Rss

Archives for : RANSOM WARE SCAMS

This Android ransomware threatens to expose your browsing history to all your contacts

This Android ransomware threatens to expose your browsing history to all your contacts

download-now-threat-screen-image-www-scamsfakes-com

A form of Android ransomware which threatens to send the victim’s private information and web history to all of their contacts has been discovered in the official Google Play app store.

Uncovered by researchers at McAfee, LeakerLocker doesn’t actually encrypt the victims’ files, but instead claims to have made a backup of data stored on the device and threatens to share it with all of the user’s phone and email contacts.

Those behind the malware demand $50 in exchange for not leaking personal data including photos, Facebook messages, web history, emails, location history and more, playing on fears of potential embarrassment rather than any form of cryptography.

Two applications in the Google Play Store contained the malware, Wallpapers Blur HD, which has been downloaded between 5,000 and 10,000 times, and Booster & Cleaner Pro, which has been downloaded between 1,000 and 5,000 times.

The combined number of downloads means that up to 15,000 people have fallen victim to this ransomware, which has been in the Google Play Store since at least April. Both apps have good review scores, suggesting that those behind the scheme have been giving them fake reviews.

Once downloaded, LeakerLocker asks for vast swathes of permissions, including the ability to manage calls, read and send messages, and have access to contacts — overreaching for the apps the malware is claiming to be — before communicating with a receiver, initiating the malicious activity and locking the homescreen of the device with the extortion threat.

leakerlocker-ransomware-screen-pic-image-www-scamsfakes-com

LeakerLocker attempts to extort victims into paying a ransom by threatening to release their personal data.

Image: McAfee

It’s true that the malware can gain access to private information — thanks to its victims granting permissions at installation time — but not all the private data LeakerLocker claims to have access to can be seen or leaked.

However, analysis of the code shows it’s capable of at least accessing an email address, some contact information, Chrome browser history, text messages and calls, and photos from the camera.

Snippets of this data are chosen at random to convince the victim that all their data has been copied — although at this point the information hasn’t actually been copied, but it could happen if the control server issues relevant instructions.

This basic form of ransomware demands the ransom via credit card, although researchers advise infected victims not to pay because there’s is no guarantee that the information will be released or not used to blackmail victims again.

McAfee researchers have reported LeakerLocker to Google, which says it’s “investigating” — and it appears that the two apps including the malware have been removed from the Google Play store.

It’s far from the first time malware has infiltrated Android’s official app marketplace and is indicative of Google’s continuing battle against cybercriminals sneaking malware into the store.

yunkl

Henry Sapiecha

Losses from reported Australian hacking victims quadrupled in 2016: ACCC

skull-crossbones-numbers-red-image-www-scamsfakes-com

The Australian Competition and Consumer Commission (ACCC) has reported a four-fold increase in hacking scams, with AU$2.9 million lost to such activity in 2016, up from AU$700,000 in 2015.

According to Targeting scams: Report of the ACCC on scams activity 2016, businesses bore the brunt of these scams, with over half — AU$1.7 million — being attributed to businesses.

“While the digital economy presents many opportunities and efficiencies for businesses, it also presents significant risks,” ACCC deputy chair Delia Rickard says in the report’s foreword.

“Scams targeting businesses are becoming increasingly sophisticated using modern technology to make fake emails, invoices and websites appear legitimate to even the astute business person.”

While the digital age is hitting businesses in Australia, the report [PDF] highlights that consumers are also being affected by scammers, with digitisation providing the opportunity for scammers to try new tricks.

Online scams — those executed via the internet, email, social networks, and mobile apps — outnumbered phone-based scams in 2016, with an increase of 130 percent over 2015.

Elsewhere in the report, losses to online scams accounted for 58 percent — AU$48.4 million — of total losses, while social media was a particularly busy platform used by scammers to lure victims, netting losses of AU$9.5 million in 2016 compared with AU$3.8 million in 2015.

Of the social media scams, the most prevalent were related to online dating and sextortion, a form of blackmail in which compromising images of the victim are used to extort money.

Business scams top $3.8 million: ACCC

Jason King wasn’t surprised to get an email from the chairman of Launceston Church Grammar School’s board asking him to process a payment to Hong Kong that day.

The school sometimes has cause to make payments to Hong Kong for the school’s accountant, so there was no immediate concern.

michael-schaper-deputy-chairman-of-the-accc-says-small-businesses-are-a-far-more-attractive-target-for-scammers-than-the-general-public-image-www-scamsfakes-com

“It had [the chairman’s] name and an email address that looked reasonable,” Mr King says. “They were asking for a payment of $121,780. That was the red flag as we don’t ever pay that much to Hong Kong.”

Mr King called the chairman who knew nothing at all about the payment and hadn’t sent the email.

launceston-church-grammar-school-was-almost-scammed-image-www-scamsfakes-com

Scams on the rise

It was a close call for the school and data released by the Australian Competition and Consumer Commission on Friday shows scams suffered by businesses are on the rise.

Nearly 6000 businesses reported being targeted by scams in 2016, according to the watchdog’s Targeting Scams report. Losses totalled about $3.8 million, an increase of almost 31 per cent.

The highest losses were to computer hacking, fake investment schemes and buying and selling scams, according to reports to Scamwatch over the past year.

Small businesses with fewer than 20 staff are in particular the most vulnerable and accounted for nearly 60 per cent of reported losses.

Lack of reporting

ACCC deputy chairman Michael Schaper says the $3.8 million in reported scams is “really the tip of the iceberg”.

“We already know it’s a well established phenomenon that most of the people who contact Scamwatch haven’t actually lost money, only 10 per cent have,” he says. “We know that small businesses are much more reluctant to report losses. There are two reasons, one is the time and energy and the second one is that a lot of small business think that if they report a scam their insurance premiums are going to be threatened.”

Mr Schaper says while small businesses are less likely than the general public to report a scam, small businesses are also a far more attractive target than the general public.

“It’s easier to find them; those [businesses] trading online have a website presence and you can work out who to target,” he says. “Secondly, we know small businesses don’t have good record keeping systems in many cases and their software is often very basic so they are ripe pickings.”

We know small businesses don’t have good record keeping systems in many cases and their software is often very basic so they are ripe pickings.

Michael Schaper

Mr Schaper says recent events with the WannaCry ransomware scam show businesses can be just as vulnerable to scams as anyone else in the community.

There are “steep increases” in scammers contacting businesses, according to the ACCC.

What to look out for

The top three scams identified by Scamwatch against businesses are:

  1. Ransomware. These scams trick a victim into downloading a virus that infects computer systems and prevents user access until payment is made to unlock it. In 2016, reports indicate that there was an increase in ransomware emails to businesses, purportedly from legitimate companies such as Australia Post or a utility provider.
  2. Business email compromise scams. These are a form of hacking scam that operate by the scammer obtaining access to a business’ email address. The scammer will then send an email (purportedly from senior management) to the business’ suppliers advising of new payment arrangements and requesting a wire transfer to the new account.
  3. Investment scams. These scams are promoted as business opportunities (for example sports investment or stock broker scams, superannuation schemes or managed funds) and promise inflated returns but are, in reality, nothing more than a method used to drain a business of its funds.

Mr Schaper says 85 per cent of scammers make contact with businesses via email or phone so it is important to be wary. He says small businesses can help protect themselves by backing up data.

“Backing up your data and keeping it offline or backing it up to the cloud is the single most important thing you can do to protect yourself from that threat,” he says. “If you pay a false bill by and large it won’t be the death knell of your business but if you lose all the information about your clients you could lose your business overnight.”

www.intelagencies.com

www.crimefiles.net

jfg7ouig6

Henry Sapiecha

Thousands targeted by ‘ransomware’ email scam which copies AGL Energy Bills

A destructive scam email that infects computers and holds them hostage has successfully targeted at least 10,000 Australians since it was detected this week, a cybersecurity analyst says.

The email, purporting to be from energy company AGL, sends a fake bill and prompts the recipient to click on a link to download a copy.

agl energy fake web page image www.scamsfakes.com

The fake AGL webpage that prompts users to download malware. 

It then saves a .zip file on the computer which, when extracted, locks the machine down using malware known as “ransomware”. The recipient is prompted to pay $US640 ($A880) to unlock it.

Raymond Schippers ​, a senior analyst at global cybersecurity firm Check Point, said once the file has downloaded ransomware such as Torrentlocker or Cryptolocker – sometimes spelled with 0 in place of o – the only way to get rid of it is to restore from a backup or to wipe the computer and start over again.

fake AGL invoice, containing a link to a virus image www.scamsfakes.com

A fake AGL invoice, containing a link to a virus, which is being sent to Australians. 

The fake AGL email has successfully infiltrated companies across Australia. It aims to get users to install the file at their work, where it could then cause widespread damage by gaining access to legitimate corporate emails which could be used to send the scam on.

“It’s across pretty much all kinds of sectors, from other utilities to education to finance, mining and resources, so it’s widespread throughout Australia,” said Mr Schippers, who has worked in online security for 10 years.

He said an analysis of the malware website by Check Point found at least 10,000 people had actually gone to the end of the download process, and were “very likely to have been infected”, while “many more” could have been affected.

The website used URLs such as “checkyourbills.com” or “electricitybill.com” and would look legitimate to “most users”, he said.

ransom screen seen by those who download the infected .zip file image www.scamafakes.com

However, there were several things that could tip off AGL customers that the email is fake.

When a recipient attempts to open it on their phone or on a Mac computer, it gives an error message and says to use a Windows computer, and the .zip file type is also suspicious.

“Realistically, if you open it on your iPhone and it says ‘this doesn’t work on an iPhone’, it probably isn’t a real website,” Mr Schippers said. “All the websites from all Australian utilities work on phones these days.

“The .zip file is another indication that it’s not usually a bill either. They usually don’t send bills as .zip files, they’ll send them as .pdf or something similar.”

Energy company AGL has acknowledged the scam, which it says “contains malicious malware that has potential to access personal information”.

In a statement, AGL said it had reported the scam to the Australian Federal Police, the government’s Scamwatch website, and to the Australian Competition and Consumer Commission.

The company said any customers who think they have received the email should delete it immediately, run antivirus software and add the sender to their junk email list.

“The scam email presents as an e-Account and asks readers to click on a link,” the statement said. “AGL advises it will never send an email asking for personal banking or financial details.

“Anyone receiving a suspicious email should delete it immediately or, if opened, not click on any links within the email. Anyone with concerns relating to this scam email should call AGL on 131 245 or contact Scamwatch on 1300 795 995.”

Even if the ransom is paid the malware will continue to monitor the computer, Mr Schippers said, recording keystrokes and mouse movements.

He said Australians accounted for 25 per cent of victims of malicious email attacks around the world, because “quite a number” of people continue to click on them and may have the cash to pay up.

“Australia seems to be very vulnerable to these kind of attacks,” Mr Schippers said. “It just relies on peoples’ nature to want to click on things and open things, so I would really just implore people to take a second to think about it before clicking on it.”

********

What to do if you’re infected:

  • check if your computer has any back-ups
  • consult with an IT professional and seek advice on what can be recovered
  • restore computer from back-ups or wipe it back to factory settings

f4y

Henry Sapiecha

RANSOM WARE SCAMS ONLINE

malware_1043-screen-pic image www.scamsfakes.com

Malware scammers will upload a video to social media, or offer “free” music, movies, torrents, or adult content – often via a pop up window.

When you attempt to watch the video, you’re asked to download a particular codec or program to access the format, infecting your computer with malicious code that steals your information and sends it to a third party.

Likewise, ransomware is a form of malware that locks your computer or files and demands payment be made in the digital currency ‘bitcoin’ to receive the virtual key for their release.

The latest scams include a phoney subpoena from the AFP asking you to download your case files, or appear to be a shipment confirmation from Australia Post, to collect a parcel.

In short:

  • Never open attachments from strangers, or click through links on social media that require you to log onto another site to view. Look for reputable news services, rather than unknown web links.
  • Be wary of free downloads that may install snooping programs without you knowing. Remember if the product is free, you’re what’s being sold.

    Remember that paying the ransom is still no guarantee that your computer will be unlocked, so it’s a good idea to always back up your files, in the unfortunate event you can no longer access them.

  • And finally, make sure your computer anti-virus and anti-spyware software is up to date.

    If you notice your computer is sluggy, you get lots of pop-up windows that are hard to close, or your browser looks different, disconnect from the Internet and talk to the pros.

Now if you’ll excuse me, I’m off to reverse Google image search some photos!

ADULT STORE

Henry Sapiecha