year, but there are many. Most are delivered by email, although website phishing attacks have also been highly prevalent.
Cybercriminals have been impersonating tax software companies and have been sending out fake marketing emails encouraging consumers to visit spoofed websites. They are then relieved of their personal information. Information gathered via the online forms enable fraudsters to steal identities and file fraudulent tax returns in the victims’ names.
Tax season is also a time when malware infections spike. Tax-related email spam is sent with malicious email attachments. Opening those attachments results in malware or ransomware being downloaded to the victims’ computers.
Cybercriminals use a wide variety of techniques to steal credentials. Social engineering techniques are used to fool email recipients into believing requests for information are genuine. Attackers use typosquating and URL hijacking to make their malicious websites appear legitimate. The phishing templates used by some cybercriminals are so convincing it is almost impossible to distinguish them from genuine emails. The correct branding is used, links are masked, and support is even offered for uploading tax-related documentation. In many cases, the emails contain the IRS logo and victims are fooled into supplying their credentials. The scams are often successful, even though the IRS does not initiate contact with taxpayers via email.
To protect against attacks and fraud, consumers can set an IRS IP PIN on their accounts. That pin number must be used to file a tax return. Provided the PIN is not disclosed, individuals will be protected from fraudulent tax filings.
Many Americans leave filing their tax returns to the last minute; however, this year the scammers started sending tax-related email spam early. The late filing of tax returns gives cybercriminals plenty of time to submit fake returns. Tax returns should be filed as soon as a W-2 Form is received to reduce the risk of becoming a victim of fraud.
Businesses can protect themselves against W-2 phishing scams by implementing an advanced spam filtering solution to block spam emails. However, staff should also receive anti-phishing training and policies should be implemented that require any request for W-2 Forms to be verified with the sender of the email by telephone.
Businesses are still being targeted by scammers so they should be on their guard. They should also ensure that they are prepared well in advance for the tsunami of tax-related email spam that will start to arrive from December 2017.
by titanadmin | Apr 5, 2017 | Email Scams, Phishing & Email Spam, Spam News |
The Inland Revenue Service has issued a new warning to tax professionals about a new IRS e-Services phishing scam.
With the tax return deadline fast approaching it is the last chance for the fraudsters to steal identities and file fraudulent tax returns. The past few days has seen a surge in phishing attacks on tax professionals.
The purpose of the IRS e-Services phishing scam is to obtain tax professionals’ e-Services usernames and passwords. The emails use a variety of subject lines that have been crafted to attract attention and ensure the emails are opened.
The emails claim to have been sent by the IRS about issues with the user’s e-Services account. The emails warn that the user’s e-Services account has been closed, suspended or blocked. In order to reactivate the account or prevent its closure, the email recipient is required to login to their account.
A link is supplied in the email that enables the recipient to take the required action. Clicking on the link will direct the user to a login page that closely resembles the IRS e-Services portal. Entering in a username and password into the login page will see the details captured by the attackers.
In response to the high volume of phishing attacks on tax professionals, the IRS has been improving account security in recent weeks. The IRS has been asking tax professionals to revalidate their accounts to prevent delays when accessing their e-Services accounts. The attackers appear to be taking advantage and piggybacking on those recent communications.
The IRS warns all tax professionals that if for any reason their e-Services account has been closed, they should contact the e-Services Help Desk to reactivate their account, but never to click on any links contained in emails. While links to malicious websites are used for this scam, users should also be wary about any attachments sent in e-Services emails.
This tax season has seen a major increase in tax-related email scams, most notably a massive rise in W-2 Form phishing scams. At least 140 successful W-2 Form phishing attacks have already been announced, although with two weeks left of tax season that figure is certain to rise. K12 schools, colleges and other higher education institutions have been extensively targeted this year, as has the healthcare industry. Some of the phishing scams have resulted in thousands of employees’ tax details being obtained by fraudsters.
The last few days before the April 18 deadline for submitting tax returns is likely to see many more phishing attacks performed. All businesses should therefore be on their guard and should exercise extreme caution.
